diff --git a/next.config.ts b/next.config.ts
index e9ffa30..053fd4b 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -1,7 +1,67 @@
-import type { NextConfig } from "next";
+import type { NextConfig } from 'next'
+
+const securityHeaders = [
+  {
+    key: 'X-DNS-Prefetch-Control',
+    value: 'on',
+  },
+  {
+    key: 'X-XSS-Protection',
+    value: '1; mode=block',
+  },
+  {
+    key: 'X-Content-Type-Options',
+    value: 'nosniff',
+  },
+  {
+    key: 'Referrer-Policy',
+    value: 'strict-origin',
+  },
+  {
+    key: 'Content-Security-Policy',
+    value: `frame-ancestors 'self';`,
+  },
+  {
+    key: 'X-Frame-Options',
+    value: 'SAMEORIGIN',
+  },
+  {
+    key: 'Strict-Transport-Security',
+    value: 'max-age=31536000; includeSubDomains; preload',
+  },
+  {
+    key: 'Permissions-Policy',
+    value: 'camera=(), microphone=(), geolocation=()',
+  },
+  {
+    key: 'X-Source',
+    value: 'github.com/skidoodle/albert.lol',
+  },
+]
 
 const nextConfig: NextConfig = {
-  /* config options here */
-};
+  async headers() {
+    return [
+      {
+        source: '/:path*',
+        headers: securityHeaders,
+      },
+    ]
+  },
+  images: {
+    remotePatterns: [
+      {
+        protocol: 'https',
+        hostname: 'i.scdn.co',
+      },
+      {
+        protocol: 'https',
+        hostname: 'placehold.co',
+      },
+    ],
+  },
+  reactStrictMode: true,
+  output: 'standalone',
+}
 
-export default nextConfig;
+export default nextConfig
\ No newline at end of file