Security
What makes this website and project presentation safer by default.
Included
- +Static Next.js presentation with no form handling, auth state, or user-generated HTML.
- +Security headers are configured in next.config.ts, including CSP, X-Frame-Options, and nosniff.
- +No external analytics, ad scripts, trackers, or remote media are required for the page to render.
- +All content is project-owned copy that mirrors the current server implementation instead of placeholder marketing text.
Not Included
- -Third-party analytics scripts
- -Remote font dependencies
- -Ad networks or embeds
- -User-submitted HTML rendering
Deployment Headers
01
Production Content-Security-Policy02
script-src 'self' 'unsafe-inline'03
connect-src 'self'04
05
Development Content-Security-Policy06
script-src 'self' 'unsafe-inline' 'unsafe-eval'07
connect-src 'self' ws: wss:08
09
Referrer-Policy: strict-origin-when-cross-origin10
X-Content-Type-Options: nosniff11
X-Frame-Options: DENY12
Permissions-Policy: camera=(), microphone=(), geolocation=()13
Cross-Origin-Opener-Policy: same-origin