Hello, i’m wondering is it posible to set for the views default_security_headers like X-Frame-Options or a content-securty policy headers for securing the app and prevent it from being rendered in another site.

Maybe add something similar to the method protect_from_forgery

Not currently. Jets should have it by default though. Unsure when will dig into this. Happy to also consider PRs for this. :ok_hand: