ENG-2192: Security Headers

[tvandort]

Ticket ENG-2192

Description Of Changes

Adds good practice security headers to Admin UI & Fides API.

Code Changes

Steps to Confirm

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Review	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Dec 18, 2025 8:23pm
fides-privacy-center	Ignored		Dec 18, 2025 8:23pm

[codecov]

Codecov Report

❌ Patch coverage is 56.41026% with 17 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.14%. Comparing base (3acaf58) to head (028b9cd).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
src/fides/api/util/security_headers.py	51.42%	16 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7134      +/-   ##
==========================================
- Coverage   87.22%   87.14%   -0.09%     
==========================================
  Files         533      535       +2     
  Lines       35126    35350     +224     
  Branches     4082     4119      +37     
==========================================
+ Hits        30639    30804     +165     
- Misses       3597     3654      +57     
- Partials      890      892       +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.