From c0f4037600d7d6aa1c1d8bf7024ca8bc6fe2f151 Mon Sep 17 00:00:00 2001
From: vikas-6 <projectsbyvikas0@gmail.com>
Date: Sat, 16 May 2026 10:02:58 +0530
Subject: [PATCH] feat: implement security headers (#84) and overhaul UI/UX

---
 apps/backend/src/app.ts                       |  17 +-
 apps/web/src/app.css                          | 106 +++--
 apps/web/src/hooks.server.ts                  |  13 +
 apps/web/src/routes/+page.svelte              | 311 ++++++---------
 apps/web/src/routes/u/[username]/+page.svelte | 364 +++++++++---------
 apps/web/svelte.config.js                     |  16 +-
 6 files changed, 425 insertions(+), 402 deletions(-)
 create mode 100644 apps/web/src/hooks.server.ts

diff --git a/apps/backend/src/app.ts b/apps/backend/src/app.ts
index dc023a2..8e8cf38 100644
--- a/apps/backend/src/app.ts
+++ b/apps/backend/src/app.ts
@@ -37,7 +37,22 @@ export async function buildApp() {
     credentials: true,
   });
 
-  await app.register(helmet, { contentSecurityPolicy: false });
+  await app.register(helmet, {
+    contentSecurityPolicy: {
+      directives: {
+        defaultSrc: ["'self'"],
+        baseUri: ["'self'"],
+        fontSrc: ["'self'", 'https:', 'data:', 'https://fonts.gstatic.com'],
+        frameAncestors: ["'self'"],
+        imgSrc: ["'self'", 'data:', 'https:'],
+        objectSrc: ["'none'"],
+        scriptSrc: ["'self'"],
+        scriptSrcAttr: ["'none'"],
+        styleSrc: ["'self'", 'https:', "'unsafe-inline'", 'https://fonts.googleapis.com'],
+        upgradeInsecureRequests: [],
+      },
+    },
+  });
 
   await app.register(jwt, {
     secret: process.env.JWT_SECRET || 'dev-secret-change-me',
diff --git a/apps/web/src/app.css b/apps/web/src/app.css
index 772a760..bb09fef 100644
--- a/apps/web/src/app.css
+++ b/apps/web/src/app.css
@@ -1,47 +1,50 @@
-@import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap');
+@import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&family=Outfit:wght@500;600;700;800;900&display=swap');
 
-/* light theme — default */
 :root {
-  /* Primary */
+  /* Primary Palette */
   --primary: #6366f1;
-  --primary-light: #818cf8;
-  --primary-dark: #4f46e5;
-  --accent: #8b5cf6;
-
-  /* Background */
-  --bg-primary: #f8fafc;
-  --bg-secondary: #f1f5f9;
+  --primary-glow: rgba(99, 102, 241, 0.5);
+  --accent: #a855f7;
+  --accent-glow: rgba(168, 85, 247, 0.4);
+  
+  /* Backgrounds */
+  --bg-primary: #ffffff;
+  --bg-secondary: #f8fafc;
+  --bg-glass: rgba(255, 255, 255, 0.7);
   --bg-card: #ffffff;
-  --bg-elevated: #e2e8f0;
-
+  
   /* Text */
   --text-primary: #0f172a;
   --text-secondary: #475569;
   --text-muted: #94a3b8;
-
-  /* Border */
-  --border: #e2e8f0;
-
-  /* Spacing */
+  
+  /* Effects */
+  --border: rgba(226, 232, 240, 0.8);
+  --border-glass: rgba(255, 255, 255, 0.3);
+  --shadow-sm: 0 1px 2px 0 rgb(0 0 0 / 0.05);
+  --shadow-md: 0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1);
+  --shadow-lg: 0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1);
+  --shadow-xl: 0 20px 25px -5px rgb(0 0 0 / 0.1), 0 8px 10px -6px rgb(0 0 0 / 0.1);
+  
   --radius: 12px;
-  --radius-lg: 16px;
-  --radius-xl: 24px;
-
-  --theme-transition: background-color 0.3s ease, color 0.3s ease, border-color 0.3s ease;
+  --radius-lg: 20px;
+  --radius-xl: 32px;
+  
+  --theme-transition: all 0.4s cubic-bezier(0.4, 0, 0.2, 1);
 }
 
-/* dark theme */
 html.dark {
-  --bg-primary: #0f0f1a;
-  --bg-secondary: #1a1a2e;
-  --bg-card: #16213e;
-  --bg-elevated: #1e293b;
-
+  --bg-primary: #020617;
+  --bg-secondary: #0f172a;
+  --bg-glass: rgba(15, 23, 42, 0.6);
+  --bg-card: #0f172a;
+  
   --text-primary: #f8fafc;
-  --text-secondary: #94a3b8;
+  --text-secondary: #cbd5e1;
   --text-muted: #64748b;
-
-  --border: #334155;
+  
+  --border: rgba(30, 41, 59, 0.8);
+  --border-glass: rgba(255, 255, 255, 0.1);
 }
 
 * {
@@ -51,20 +54,53 @@ html.dark {
 }
 
 body {
-  font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+  font-family: 'Inter', sans-serif;
   background-color: var(--bg-primary);
   color: var(--text-primary);
   transition: var(--theme-transition);
   -webkit-font-smoothing: antialiased;
   min-height: 100vh;
+  overflow-x: hidden;
+}
+
+h1, h2, h3, h4, h5, h6 {
+  font-family: 'Outfit', sans-serif;
+  font-weight: 700;
+  line-height: 1.1;
 }
 
 a {
-  color: var(--primary);
+  color: inherit;
   text-decoration: none;
-  transition: color 0.2s;
+  transition: var(--theme-transition);
+}
+
+.glass {
+  background: var(--bg-glass);
+  backdrop-filter: blur(12px);
+  -webkit-backdrop-filter: blur(12px);
+  border: 1px solid var(--border-glass);
+}
+
+.gradient-text {
+  background: linear-gradient(135deg, var(--primary), var(--accent));
+  -webkit-background-clip: text;
+  -webkit-text-fill-color: transparent;
+  background-clip: text;
+}
+
+.btn-primary {
+  background: linear-gradient(135deg, var(--primary), var(--accent));
+  color: white;
+  padding: 0.8rem 1.6rem;
+  border-radius: var(--radius);
+  font-weight: 600;
+  box-shadow: 0 4px 15px var(--primary-glow);
+  border: none;
+  cursor: pointer;
 }
 
-a:hover {
-  color: var(--primary-dark);
+.btn-primary:hover {
+  transform: translateY(-2px);
+  box-shadow: 0 6px 20px var(--primary-glow);
 }
diff --git a/apps/web/src/hooks.server.ts b/apps/web/src/hooks.server.ts
new file mode 100644
index 0000000..e17520e
--- /dev/null
+++ b/apps/web/src/hooks.server.ts
@@ -0,0 +1,13 @@
+import type { Handle } from '@sveltejs/kit';
+
+export const handle: Handle = async ({ event, resolve }) => {
+	const response = await resolve(event);
+
+	// Security Headers (Note: CSP is handled in svelte.config.js)
+	response.headers.set('X-Content-Type-Options', 'nosniff');
+	response.headers.set('Referrer-Policy', 'no-referrer');
+	response.headers.set('X-Frame-Options', 'DENY');
+	response.headers.set('Permissions-Policy', 'camera=(), microphone=(), geolocation=()');
+
+	return response;
+};
diff --git a/apps/web/src/routes/+page.svelte b/apps/web/src/routes/+page.svelte
index 363a491..512f905 100644
--- a/apps/web/src/routes/+page.svelte
+++ b/apps/web/src/routes/+page.svelte
@@ -28,287 +28,218 @@
   />
 </svelte:head>
 
+<div class="bg-glow"></div>
+
 <main class="landing">
+  <nav class="glass">
+    <div class="nav-content">
+      <div class="logo">⚡ <span class="gradient-text">DevCard</span></div>
+      <button
+        id="theme-toggle"
+        class="theme-toggle"
+        on:click={toggleTheme}
+        aria-label="Toggle theme"
+      >
+        {theme === 'light' ? '🌙' : '☀️'}
+      </button>
+    </div>
+  </nav>
+
   <section class="hero">
-    <button
-      id="theme-toggle"
-      class="theme-toggle"
-      on:click={toggleTheme}
-      aria-label="Toggle theme"
-    >
-      {theme === 'light' ? '🌙' : '☀️'}
-    </button>
-    <div class="logo">⚡</div>
-    <h1>DevCard</h1>
-    <p class="tagline">One Tap. Every Profile. Every Platform.</p>
+    <div class="hero-badge">GSSoC'26 Edition</div>
+    <h1 class="gradient-text">One Tap. Every Profile.<br/>Every Platform.</h1>
     <p class="description">
-      Stop sharing LinkedIn, GitHub, and Twitter one by one.<br />
-      DevCard puts every profile in one shareable QR code.
+      The open-source standard for developer networking. Put all your profiles—GitHub, LinkedIn, LeetCode, and more—into a single, high-impact digital card.
     </p>
     <div class="cta-group">
       <a
         href="https://github.com/Dev-Card/DevCard"
-        class="btn btn-primary"
+        class="btn-primary"
         target="_blank"
         rel="noopener"
       >
         ⭐ Star on GitHub
       </a>
-      <a href="#features" class="btn btn-secondary">Learn More ↓</a>
+      <a href="/u/devcard-demo" class="btn-secondary">View Demo Profile →</a>
     </div>
   </section>
 
   <section id="features" class="features">
-    <div class="feature-card">
+    <div class="feature-card glass">
       <div class="feature-icon">🔗</div>
-      <h3>One Card, All Profiles</h3>
-      <p>
-        GitHub, LinkedIn, Twitter/X, Devfolio, GitLab, LeetCode, and 10+ more —
-        all in one card.
-      </p>
+      <h3>Unified Identity</h3>
+      <p>Combine your fragmented online presence into a cohesive professional identity.</p>
     </div>
-    <div class="feature-card">
+    <div class="feature-card glass">
       <div class="feature-icon">⚡</div>
-      <h3>Hybrid Follow Engine</h3>
-      <p>
-        Follow on GitHub silently via API. Connect on LinkedIn with one tap in
-        WebView. No app switching.
-      </p>
-    </div>
-    <div class="feature-card">
-      <div class="feature-icon">💳</div>
-      <h3>Context Cards</h3>
-      <p>
-        Share your "Professional" card at conferences and "Hackathon" card at
-        hack events. Same profiles, different contexts.
-      </p>
+      <h3>Instant Follow</h3>
+      <p>Integrated APIs allow followers to connect with you instantly across platforms.</p>
     </div>
-    <div class="feature-card">
-      <div class="feature-icon">📱</div>
-      <h3>QR + AirDrop</h3>
-      <p>
-        Generate a QR code or share via AirDrop-style link. Works even if the
-        receiver doesn't have the app.
-      </p>
-    </div>
-    <div class="feature-card">
+    <div class="feature-card glass">
       <div class="feature-icon">🔒</div>
-      <h3>Privacy First</h3>
-      <p>
-        No data monetization. No tracking. Apache 2.0 licensed. You own your
-        data.
-      </p>
-    </div>
-    <div class="feature-card">
-      <div class="feature-icon">🌍</div>
-      <h3>Open Source</h3>
-      <p>
-        Community-driven development. Contribute, self-host, or extend with your
-        own platforms.
-      </p>
+      <h3>Private by Design</h3>
+      <p>No tracking, no data selling. Your information stays where it belongs: with you.</p>
     </div>
   </section>
 
   <footer class="footer">
-    <p>DevCard — Open Source Developer Profile Exchange</p>
-    <p>
-      Apache 2.0 License • <a
-        href="https://github.com/Dev-Card/DevCard"
-        target="_blank"
-        rel="noopener">GitHub</a
-      >
-    </p>
+    <p>© 2026 DevCard • Built for the Developer Community</p>
   </footer>
 </main>
 
 <style>
-  /* ── Theme toggle button ────────────────────────────────────────── */
-  .theme-toggle {
-    position: absolute;
-    top: 1.25rem;
-    right: 1.25rem;
-    background: var(--bg-card);
-    border: 1px solid var(--border);
-    border-radius: 50%;
-    width: 2.75rem;
-    height: 2.75rem;
-    font-size: 1.3rem;
-    cursor: pointer;
+  .bg-glow {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: radial-gradient(circle at 50% 0%, var(--primary-glow), transparent 40%),
+                radial-gradient(circle at 0% 100%, var(--accent-glow), transparent 30%);
+    pointer-events: none;
+    z-index: -1;
+  }
+
+  nav {
+    position: sticky;
+    top: 1rem;
+    margin: 1rem auto;
+    width: calc(100% - 2rem);
+    max-width: 1100px;
+    border-radius: var(--radius-lg);
+    z-index: 100;
+    padding: 0.75rem 1.5rem;
+  }
+
+  .nav-content {
     display: flex;
+    justify-content: space-between;
     align-items: center;
-    justify-content: center;
-    transition:
-      background 0.3s ease,
-      border-color 0.3s ease,
-      transform 0.2s ease,
-      box-shadow 0.2s ease;
-    box-shadow: 0 2px 8px rgba(0, 0, 0, 0.12);
-    line-height: 1;
   }
 
