diff --git a/server/SecurityHeadersDefinitions.cs b/server/SecurityHeadersDefinitions.cs
index 1a57137..a314f65 100644
--- a/server/SecurityHeadersDefinitions.cs
+++ b/server/SecurityHeadersDefinitions.cs
@@ -2,11 +2,17 @@
 
 public static class SecurityHeadersDefinitions
 {
+    private static HeaderPolicyCollection? policy;
+
     public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev, string? idpHost)
     {
         ArgumentNullException.ThrowIfNull(idpHost);
 
-        var policy = new HeaderPolicyCollection()
+        // Avoid building a new HeaderPolicyCollection on every request for performance reasons.
+        // Where possible, cache and reuse HeaderPolicyCollection instances.
+        if (policy != null) return policy;
+
+        policy = new HeaderPolicyCollection()
             .AddFrameOptionsDeny()
             .AddContentTypeOptionsNoSniff()
             .AddReferrerPolicyStrictOriginWhenCrossOrigin()
diff --git a/ui/.vscode/settings.json b/ui/.vscode/settings.json
index b2105a9..b140491 100644
--- a/ui/.vscode/settings.json
+++ b/ui/.vscode/settings.json
@@ -19,10 +19,9 @@
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "editor.codeActionsOnSave": {
-    "source.organizeImports": true,
-    "source.fixAll.eslint": true
+    "source.organizeImports": "explicit",
+    "source.fixAll.eslint": "explicit"
   },
   "editor.formatOnSave": true,
-  "editor.formatOnPaste": true,
-  
+  "editor.formatOnPaste": true
 }