From a709596ccb8af9cad1f2e3b8d0e091cccef63b88 Mon Sep 17 00:00:00 2001
From: James Cole <james@firefly-iii.org>
Date: Thu, 8 Apr 2021 12:27:54 +0200
Subject: [PATCH] Add headers.

---
 app/Http/Middleware/SecureHeaders.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/Http/Middleware/SecureHeaders.php b/app/Http/Middleware/SecureHeaders.php
index 96a15655cd..3763ccb48a 100644
--- a/app/Http/Middleware/SecureHeaders.php
+++ b/app/Http/Middleware/SecureHeaders.php
@@ -98,6 +98,9 @@ class SecureHeaders
         $response->header('X-XSS-Protection', '1; mode=block');
         $response->header('X-Content-Type-Options', 'nosniff');
         $response->header('Referrer-Policy', 'no-referrer');
+        $response->header('X-Download-Options', 'noopen');
+        $response->header('X-Permitted-Cross-Domain-Policies', 'none');
+        $response->header('X-Robots-Tag', 'none');
         $response->header('Feature-Policy', implode('; ', $featurePolicies));
 
         return $response;