Skip to content

Instantly share code, notes, and snippets.

@jenswittmann

jenswittmann/secure-headers.php

Created December 4, 2016 13:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jenswittmann/07d8eeb55568856859201ed339f6cb2a to your computer and use it in GitHub Desktop.
Save jenswittmann/07d8eeb55568856859201ed339f6cb2a to your computer and use it in GitHub Desktop.
Download ZIP
MODX secure http headers
Raw
secure-headers.php
header("X-Content-Type-Options: nosniff");
header("X-XSS-Protection: 1; mode=block");
header("X-Frame-Options: SAMEORIGIN");
header("Connection: keep-alive");
header("ETag: ");
header("Content-Security-Policy: base-uri https://nixlos.de; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; child-src https://nixlos.de");
@jenswittmann
Copy link
Author

Use this in your PHP file, if your server run not in CGI mode. Thanks to Mazso:
https://github.com/Mazso/evolution-master/commit/fb75f448900258e0fa7c7d7fd9b3b7046f326281

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment