GarryOne/http-security-headers.php

## http-security-headers.php
<?php
header('Strict-Transport-Security: max-age=63072000; includeSubDomains; preload'); // if ssl enabled
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('Content-Type: text/html; charset=utf-8');
header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
header('Expect-CT: max-age=7776000, enforce');
header('Referrer-Policy: origin-when-cross-origin');
	<?php
	header('Strict-Transport-Security: max-age=63072000; includeSubDomains; preload'); // if ssl enabled
	header('X-Frame-Options: SAMEORIGIN');
	header('X-XSS-Protection: 1; mode=block');
	header('X-Content-Type-Options: nosniff');
	header('Content-Type: text/html; charset=utf-8');
	header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
	header('Expect-CT: max-age=7776000, enforce');
	header('Referrer-Policy: origin-when-cross-origin');