-  .theme-toggle:hover {
-    transform: scale(1.12) rotate(15deg);
-    border-color: var(--primary);
-    box-shadow: 0 4px 16px rgba(99, 102, 241, 0.3);
+  .logo {
+    font-family: 'Outfit', sans-serif;
+    font-weight: 800;
+    font-size: 1.5rem;
+    display: flex;
+    align-items: center;
+    gap: 0.5rem;
+  }
+
+  .theme-toggle {
+    background: transparent;
+    border: none;
+    font-size: 1.5rem;
+    cursor: pointer;
+    padding: 0.5rem;
+    border-radius: 50%;
+    transition: transform 0.3s ease;
   }
 
-  .theme-toggle:focus-visible {
-    outline: 2px solid var(--primary);
-    outline-offset: 3px;
+  .theme-toggle:hover {
+    transform: scale(1.1) rotate(10deg);
   }
 
   .landing {
-    max-width: 960px;
+    max-width: 1100px;
     margin: 0 auto;
-    padding: 2rem;
-    position: relative;
+    padding: 0 1.5rem;
   }
 
   .hero {
     text-align: center;
-    padding: 6rem 0 4rem;
-  }
-
-  .logo {
-    font-size: 4rem;
-    margin-bottom: 1rem;
-    animation: float 3s ease-in-out infinite;
+    padding: 8rem 0 6rem;
   }
 
-  @keyframes float {
-    0%,
-    100% {
-      transform: translateY(0);
-    }
-    50% {
-      transform: translateY(-10px);
-    }
+  .hero-badge {
+    display: inline-block;
+    padding: 0.4rem 1rem;
+    background: var(--bg-secondary);
+    border: 1px solid var(--border);
+    border-radius: 100px;
+    font-size: 0.85rem;
+    font-weight: 600;
+    margin-bottom: 2rem;
+    color: var(--primary);
   }
 
   h1 {
-    font-size: 3.5rem;
-    font-weight: 800;
-    letter-spacing: -2px;
-    background: linear-gradient(135deg, #6366f1, #8b5cf6, #a78bfa);
-    -webkit-background-clip: text;
-    -webkit-text-fill-color: transparent;
-    background-clip: text;
+    font-size: 4.5rem;
+    font-weight: 900;
+    letter-spacing: -3px;
+    margin-bottom: 1.5rem;
   }
 
-  .tagline {
+  .description {
     font-size: 1.25rem;
     color: var(--text-secondary);
-    margin-top: 0.5rem;
-  }
-
-  .description {
-    font-size: 1.1rem;
-    color: var(--text-muted);
-    margin-top: 1.5rem;
-    line-height: 1.7;
+    max-width: 700px;
+    margin: 0 auto 3rem;
+    line-height: 1.6;
   }
 
   .cta-group {
     display: flex;
-    gap: 1rem;
+    gap: 1.5rem;
     justify-content: center;
-    margin-top: 2.5rem;
   }
 
-  .btn {
-    display: inline-flex;
-    align-items: center;
-    gap: 0.5rem;
-    padding: 0.75rem 1.5rem;
+  .btn-secondary {
+    padding: 0.8rem 1.6rem;
     border-radius: var(--radius);
     font-weight: 600;
-    font-size: 1rem;
-    transition: all 0.2s ease;
-  }
-
-  .btn-primary {
-    background: var(--primary);
-    color: white;
-    box-shadow: 0 4px 16px rgba(99, 102, 241, 0.4);
-  }
-
-  .btn-primary:hover {
-    background: var(--primary-dark);
-    transform: translateY(-1px);
-    color: white;
-  }
-
-  .btn-secondary {
-    background: var(--bg-card);
-    color: var(--text-secondary);
     border: 1px solid var(--border);
+    background: var(--bg-card);
+    transition: all 0.2s;
   }
 
   .btn-secondary:hover {
-    background: var(--bg-elevated);
-    color: var(--text-primary);
+    background: var(--bg-secondary);
+    border-color: var(--primary);
   }
 
   .features {
     display: grid;
-    grid-template-columns: repeat(auto-fit, minmax(280px, 1fr));
-    gap: 1.5rem;
-    padding: 3rem 0;
+    grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+    gap: 2rem;
+    padding: 4rem 0;
   }
 
