# Cloudflare Pages security headers (applied to all routes).
# A stricter Content-Security-Policy will be added in P2 once forms/Turnstile are wired.
/*
  X-Frame-Options: DENY
  X-Content-Type-Options: nosniff
  Referrer-Policy: strict-origin-when-cross-origin
  Permissions-Policy: geolocation=(), microphone=(), camera=()
