Additions: Public Properties
| Property |
Type |
Description |
$tls_session |
bool |
Indicates if the current session uses HTTPS/TLS encryption |
$request_uri |
string |
Normalized REQUEST_URI (e.g., 'PageOfNoReturn/show?a=1') |
$ip |
string |
Client's real IP address (accounts for proxies) |
$sess |
Session |
Reference to the Session object |
$method |
string |
Current HTTP method/request type |
Private Properties
| Property |
Type |
Description |
$db |
object |
Database connection reference |
$tls_mark |
string |
Cookie name for TLS session marking |
$page |
string |
Current page name being processed |
$hash |
string |
SHA1 hash of the page name |
$query |
string |
Encoded query string |
$lang |
string |
Current language code |
$file |
string |
Cache file path |
$caching |
int |
Flag indicating if page should be cached (0 or 1) |
http_security_headers(): void
Sets security-related HTTP headers.
| Header |
Purpose |
Config Key |
| Content-Security-Policy |
XSS/injection protection |
csp |
| Permissions-Policy |
Control browser features |
permissions_policy |
| Referrer-Policy |
Control referrer information |
referrer_policy |
| Strict-Transport-Security |
Force HTTPS |
Auto (TLS only) |
| X-Frame-Options |
Clickjacking protection |
Hardcoded: SAMEORIGIN |
| X-Content-Type-Options |
MIME sniffing prevention |
Hardcoded: nosniff |
CSP Configuration Options:
-
0 - Disabled
-
1 - Default policy (from csp.conf)
-
2 - Custom policy (from csp_custom.conf)
Public Properties
Private Properties
http_security_headers(): void