From deaed6f5401b49ddfade373144471088551e83a3 Mon Sep 17 00:00:00 2001 From: brain-marchine <152466993+brain-marchine@users.noreply.github.com> Date: Sun, 12 Jul 2026 17:19:47 +0800 Subject: [PATCH] docs: document baseline security headers Fixes #7 --- docs/security-headers.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 docs/security-headers.md diff --git a/docs/security-headers.md b/docs/security-headers.md new file mode 100644 index 0000000..f99e8d5 --- /dev/null +++ b/docs/security-headers.md @@ -0,0 +1,14 @@ +# Security headers + +Baseline hardening headers are applied on every response (see +`src/__tests__/securityHeaders.test.ts`): + +| Header | Value | +|--------|-------| +| `X-Content-Type-Options` | `nosniff` | +| `X-Frame-Options` | `DENY` | +| `Referrer-Policy` | `no-referrer` | +| `Strict-Transport-Security` | `max-age=…` | + +Content-Security-Policy tightening is tracked separately; do not duplicate header +logic outside the centralized middleware.