diff --git a/app/Http/Middleware/EnsureSecurityHeaders.php b/app/Http/Middleware/EnsureSecurityHeaders.php
index bc770fc..59d5e3d 100644
--- a/app/Http/Middleware/EnsureSecurityHeaders.php
+++ b/app/Http/Middleware/EnsureSecurityHeaders.php
@@ -41,11 +41,14 @@ class EnsureSecurityHeaders
// For general sites: geolocation=(), microphone=(), camera=() is often safe.
$response->headers->set('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
+ // Cross-Origin-Opener-Policy: isolate browsing context from cross-origin documents
+ $response->headers->set('Cross-Origin-Opener-Policy', 'same-origin');
+
// Content-Security-Policy (CSP) - Start with upgrade-insecure-requests to force HTTPS assets
// A full CSP can be tricky and break scripts. 'upgrade-insecure-requests' is safe and good for mixed content.
// We can add 'frame-ancestors' here too if X-Frame-Options is ignored by some.
// If the user wants A+, a basic CSP is often enough.
- $csp = "upgrade-insecure-requests; block-all-mixed-content;";
+ $csp = "upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self';";
$response->headers->set('Content-Security-Policy', $csp);
return $response;
diff --git a/public/assets/img/photos/truncgil-mobile-app.webp b/public/assets/img/photos/truncgil-mobile-app.webp
new file mode 100644
index 0000000..fb9cc0e
Binary files /dev/null and b/public/assets/img/photos/truncgil-mobile-app.webp differ
diff --git a/resources/views/layouts/site.blade.php b/resources/views/layouts/site.blade.php
index 0de0a51..78225f0 100644
--- a/resources/views/layouts/site.blade.php
+++ b/resources/views/layouts/site.blade.php
@@ -57,9 +57,12 @@ $favicon_path = setting('site_favicon');
@stack('structured-data')
+ @stack('head')
-
-
+
+
+
+
@@ -232,7 +235,9 @@ $favicon_path = setting('site_favicon');
@endif
{{-- Main Content --}}
- @yield('content')
+
+ @yield('content')
+
{{-- Dynamic Footer Template or Static Footer --}}
@php
@@ -278,8 +283,8 @@ $favicon_path = setting('site_favicon');
@include('partials.footer')
@endif
-
-
+
+
@stack('scripts')