diff --git a/apps/web/public/_headers b/apps/web/public/_headers
new file mode 100644
index 000000000..c187f4e07
--- /dev/null
+++ b/apps/web/public/_headers
@@ -0,0 +1,6 @@
+/*
+  X-Frame-Options: DENY
+  X-Content-Type-Options: nosniff
+  Referrer-Policy: no-referrer
+  Permissions-Policy: document-domain=()
+  Content-Security-Policy: script-src 'self' 'nonce-7WIq8hRwApoXhctoGZZthMLYQLRNiprTwcPi6Azdf' 'unsafe-eval'; frame-ancestors 'none';
\ No newline at end of file