$hosts) { $values .= $policy.' '.$hosts.'; '; } header($header.': '.$values); } } function nosniff() { header('X-Content-Type-Options: nosniff'); } function xss() { header('X-XSS-Protection: 1; mode=block'); } function hsts() { header('Strict-Transport-Security: max-age=31536000'); } function xframe($mode = 'DENY', array $urls = array()) { header('X-Frame-Options: '.$mode.' '.implode(' ', $urls)); }