From 91076a694982e8ba334423f8f1be175f574ce945 Mon Sep 17 00:00:00 2001
From: sushichan044 <mail@sushichan.live>
Date: Mon, 10 Mar 2025 14:21:53 +0900
Subject: [PATCH] fix: set secure headers

---
 app/entry.server.tsx | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/entry.server.tsx b/app/entry.server.tsx
index 489b8ff..b75df7b 100644
--- a/app/entry.server.tsx
+++ b/app/entry.server.tsx
@@ -15,5 +15,15 @@ export default async function handleRequest(
     routerContext,
     loadContext,
   );
+
+  response.headers.set(
+    "Strict-Transport-Security",
+    "max-age=63072000; includeSubDomains; preload",
+  );
+  response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
+  response.headers.set("X-Content-Type-Options", "nosniff");
+  response.headers.set("X-Frame-Options", "DENY");
+  response.headers.set("X-Permitted-Cross-Domain-Policies", "none");
+
   return response;
 }