From 0a07221217e2a30a62be055aa8384af4ccdc7bfb Mon Sep 17 00:00:00 2001
From: Alex <40072887+alexdcrane@users.noreply.github.com>
Date: Tue, 14 Oct 2025 12:43:26 -0700
Subject: [PATCH] Security - Add headers for X-Content-Type-Options and
 Referrer-Policy (#7572)

---
 resources/require.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/resources/require.php b/resources/require.php
index 7d8477d26d..dbc326d533 100644
--- a/resources/require.php
+++ b/resources/require.php
@@ -91,6 +91,9 @@
 //security headers
 	header("X-Frame-Options: SAMEORIGIN");
 	header("Content-Security-Policy: frame-ancestors 'self';");
+	header("X-Content-Type-Options: nosniff");
+	header("Referrer-Policy: strict-origin-when-cross-origin");
+	//header("Strict-Transport-Security: max-age=63072000; includeSubDomains; preload");
 
 //start the session if not using the command line
 	global $no_session;