2) I would recommend setting X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN to prevent clickjacking (unless you expect to be hosted in a frame on another site, in which case I have a different suggestion)
3) It would be nice to suppress the "X-Powered-By: Next.js" header
2) I would recommend setting X-Frame-Options: DENY or X-Frame-Options: SAMEORIGIN to prevent clickjacking (unless you expect to be hosted in a frame on another site, in which case I have a different suggestion) 3) It would be nice to suppress the "X-Powered-By: Next.js" header