Security - Add headers for X-Content-Type-Options and Referrer-Policy (#7571)

2025-12-30 00:53:50 +00:00 · 2025-10-14 12:43:06 -07:00
parent 8c82c7077b
commit 80a84c69f1
1 changed files with 3 additions and 0 deletions
--- a/resources/require.php
+++ b/resources/require.php
@@ -91,6 +91,9 @@
 //security headers
 	header("X-Frame-Options: SAMEORIGIN");
 	header("Content-Security-Policy: frame-ancestors 'self';");
+	header("X-Content-Type-Options: nosniff");
+	header("Referrer-Policy: strict-origin-when-cross-origin");
+	//header("Strict-Transport-Security: max-age=63072000; includeSubDomains; preload");

 //start the session if not using the command line
 	global $no_session;