Security Header Middleware
The SecurityHeaderMiddleware layer allows you to apply security related headers to your application. Once setup the middleware can apply the following headers to responses:
X-Content-Type-OptionsX-Download-OptionsX-Frame-OptionsReferrer-PolicyPermissions-Policy
This middleware is configured using a fluent interface before it is applied to your application's middleware stack:
php
use Cake\Http\Middleware\SecurityHeadersMiddleware;
$securityHeaders = new SecurityHeadersMiddleware();
$securityHeaders
->setReferrerPolicy()
->setXFrameOptions()
->noOpen()
->noSniff();
$middlewareQueue->add($securityHeaders);Here's a list of common HTTP headers, and the Mozilla recommended settings for securing web applications.