   .feature-card {
-    background: var(--bg-card);
-    border: 1px solid var(--border);
-    border-radius: var(--radius-lg);
-    padding: 2rem;
-    transition:
-      transform 0.2s ease,
-      border-color 0.2s ease;
+    padding: 2.5rem;
+    border-radius: var(--radius-xl);
+    transition: transform 0.3s ease;
   }
 
   .feature-card:hover {
-    transform: translateY(-4px);
-    border-color: var(--primary);
+    transform: translateY(-10px);
   }
 
   .feature-icon {
-    font-size: 2rem;
-    margin-bottom: 1rem;
+    font-size: 2.5rem;
+    margin-bottom: 1.5rem;
   }
 
-  .feature-card h3 {
-    font-size: 1.1rem;
-    font-weight: 700;
-    margin-bottom: 0.5rem;
+  h3 {
+    font-size: 1.5rem;
+    margin-bottom: 1rem;
   }
 
   .feature-card p {
     color: var(--text-secondary);
-    font-size: 0.9rem;
     line-height: 1.6;
   }
 
   .footer {
     text-align: center;
-    padding: 3rem 0 2rem;
+    padding: 6rem 0 3rem;
+    border-top: 1px solid var(--border);
     color: var(--text-muted);
-    font-size: 0.85rem;
   }
 
-  .footer p + p {
-    margin-top: 0.5rem;
-  }
-
-  @media (max-width: 600px) {
-    h1 {
-      font-size: 2.5rem;
-    }
-    .hero {
-      padding: 3rem 0 2rem;
-    }
-    .cta-group {
-      flex-direction: column;
-      align-items: center;
-    }
+  @media (max-width: 768px) {
+    h1 { font-size: 3rem; letter-spacing: -1px; }
+    .hero { padding: 4rem 0 3rem; }
+    .cta-group { flex-direction: column; align-items: stretch; }
   }
 </style>
diff --git a/apps/web/src/routes/u/[username]/+page.svelte b/apps/web/src/routes/u/[username]/+page.svelte
index f7750ec..d75e485 100644
--- a/apps/web/src/routes/u/[username]/+page.svelte
+++ b/apps/web/src/routes/u/[username]/+page.svelte
@@ -1,5 +1,6 @@
 <script lang="ts">
   import { PLATFORMS, getProfileUrl } from '@devcard/shared';
+  import { onMount } from 'svelte';
 
   let { data } = $props();
   const profile = data.profile;
@@ -12,294 +13,307 @@
     leetcode: '#FFA116', hackerrank: '#00EA64', discord: '#5865F2',
     telegram: '#26A5E4', email: '#EA4335', portfolio: '#6366F1', custom: '#8B5CF6',
   };
+
+  let mounted = $state(false);
+  onMount(() => {
+    mounted = true;
+  });
 </script>
 
 <svelte:head>
   {#if profile}
-    <title>{profile.displayName} — DevCard</title>
+    <title>{profile.displayName} | DevCard</title>
     <meta name="description" content="{profile.bio || `${profile.displayName}'s developer profiles`}" />
-    <meta property="og:title" content="{profile.displayName} — DevCard" />
-    <meta property="og:description" content="{profile.bio || 'Developer profile card'}" />
   {:else}
-    <title>User Not Found — DevCard</title>
+    <title>User Not Found | DevCard</title>
   {/if}
 </svelte:head>
 
-{#if error || !profile}
-  <main class="error-page">
-    <div class="error-content">
+<div class="bg-gradient" style="--accent: {profile?.accentColor || '#6366f1'}"></div>
+
+<main class="profile-container {mounted ? 'loaded' : ''}">
+  {#if error || !profile}
+    <div class="error-glass glass">
       <div class="error-emoji">😕</div>
-      <h1>User Not Found</h1>
-      <p>This DevCard doesn't exist or has been removed.</p>
-      <a href="/" class="home-link">← Back to DevCard</a>
+      <h1>Profile not found</h1>
+      <p>This DevCard has vanished into the digital void.</p>
+      <a href="/" class="btn-primary">Return Home</a>
     </div>
-  </main>
-{:else}
-  <main class="profile-page">
-    <div class="profile-card" style="--accent: {profile.accentColor}">
-      <!-- Avatar & Header -->
-      <div class="profile-header">
-        {#if profile.avatarUrl}
-          <img src={profile.avatarUrl} alt={profile.displayName} class="avatar" />
-        {:else}
-          <div class="avatar avatar-placeholder" style="background: {profile.accentColor}">
-            {profile.displayName.charAt(0).toUpperCase()}
-          </div>
-        {/if}
+  {:else}
+    <div class="profile-card glass" style="--accent: {profile.accentColor}">
+      <header class="profile-header">
+        <div class="avatar-wrapper">
+          {#if profile.avatarUrl}
+            <img src={profile.avatarUrl} alt={profile.displayName} class="avatar" />
+          {:else}
+            <div class="avatar avatar-placeholder" style="background: {profile.accentColor}">
+              {profile.displayName.charAt(0).toUpperCase()}
+            </div>
+          {/if}
+          <div class="avatar-glow" style="background: {profile.accentColor}"></div>
+        </div>
+        
         <h1 class="display-name">{profile.displayName}</h1>
-        {#if profile.pronouns}
-          <span class="pronouns">{profile.pronouns}</span>
-        {/if}
         {#if profile.role}
-          <p class="role">
+          <div class="role-badge">
             {profile.role}{profile.company ? ` @ ${profile.company}` : ''}
-          </p>
+          </div>
         {/if}
+        
         {#if profile.bio}
           <p class="bio">{profile.bio}</p>
         {/if}
-      </div>
+      </header>
 
