We use retool's Branding feature to provide a login page. Penetration testing findings suggest that this page is vulnerable to various attacks due to missing security headers, such as Content-Security-Policy, X-Frame-Options and Permissions-Policy . It would be great to either include these by default, or give us a way to specify additional headers that are returned by the app for the retool-managed login page. Would appreciate any pointers if this is maybe possible already. X-Frame-Options seems important since otherwise there could be clickjacking attacks.