From 4ae3bfa40d1f3facbda7ef6dcc6132ff3c2766fd Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Fri, 5 Mar 2021 13:25:08 +0000
Subject: [PATCH] WebServer: Serve X-Frame-Options and X-Content-Type-Options
 HTTP headers

---
 Userland/Services/WebServer/Client.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Userland/Services/WebServer/Client.cpp b/Userland/Services/WebServer/Client.cpp
index 985a27eec0f..0c66e913691 100644
--- a/Userland/Services/WebServer/Client.cpp
+++ b/Userland/Services/WebServer/Client.cpp
@@ -137,6 +137,8 @@ void Client::send_response(InputStream& response, const HTTP::HttpRequest& reque
     StringBuilder builder;
     builder.append("HTTP/1.0 200 OK\r\n");
     builder.append("Server: WebServer (SerenityOS)\r\n");
+    builder.append("X-Frame-Options: SAMEORIGIN\r\n");
+    builder.append("X-Content-Type-Options: nosniff\r\n");
     builder.append("Content-Type: ");
     builder.append(content_type);
     builder.append("\r\n");