-      <!-- Platform Links -->
-      <div class="links-section">
-        <p class="links-label">Connect with {profile.displayName.split(' ')[0]}</p>
-        {#each profile.links as link}
+      <div class="links-grid">
+        {#each profile.links as link, i}
           {@const platform = PLATFORMS[link.platform]}
           {@const color = platformColors[link.platform] || '#6366f1'}
           <a
             href={link.url || getProfileUrl(link.platform, link.username)}
             target="_blank"
             rel="noopener noreferrer"
-            class="platform-tile"
+            class="link-tile glass"
+            style="--delay: {i * 0.1}s"
           >
             <div class="tile-icon" style="background: {color}">
-              {platform?.name.charAt(0) || '?'}
+              <span class="platform-initial">{platform?.name.charAt(0) || '?'}</span>
             </div>
-            <div class="tile-info">
-              <span class="tile-name">{platform?.name || link.platform}</span>
-              <span class="tile-username">{link.username}</span>
+            <div class="tile-content">
+              <span class="platform-name">{platform?.name || link.platform}</span>
+              <span class="username">@{link.username}</span>
             </div>
-            <span class="tile-arrow">→</span>
+            <span class="arrow">→</span>
           </a>
         {/each}
       </div>
+      
+      <footer class="card-footer">
+        <p>Verified Developer Profile</p>
+        <div class="logo-sm">⚡ DevCard</div>
+      </footer>
     </div>
 
-    <!-- Get DevCard CTA -->
-    <div class="get-devcard">
-      <p>Want your own DevCard?</p>
-      <a href="/" class="cta-link">Get your DevCard ⚡</a>
+    <div class="get-your-own">
+      <p>Want a card like this?</p>
+      <a href="/" class="gradient-text">Create your DevCard ⚡</a>
     </div>
-
-    <footer class="footer">
-      Powered by <a href="/">DevCard</a> — Open Source Developer Profiles
-    </footer>
-  </main>
-{/if}
+  {/if}
+</main>
 
 <style>
-  .error-page {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    min-height: 100vh;
-  }
-
-  .error-content {
-    text-align: center;
-  }
-
-  .error-emoji {
-    font-size: 4rem;
-    margin-bottom: 1rem;
-  }
-
-  .error-content h1 {
-    font-size: 1.5rem;
-    font-weight: 700;
-    margin-bottom: 0.5rem;
-  }
-
-  .error-content p {
-    color: var(--text-secondary);
-    margin-bottom: 1.5rem;
+  .bg-gradient {
+    position: fixed;
+    top: 0;
+    left: 0;
+    right: 0;
+    bottom: 0;
+    background: radial-gradient(circle at 50% 0%, var(--accent), transparent 50%),
+                #020617;
+    opacity: 0.15;
+    z-index: -1;
   }
 
-  .home-link {
-    color: var(--primary-light);
-    font-weight: 600;
+  .profile-container {
+    min-height: 100vh;
+    display: flex;
+    flex-direction: column;
+    align-items: center;
+    padding: 4rem 1.5rem;
+    opacity: 0;
+    transform: translateY(20px);
+    transition: all 0.8s cubic-bezier(0.2, 0.8, 0.2, 1);
   }
 
-  /* Profile Page */
-  .profile-page {
-    max-width: 480px;
-    margin: 0 auto;
-    padding: 2rem 1rem;
-    min-height: 100vh;
+  .profile-container.loaded {
+    opacity: 1;
+    transform: translateY(0);
   }
 
