From 047d53bfb1fc0f4f17a1002fb5072972943610ec Mon Sep 17 00:00:00 2001
From: Omar Roth <omarroth@protonmail.com>
Date: Wed, 4 Sep 2019 22:05:25 -0400
Subject: [PATCH] Add security headers

---
 src/instances.cr | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/instances.cr b/src/instances.cr
index 51ac8f7..9af20f5 100644
--- a/src/instances.cr
+++ b/src/instances.cr
@@ -81,6 +81,13 @@ spawn do
   end
 end
 
+before_all do |env|
+  env.response.headers["X-XSS-Protection"] = "1; mode=block"
+  env.response.headers["X-Content-Type-Options"] = "nosniff"
+  env.response.headers["Referrer-Policy"] = "same-origin"
+  env.response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains; preload"
+end
+
 get "/" do |env|
   sort_by = env.params.query["sort_by"]?
   sort_by ||= "users-reverse"