From da02e23eee2216a601602dfb68deecca5b529dde Mon Sep 17 00:00:00 2001
From: Jennifer Echenim <echenimjennifer@gmail.com>
Date: Wed, 20 Mar 2024 16:26:36 +0400
Subject: [PATCH] Add security headers

---
 tools/walletextension/frontend/src/components/head-seo.tsx | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/walletextension/frontend/src/components/head-seo.tsx b/tools/walletextension/frontend/src/components/head-seo.tsx
index b8fc555880..26a475374a 100644
--- a/tools/walletextension/frontend/src/components/head-seo.tsx
+++ b/tools/walletextension/frontend/src/components/head-seo.tsx
@@ -24,6 +24,11 @@ const HeadSeo = ({
         // @ts-ignore
         signature="_vd3udx2g2hfn9zclob5cat43b94q7fyk"
       ></meta>
+      {/* SECURITY: to prevent the page from being loaded in an iFrame */}
+      <meta http-equiv="X-Frame-Options" content="deny"></meta>
+      {/* to indicate the browser shouldn't interpret the response as something other than the specified content type */}
+      <meta http-equiv="X-Content-Type-Options" content="nosniff"></meta>
+      {/* The Content-Security-Policy header is used to prevent a wide range of attacks, including Cross-Site Scripting (XSS) and other cross-site injections. */}
       {/* twitter metadata */}
       <meta name="twitter:card" content="summary_large_image" />
       <meta name="twitter:site" content={siteMetadata.twitterHandle} />