Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
MODX secure http headers
header("X-Content-Type-Options: nosniff");
header("X-XSS-Protection: 1; mode=block");
header("X-Frame-Options: SAMEORIGIN");
header("Connection: keep-alive");
header("ETag: ");
header("Content-Security-Policy: base-uri https://nixlos.de; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; child-src https://nixlos.de");
@jenswittmann
Copy link
Author

jenswittmann commented Dec 4, 2016

Use this in your PHP file, if your server run not in CGI mode. Thanks to Mazso:
https://github.com/Mazso/evolution-master/commit/fb75f448900258e0fa7c7d7fd9b3b7046f326281

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment