From 21d5fa10925344fd7b873fdb3cdb8961e9dfc394 Mon Sep 17 00:00:00 2001
From: Paul Wackerow <54227730+wackerow@users.noreply.github.com>
Date: Tue, 11 Feb 2025 12:56:14 -0800
Subject: [PATCH] feat: add X-Frame-Options DENY header

Prevent iframe embeds, Fixes https://github.com/ethereum/devops/issues/1593
---
 next.config.js | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/next.config.js b/next.config.js
index 1aa0317271f..cd81f57e2db 100644
--- a/next.config.js
+++ b/next.config.js
@@ -70,6 +70,19 @@ module.exports = (phase, { defaultConfig }) => {
         },
       ],
     },
+    async headers() {
+      return [
+        {
+          source: "/(.*)", // Apply to all routes
+          headers: [
+            {
+              key: "X-Frame-Options",
+              value: "DENY",
+            },
+          ],
+        },
+      ]
+    },
   }
 
   if (phase !== PHASE_DEVELOPMENT_SERVER) {