[Feature]: Add various security headers

### The Feature

LiteLLM should add the following headers:

1. `content-security-policy`
2. `cross-origin-resource-policy`
3. `cross-origin-opener-policy`
4. `cross-origin-embedder-policy`
5. `x-frame-options`
6. `x-content-type-options`
7. `access-control-allow-origin`

IMO should use `PROXY_BASE_URL` as a default to calculate these headers.

Reasonable defaults for all requests/paths would be (assuming `PROXY_BASE_URL="https://example.com/"`:

```
x-content-type-options: nosniff
x-frame-options: DENY
cross-origin-resource-policy: same-origin
cross-origin-opener-policy: same-origin
cross-origin-embedder-policy: require-corp
access-control-allow-origin: https://example.com
```

The CSP is a bit more complicated. For example, the CSP for `https://example.com/v1/chat/completions` and `https://example.com/ui` will be completely different.

This is an _UNSAFE_/bad example of a CSP for LiteLLM:

```
content-security-policy: default-src * 'unsafe-inline'; img-src * 'self' data:
```

### Motivation, pitch

Security hardening of LiteLLM is always a good idea imo. =) 

### Twitter / LinkedIn details

https://twitter.com/DaveManouchehri

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Feature]: Add various security headers #3677

The Feature

Motivation, pitch

Twitter / LinkedIn details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

[Feature]: Add various security headers #3677

Description

The Feature

Motivation, pitch

Twitter / LinkedIn details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions