BLUE

Navigation

Breadcrumbs

/ / var / www / invoice-sync.bitkit.dk / httpdocs / config

Create

Upload

Tip: You can also drag & drop files anywhere on this page to upload.

Edit File Size: 16.24 KB

/var/www/invoice-sync.bitkit.dk/httpdocs/config/secure-headers.php

Text Base64

<?php

return [

/*
     * Server
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server
     *
     * Note: when server is empty string, it will not add to response header
     */

'server' => '',

/*
     * X-Content-Type-Options
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
     *
     * Available Value: 'nosniff'
     */

'x-content-type-options' => 'nosniff',

/*
     * X-Download-Options
     *
     * Reference: https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
     *
     * Available Value: 'noopen'
     */

'x-download-options' => 'noopen',

/*
     * X-Frame-Options
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
     *
     * Available Value: 'deny', 'sameorigin', 'allow-from <uri>'
     */

'x-frame-options' => 'sameorigin',

/*
     * X-Permitted-Cross-Domain-Policies
     *
     * Reference: https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
     *
     * Available Value: 'all', 'none', 'master-only', 'by-content-type', 'by-ftp-filename'
     */

'x-permitted-cross-domain-policies' => 'none',

/*
     * X-Power-By
     *
     * Note: it will not add to response header if the value is empty string.
     */

'x-power-by' => '',

/*
     * X-XSS-Protection
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
     *
     * Available Value: '1', '0', '1; mode=block'
     */

'x-xss-protection' => '1; mode=block',

/*
     * Referrer-Policy
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
     *
     * Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin',
     *                  'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url'
     */

'referrer-policy' => 'no-referrer',

/*
     * Clear-Site-Data
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
     */

'clear-site-data' => [
        'enable' => false,

'all' => false,

'cache' => true,

'cookies' => true,

'storage' => true,

'executionContexts' => true,
    ],

/*
     * HTTP Strict Transport Security
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
     *
     * Please ensure your website had set up ssl/tls before enable hsts.
     */

'hsts' => [
        'enable' => true,

'max-age' => 31536000,

'include-sub-domains' => false,

'preload' => false,
    ],

/*
     * Expect-CT
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT
     */

'expect-ct' => [
        'enable' => false,

'max-age' => 2147483648,

'enforce' => false,

// report uri must be absolute-URI
        'report-uri' => null,
    ],

/*
     * Feature Policy
     *
     * Reference: https://w3c.github.io/webappsec-feature-policy/
     */

'feature-policy' => [
        'enable' => true,

/*
         * Each directive details can be found on:
         *
         * https://github.com/w3c/webappsec-feature-policy/blob/master/features.md
         *
         * 'none', '*' and 'self allow' are mutually exclusive,
         * the priority is 'none' > '*' > 'self allow'.
         */

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/accelerometer
        'accelerometer' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/ambient-light-sensor
        'ambient-light-sensor' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/autoplay
        'autoplay' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/battery
        'battery' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/camera
        'camera' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/display-capture
        'display-capture' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/document-domain
        'document-domain' => [
            '*' => true,
        ],

// document-write (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/document-write.md)

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/encrypted-media
        'encrypted-media' => [
            'self' => true,
        ],

// https://wicg.github.io/page-lifecycle/#feature-policies
        'execution-while-not-rendered' => [
            '*' => true,
        ],

// https://wicg.github.io/page-lifecycle/#feature-policies
        'execution-while-out-of-viewport' => [
            '*' => true,
        ],

// focus-without-user-activation (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/focus-without-user-activation.md)

// font-display-late-swap (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/font-display-late-swap.md)

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/fullscreen
        'fullscreen' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/geolocation
        'geolocation' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/gyroscope
        'gyroscope' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/layout-animations
        'layout-animations' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/legacy-image-formats
        'legacy-image-formats' => [
            'self' => true,
        ],

// loading-frame-default-eager (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/loading-frame-default-eager.md)

// loading-image-default-eager (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/loading-image-default-eager.md)

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/magnetometer
        'magnetometer' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/microphone
        'microphone' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/midi
        'midi' => [
            'self' => true,
        ],

// https://drafts.csswg.org/css-nav-1/#policy-feature
        'navigation-override' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/oversized-images
        'oversized-images' => [
            '*' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/payment
        'payment' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/picture-in-picture
        'picture-in-picture' => [
            '*' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials
        'publickey-credentials' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/sync-xhr
        'sync-xhr' => [
            '*' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/unoptimized-images
        'unoptimized-images' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/unsized-media
        'unsized-media' => [
            '*' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/usb
        'usb' => [
            'self' => true,
        ],

// vertical-scroll (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/vertical_scroll.md)

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/wake-lock
        'wake-lock' => [
            'self' => true,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking
        'xr-spatial-tracking' => [
            'self' => true,
        ],
    ],

/*
     * Content Security Policy
     *
     * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
     */

'csp' => [
        'enable' => true,

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
        'report-only' => false,

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
        'report-to' => '',

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
        'report-uri' => [
            // uri
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content
        'block-all-mixed-content' => false,

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests
        'upgrade-insecure-requests' => false,

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri
        'base-uri' => [
            'self'
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src
        'child-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
        'connect-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
        'default-src' => [
            'self'
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src
        'font-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action
        'form-action' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
        'frame-ancestors' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src
        'frame-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src
        'img-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src
        'manifest-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/media-src
        'media-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to
        'navigate-to' => [
            'unsafe-allow-redirects' => false,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src
        'object-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/plugin-types
        'plugin-types' => [
            // 'application/pdf',
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/prefetch-src
        'prefetch-src' => [
            //
        ],

// https://w3c.github.io/webappsec-trusted-types/dist/spec/#integration-with-content-security-policy
        'require-trusted-types-for' => [
            'script' => false,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
        'sandbox' => [
            'enable' => false,

'allow-downloads-without-user-activation' => false,

'allow-forms' => false,

'allow-modals' => false,

'allow-orientation-lock' => false,

'allow-pointer-lock' => false,

'allow-popups' => false,

'allow-popups-to-escape-sandbox' => false,

'allow-presentation' => false,

'allow-same-origin' => false,

'allow-scripts' => false,

'allow-storage-access-by-user-activation' => false,

'allow-top-navigation' => false,

'allow-top-navigation-by-user-activation' => false,
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src
        'script-src' => [
            'none' => false,

'self' => true,

'report-sample' => false,

'allow' => [
                // 'url',
            ],

'schemes' => [
                // 'data:',
                // 'https:',
            ],

/* followings are only work for `script` and `style` related directives */

'unsafe-inline' => false,

'unsafe-eval' => false,

// https://www.w3.org/TR/CSP3/#unsafe-hashes-usage
            'unsafe-hashes' => false,

// Enable `strict-dynamic` will *ignore* `self`, `unsafe-inline`,
            // `allow` and `schemes`. You can find more information from:
            // https://www.w3.org/TR/CSP3/#strict-dynamic-usage
            'strict-dynamic' => false,

'hashes' => [
                'sha256' => [
                    // 'sha256-hash-value-with-base64-encode',
                ],

'sha384' => [
                    // 'sha384-hash-value-with-base64-encode',
                ],

'sha512' => [
                    // 'sha512-hash-value-with-base64-encode',
                ],
            ],
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-attr
        'script-src-attr' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-elem
        'script-src-elem' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
        'style-src' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-attr
        'style-src-attr' => [
            //
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-elem
        'style-src-elem' => [
            //
        ],

// https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types-csp-directive
        'trusted-types' => [
            'enable' => false,

'allow-duplicates' => false,

'default' => false,

'policies' => [
                //
            ],
        ],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src
        'worker-src' => [
            //
        ],
    ],
];

Exit & Reset Text mode: syntax highlighting auto-detects file type.

Directory Contents

Dirs: 2 × Files: 20

Sort:

Enable drag-to-move

Name	Size	Perms	Modified	Actions
Economic DIR	-	drwxr-xr-x	2022-10-25 14:03:56	Edit Download recursive recursive
podio_apps DIR	-	drwxr-xr-x	2022-10-25 14:04:00	Edit Download recursive recursive
app.php	9.43 KB	lrw-r--r--	2023-12-20 04:43:18	Edit Download recursive recursive
auth.php	3.69 KB	lrw-r--r--	2023-12-20 04:43:28	Edit Download recursive recursive
broadcasting.php	1.73 KB	lrw-r--r--	2023-12-20 04:43:11	Edit Download recursive recursive
cache.php	3.30 KB	lrw-r--r--	2023-12-20 04:43:27	Edit Download recursive recursive
cors.php	880 B	lrw-r--r--	2023-12-20 04:43:24	Edit Download recursive recursive
database.php	5.08 KB	lrw-r--r--	2023-12-20 04:43:13	Edit Download recursive recursive
filesystems.php	2.30 KB	lrw-r--r--	2023-12-20 04:43:15	Edit Download recursive recursive
general.php	836 B	lrw-r--r--	2023-12-20 04:43:23	Edit Download recursive recursive
hashing.php	1.59 KB	lrw-r--r--	2023-12-20 04:43:15	Edit Download recursive recursive
logging.php	3.60 KB	lrw-r--r--	2023-12-20 04:43:19	Edit Download recursive recursive
mail.php	3.61 KB	lrw-r--r--	2023-12-20 04:43:20	Edit Download recursive recursive
podio.php	1.28 KB	lrw-r--r--	2025-09-22 05:06:15	Edit Download recursive recursive
podio.php.production	1.63 KB	lrw-------	2023-12-20 04:43:12	Edit Download recursive recursive
queue.php	2.93 KB	lrw-r--r--	2023-12-20 04:43:30	Edit Download recursive recursive
sanctum.php	2.30 KB	lrw-r--r--	2023-12-20 04:43:21	Edit Download recursive recursive
secure-headers.php	16.24 KB	lrw-rw-r--	2023-12-20 04:43:26	Edit Download recursive recursive
sentry.php	2.03 KB	lrw-r--r--	2023-12-20 04:43:16	Edit Download recursive recursive
services.php	983 B	lrw-r--r--	2023-12-20 04:43:22	Edit Download recursive recursive
session.php	7.07 KB	lrw-r--r--	2023-12-20 04:43:29	Edit Download recursive recursive
view.php	1.06 KB	lrw-r--r--	2023-12-20 04:43:06	Edit Download recursive recursive