diff --git a/next.config.ts b/next.config.ts
index 9e6eef0a..8defa4cf 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -7,24 +7,42 @@ import type { NextConfig } from 'next';
 
 const isProduction = process.env.NODE_ENV === 'production';
 
-const nextConfig: NextConfig = isProduction ? {
+const nextConfig: NextConfig = {
   output: 'export',
   trailingSlash: true,
-} : {};
-
-if (!isProduction) {
-  nextConfig.rewrites = async function rewrites() {
+  async headers() {
     return [
       {
-        source: '/api/:path*',
-        destination: 'https://opensource.microsoft.com/api/:path*',
-      },
-      {
-        source: '/avatars/:path*',
-        destination: 'https://opensource.microsoft.com/avatars/:path*',
-      },
+        source: '/(.*)',
+        headers: [
+          {
+            key: 'X-Content-Type-Options',
+            value: 'nosniff'
+          },
+          {
+            key: 'X-Frame-Options',
+            value: 'DENY'
+          },
+          {
+            key: 'X-XSS-Protection',
+            value: '1; mode=block'
+          },
+          {
+            key: 'Referrer-Policy',
+            value: 'strict-origin-when-cross-origin'
+          },
+          {
+            key: 'Permissions-Policy',
+            value: 'camera=(), microphone=(), geolocation=()'
+          },
+          {
+            key: 'Content-Security-Policy',
+            value: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';"
+          }
+        ]
+      }
     ]
-  };
-}
+  }
+};
 
 export default nextConfig;