{
  "headers": [
    {
      "source": "/(.*)",
      "headers": [
        { "key": "X-Content-Type-Options", "value": "nosniff" },
        { "key": "X-Frame-Options", "value": "SAMEORIGIN" },
        { "key": "X-XSS-Protection", "value": "1; mode=block" },
        { "key": "Strict-Transport-Security", "value": "max-age=31536000; includeSubDomains; preload" },
        { "key": "Referrer-Policy", "value": "no-referrer-when-downgrade" },
        { "key": "Feature-Policy", "value": "geolocation 'self'" }
      ]
    },
    {
      "source": "/:all*(woff2?|jpe?g|png|gif|svg|js|xml|txt|json|css|mp4|webm|avif)",
      "headers": [
        { "key": "Cache-Control", "value": "public, max-age=31536000, immutable" }
      ]
    }
  ]
}