Home > Dev > PHP Security > HTTP Security Headers

HTTP Security Headers

This code sets various HTTP security headers to enhance the security of the application.

function set_security_headers() {
    header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
    header("Content-Security-Policy: default-src 'self'");
    header("X-Content-Type-Options: nosniff");
    header("X-Frame-Options: DENY");
    header("X-XSS-Protection: 1; mode=block");
    header("Referrer-Policy: no-referrer");
}

// Usage
set_security_headers();
Back