The _headers file

The Lean Web Kit uses Netlify’s headers configuration feature. For your project, this means you can configure response headers by declaring them in src/client/static/_headers.

The default header configuration for the Lean Web Kit is:

/*
  Referrer-Policy: no-referrer-when-downgrade
  Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
  X-Content-Type-Options: nosniff
  X-Frame-Options: SAMEORIGIN
  X-XSS-Protection: 1; mode=block

This gives the project its A-rating for secure headers.