GarryOne · May 29, 2018 22:13
diff --git a/http-security-headers.php b/http-security-headers.php
 <?php
 header('Strict-Transport-Security: max-age=63072000; includeSubDomains; preload'); // if ssl enabled
 header('X-Frame-Options: SAMEORIGIN');
 header('X-XSS-Protection: 1; mode=block');
 header('X-Content-Type-Options: nosniff');
 header('Content-Type: text/html; charset=utf-8');
 header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
 header('Expect-CT: max-age=7776000, enforce');
 header('Referrer-Policy: origin-when-cross-origin');
	<?php
	header('Strict-Transport-Security: max-age=63072000; includeSubDomains; preload'); // if ssl enabled
	header('X-Frame-Options: SAMEORIGIN');
	header('X-XSS-Protection: 1; mode=block');
	header('X-Content-Type-Options: nosniff');
	header('Content-Type: text/html; charset=utf-8');
	header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
	header('Expect-CT: max-age=7776000, enforce');
	header('Referrer-Policy: origin-when-cross-origin');