To attach headers to Cloudflare Pages responses

Create a _headers plain text file in the output folder of your project¶

[url]
  [name]: [value]

Prevent your pages.dev deployments showing in search results¶

https://:<Your Project>.pages.dev/*
  X-Robots-Tag: noindex

Cross-Origin Resource Sharing (CORS)¶

/*
  Access-Control-Allow-Origin: *

Harden security for an application¶

• X-Frame-Options: DENY Prevents your website from being embedded in iframes on other sites. Stops clickjacking attacks.
• X-Content-Type-Options: nosniff Forces browsers to strictly use the declared content type. Prevents browsers from guessing file types.
• Referrer-Policy: no-referrer Stops sending referrer information to other websites. Enhances user privacy.

Content-Security-Policy:

• default-src 'self'; Only load resources (images, styles, etc.) from your own domain
• script-src 'self'; Only load JavaScript files from your own domain
• frame-ancestors 'none'; Block your site from being embedded in iframes anywhere

/*
  X-Frame-Options: DENY
  X-Content-Type-Options: nosniff
  Referrer-Policy: no-referrer
  Content-Security-Policy: default-src 'self'; frame-ancestors 'none';

Headers · Cloudflare Pages docs