• Aaron Wells's avatar
    Adding some HTTP headers for security (Bug 1531987) · 29656f03
    Aaron Wells authored
    X-XSS-Protection: Tells the browser not to disable XSS protection
    X-Content-Type-Options: Tells the browser not to try to guess at
    mimetypes of downloads
    X-Permitted-Cross-Domain-Policies: Tells Flash & PDF not to trust
    alternate crossdomain.xml files (which set the permissions on whether
    this site allows itself to be accessed by scripts in Flash & PDF).
    Prevents an attacker from uploading a more permissive crossdomain.xml
    X-Powered-By: PHP by default sends this header with the current full
    PHP version.
    behatnotneeded: Selenium can't examine HTTP response headers
    Change-Id: Ia2a6de971fc62b7d8806ad010aa0fbe37c1a7357
init.php 15.7 KB