more secure headers

nginx.conf

@@ -2,6 +2,12 @@ server {
 	listen       80;
 	server_name  _;
 
+	add_header Content-Security-Policy "default-src 'self'; report-uri csp@nicco.io";
+	add_header X-Content-Type-Options "nosniff";
+	add_header X-Frame-Options "deny";
+	add_header Strict-Transport-Security "max-age=31536000";
+	add_header Referrer-Policy "origin";
+
 	location / {
 		root   /usr/share/nginx/html;
 		try_files $uri /index.html;

package.json

@@ -4,6 +4,7 @@
     "build:dev": "webpack -d",
     "build:dev:watch": "webpack -d -w",
     "build:prod": "webpack -p",
+    "build:prod:watch": "webpack -p -w",
     "dev": "webpack-dev-server -d"
   },
   "dependencies": {