| 234 |
|
===== ##http_security_headers(): void## =====
|
| 235 |
|
|
| 236 |
|
|
| |
234 |
=====##http_security_headers(): void##=====
|
| |
235 |
|
| |
236 |
Sets security-related HTTP headers.
|
| |
237 |
|
| |
238 |
**Headers Set:**
|
| |
239 |
|
| |
240 |
#|
|
| |
241 |
*| Header | Purpose | Config Key |*
|
| |
242 |
|| Content-Security-Policy | XSS/injection protection | ##csp## ||
|
| |
243 |
|| Permissions-Policy | Control browser features | ##permissions_policy## ||
|
| |
244 |
|| Referrer-Policy | Control referrer information | ##referrer_policy## ||
|
| |
245 |
|| Strict-Transport-Security | Force HTTPS | Auto (TLS only) ||
|
| |
246 |
|| X-Frame-Options | Clickjacking protection | Hardcoded: ##SAMEORIGIN## ||
|
| |
247 |
|| X-Content-Type-Options | MIME sniffing prevention | Hardcoded: ##nosniff## ||
|
| |
248 |
|#
|
| |
249 |
|
| |
250 |
**CSP Configuration Options:**
|
| |
251 |
- ##0## - Disabled
|
| |
252 |
- ##1## - Default policy (from ##csp.conf##)
|
| |
253 |
- ##2## - Custom policy (from ##csp_custom.conf##)
|
| |
254 |
|
| |
255 |
**Example:**
|
| |
256 |
%%php
|
| |
257 |
$http->http_security_headers();
|
| |
258 |
%%
|
| |
259 |
|
| |
260 |
----
|