   .profile-card {
-    background: var(--bg-card);
-    border: 2px solid var(--accent);
+    width: 100%;
+    max-width: 480px;
     border-radius: var(--radius-xl);
+    padding: 3rem 2rem;
+    box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.5);
+    position: relative;
     overflow: hidden;
-    box-shadow: 0 8px 32px rgba(99, 102, 241, 0.15);
   }
 
   .profile-header {
     text-align: center;
-    padding: 2.5rem 2rem 1.5rem;
+    margin-bottom: 3rem;
+  }
+
+  .avatar-wrapper {
+    position: relative;
+    width: 110px;
+    height: 110px;
+    margin: 0 auto 1.5rem;
   }
 
   .avatar {
-    width: 80px;
-    height: 80px;
-    border-radius: 50%;
-    margin: 0 auto 1rem;
-    display: block;
+    width: 100%;
+    height: 100%;
+    border-radius: 35% 65% 70% 30% / 30% 30% 70% 70%;
     object-fit: cover;
+    border: 3px solid white;
+    position: relative;
+    z-index: 2;
+    animation: morph 8s ease-in-out infinite;
   }
 
-  .avatar-placeholder {
-    display: flex;
-    align-items: center;
-    justify-content: center;
-    color: white;
-    font-size: 2rem;
-    font-weight: 700;
+  @keyframes morph {
+    0%, 100% { border-radius: 35% 65% 70% 30% / 30% 30% 70% 70%; }
+    50% { border-radius: 65% 35% 30% 70% / 70% 70% 30% 30%; }
+  }
+
+  .avatar-glow {
+    position: absolute;
+    top: 0; left: 0; right: 0; bottom: 0;
+    filter: blur(20px);
+    opacity: 0.4;
+    z-index: 1;
+    border-radius: 50%;
   }
 
   .display-name {
-    font-size: 1.75rem;
+    font-size: 2.25rem;
     font-weight: 800;
-    letter-spacing: -0.5px;
+    letter-spacing: -1px;
+    margin-bottom: 0.5rem;
   }
 
-  .pronouns {
-    color: var(--text-muted);
+  .role-badge {
+    display: inline-block;
+    padding: 0.4rem 1rem;
+    background: rgba(255, 255, 255, 0.1);
+    border-radius: 100px;
     font-size: 0.85rem;
-    margin-top: 0.25rem;
-    display: block;
-  }
-
-  .role {
+    font-weight: 600;
     color: var(--text-secondary);
-    margin-top: 0.5rem;
-    font-size: 0.95rem;
+    margin-bottom: 1rem;
   }
 
   .bio {
     color: var(--text-secondary);
-    margin-top: 1rem;
-    font-size: 0.9rem;
+    font-size: 1rem;
     line-height: 1.6;
+    max-width: 320px;
+    margin: 0 auto;
   }
 
-  /* Links */
-  .links-section {
-    padding: 0.5rem 1.5rem 1.5rem;
-  }
-
-  .links-label {
-    font-size: 0.75rem;
-    text-transform: uppercase;
-    letter-spacing: 1px;
-    color: var(--text-muted);
-    font-weight: 600;
-    margin-bottom: 0.75rem;
-    padding-left: 0.25rem;
+  .links-grid {
+    display: flex;
+    flex-direction: column;
+    gap: 0.75rem;
   }
 
-  .platform-tile {
+  .link-tile {
     display: flex;
     align-items: center;
-    background: var(--bg-elevated);
-    border: 1px solid var(--border);
-    border-radius: var(--radius);
-    padding: 0.875rem 1rem;
-    margin-bottom: 0.5rem;
-    transition: all 0.2s ease;
-    color: var(--text-primary);
+    padding: 1rem;
+    border-radius: var(--radius-lg);
+    transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
+    animation: slideIn 0.5s ease-out forwards;
+    animation-delay: var(--delay);
+    opacity: 0;
+  }
+
+  @keyframes slideIn {
+    from { opacity: 0; transform: translateX(-20px); }
+    to { opacity: 1; transform: translateX(0); }
   }
 
-  .platform-tile:hover {
-    border-color: var(--primary);
-    transform: translateX(4px);
-    color: var(--text-primary);
+  .link-tile:hover {
+    background: rgba(255, 255, 255, 0.15);
+    transform: scale(1.02) translateX(5px);
   }
 
   .tile-icon {
-    width: 36px;
-    height: 36px;
-    border-radius: 8px;
+    width: 44px;
+    height: 44px;
+    border-radius: 12px;
     display: flex;
     align-items: center;
     justify-content: center;
     color: white;
-    font-weight: 700;
-    font-size: 0.9rem;
-    flex-shrink: 0;
+    font-weight: 800;
+    font-size: 1.2rem;
+    box-shadow: 0 4px 12px rgba(0,0,0,0.2);
   }
 
-  .tile-info {
+  .tile-content {
     flex: 1;
-    margin-left: 0.875rem;
+    margin-left: 1.25rem;
   }
 
-  .tile-name {
+  .platform-name {
     display: block;
-    font-weight: 600;
-    font-size: 0.95rem;
+    font-weight: 700;
+    font-size: 1.05rem;
   }
 
-  .tile-username {
+  .username {
     display: block;
+    font-size: 0.85rem;
     color: var(--text-muted);
-    font-size: 0.8rem;
-    margin-top: 1px;
   }
 
-  .tile-arrow {
+  .arrow {
+    opacity: 0.3;
+    font-size: 1.2rem;
+    transition: all 0.3s;
+  }
+
+  .link-tile:hover .arrow {
+    opacity: 1;
+    transform: translateX(5px);
+  }
+
+  .card-footer {
+    margin-top: 3rem;
+    padding-top: 2rem;
+    border-top: 1px solid rgba(255,255,255,0.05);
+    display: flex;
+    justify-content: space-between;
+    align-items: center;
     color: var(--text-muted);
-    font-size: 1.1rem;
-    transition: transform 0.2s;
+    font-size: 0.75rem;
+    font-weight: 600;
+    text-transform: uppercase;
+    letter-spacing: 1px;
   }
 
-  .platform-tile:hover .tile-arrow {
-    transform: translateX(4px);
-    color: var(--primary-light);
+  .logo-sm {
+    color: var(--text-secondary);
+    font-family: 'Outfit', sans-serif;
   }
 
-  /* CTA */
-  .get-devcard {
+  .get-your-own {
+    margin-top: 3rem;
     text-align: center;
-    margin-top: 2rem;
-    padding: 1.5rem;
-    background: var(--bg-card);
-    border-radius: var(--radius-lg);
-    border: 1px solid var(--border);
   }
 
-  .get-devcard p {
-    color: var(--text-muted);
+  .get-your-own p {
     font-size: 0.9rem;
+    color: var(--text-muted);
     margin-bottom: 0.5rem;
   }
 
-  .cta-link {
+  .get-your-own a {
     font-weight: 700;
-    font-size: 1rem;
+    font-size: 1.1rem;
   }
 
-  .footer {
+  .error-glass {
     text-align: center;
-    padding: 2rem 0;
-    color: var(--text-muted);
-    font-size: 0.8rem;
+    padding: 4rem;
+    border-radius: var(--radius-xl);
   }
 
-  @media (max-width: 500px) {
-    .profile-page { padding: 1rem 0.75rem; }
-    .display-name { font-size: 1.5rem; }
+  @media (max-width: 480px) {
+    .profile-card { padding: 2rem 1.5rem; }
+    .display-name { font-size: 1.75rem; }
   }
 </style>
diff --git a/apps/web/svelte.config.js b/apps/web/svelte.config.js
index 460897c..55c3bd2 100644
--- a/apps/web/svelte.config.js
+++ b/apps/web/svelte.config.js
@@ -6,7 +6,21 @@ const config = {
 		// adapter-auto only supports some environments, see https://svelte.dev/docs/kit/adapter-auto for a list.
 		// If your environment is not supported, or you settled on a specific environment, switch out the adapter.
 		// See https://svelte.dev/docs/kit/adapters for more information about adapters.
-		adapter: adapter()
+		adapter: adapter(),
+		csp: {
+			mode: 'auto',
+			directives: {
+				'default-src': ['self'],
+				'script-src': ['self', 'unsafe-inline'],
+				'style-src': ['self', 'unsafe-inline', 'https://fonts.googleapis.com'],
+				'img-src': ['self', 'data:', 'https:'],
+				'connect-src': ['self'],
+				'font-src': ['self', 'data:', 'https:', 'https://fonts.gstatic.com'],
+				'object-src': ['none'],
+				'base-uri': ['self'],
+				'frame-ancestors': ['none']
+			}
+		}
 	},
 	vitePlugin: {
 		dynamicCompileOptions: ({ filename }) => ({ runes: !filename.includes('node_modules') })