1. Go to this page and download the library: Download jcaillot/owasp-headers library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
jcaillot / owasp-headers example snippets
return [
'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload',
# Prevents the browser from interpreting files as something else than declared by the content type:
'X-Content-Type-Option' => 'nosniff',
'Content-Type' => 'text/html; charset=utf-8',
# Enables the Cross-site scripting (XSS) filter in the browser:
'X-XSS-Protection' => '1; mode=block',
# The browser must not display the transmitted content in frames:
'X-Frame-Options' => 'DENY',
# No XML policy file( (for Flash or Acrobat) allowed:
# see https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html
'X-Permitted-Cross-Domain-Policies' => 'none',
# Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included:
'Referrer-Policy' => 'same-origin',
# Content Security Policy (CSP)