Commit 5eb7de72 authored by Robert Lyon's avatar Robert Lyon Committed by Gerrit Code Review
Browse files

Merge "Adding some HTTP headers for security (Bug 1531987)"

parents e82c0fcb 29656f03
......@@ -331,8 +331,14 @@ if (!defined('CLI')) {
header('Expires: '. gmdate('D, d M Y H:i:s', 507686400) .' GMT');
header('Pragma: no-cache');
// Prevent clickjacking through iframe tags
// Security headers. See
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Permitted-Cross-Domain-Policies: master-only');
// Don't print precise PHP version as an HTTP header
// Only do authentication once we know the page theme, so that the login form
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment