From d6f3a8690848331ea0e5f943248b5bc3c5d112e2 Mon Sep 17 00:00:00 2001
From: Philipp Fischbeck <philipp.fischbeck@hpi.de>
Date: Tue, 19 Mar 2019 22:39:21 +0100
Subject: [PATCH] Improve default HTTP headers

---
 config/application.rb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/config/application.rb b/config/application.rb
index 67e9502..86f174e 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -17,7 +17,12 @@ module Projekteuler
     # the framework and any gems in your application.
 
     config.action_dispatch.default_headers = {
-        'X-Frame-Options' => 'DENY'
+        'X-Frame-Options' => 'DENY',
+        'X-XSS-Protection' => '1; mode=block',
+        'X-Content-Type-Options' => 'nosniff',
+        'X-Download-Options' => 'noopen',
+        'X-Permitted-Cross-Domain-Policies' => 'none',
+        'Referrer-Policy' => 'strict-origin-when-cross-origin'
     }
 
     # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.