Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
MODX secure http headers
header("X-Content-Type-Options: nosniff");
header("X-XSS-Protection: 1; mode=block");
header("X-Frame-Options: SAMEORIGIN");
header("Connection: keep-alive");
header("ETag: ");
header("Content-Security-Policy: base-uri; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; child-src");
Copy link

jenswittmann commented Dec 4, 2016

Use this in your PHP file, if your server run not in CGI mode. Thanks to Mazso:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment