schemas-app/nginx/security_headers.conf

add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload';
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-XSS-Protection "0";
add_header X-Frame-Options "SAMEORIGIN";
add_header Referrer-Policy strict-origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-Permitted-Cross-Domain-Policies master-only;
add_header Feature-Policy '*=*';
add_header Permissions-Policy '*=*';
add_header Document-Policy 'unsized-media=?0, document-write=?0, max-image-bpp=2.0, frame-loading=lazy';