PHP code example of jcaillot / laminas-owasp-headers

1. Go to this page and download the library: Download jcaillot/laminas-owasp-headers library. Choose the download type require.

2. Extract the ZIP file and open the index.php.

3. Add this code to the index.php.
    
        
<?php
require_once('vendor/autoload.php');

/* Start to develop here. Best regards https://php-download.com/ */

    

jcaillot / laminas-owasp-headers example snippets

 

    'service_manager' => [
            'invokables' => [
                 ...
                 \Chaman\Listener\OwaspHeadersListener::class => \Chaman\Listener\OwaspHeadersListener::class
            ],
     ],
    'listeners' => [
            ...
            \Chaman\Listener\OwaspHeadersListener::class
    ],
   
    
    'owasp-headers' => [
        # Browsers (or other complying user agents) should only interact with me using secure HTTPS connections:
        # see https://https.cio.gov/hsts/
        'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload',
        # Prevents the browser from interpreting files as something else than declared by the content type:
        'X-Content-Type-Option' => 'nosniff',
        'Content-Type' => 'text/html; charset=utf-8',
        # Enables the Cross-site scripting (XSS) filter in the browser:
        'X-XSS-Protection' => '1; mode=block',
        # The browser must not display the transmitted content in frames:
        'X-Frame-Options' => 'DENY',
        # No XML policy file( (for Flash or Acrobat) allowed:
        # see https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html
        'X-Permitted-Cross-Domain-Policies' => 'none',
        # Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included:
        'Referrer-Policy' => 'same-origin',
        # Content Security Policy (CSP)