$hosts) { if (is_array($hosts)) { $acl = ''; foreach ($hosts as &$host) { if ($host === '*' || $host === "'self'" || strpos($host, 'http') === 0) { $acl .= $host.' '; } } } else { $acl = $hosts; } $values .= $policy.' '.trim($acl).'; '; } header('Content-Security-Policy: '.$values); } function nosniff() { header('X-Content-Type-Options: nosniff'); } function xss() { header('X-XSS-Protection: 1; mode=block'); } function hsts() { header('Strict-Transport-Security: max-age=31536000'); } function xframe($mode = 'DENY', array $urls = array()) { header('X-Frame-Options: '.$mode.' '.implode(' ', $urls)); }