Commit d0e24bb0 authored by Thomas Bella's avatar Thomas Bella

Add additional headers to increase security

- X-Content-Type-Options
- X-XSS-Protection
- Referrer-Policy
parent 077470df
......@@ -2,6 +2,9 @@
session_start();
header('Content-Type: text/html; charset=UTF-8');
header('Content-Security-Policy: default-src \'self\' \'unsafe-inline\' ururl.tk maxcdn.bootstrapcdn.com code.jquery.com;');
header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block');
header('Referrer-Policy: no-referrer-when-downgrade');
if (!empty($_SESSION['active']) && empty($_SESSION['token'])) {
$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(8));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment