This class can generate CSP headers to prevent security attacks.
It can check the type of browser accessing the site and generate HTTP response headers according to configuration parameters that can help preventing security attacks like cross-site scripting.
Currently it can set the URL to report CSP violations, the XSS reflected policy directive, the allowed source URLs for images, CSS styles, JavaScript code, plugins, media, font, frame and object tags.
Depending on the browser it can generate the headers Content-Security-Policy, Content-Security-Policy-Report-Only, X-Content-Security-Policy-Report-Only, X-Content-Security-Policy, X-WebKit-CSP-Report-Only, X-WebKit-CSP, X-Frame-Options, and X-XSS-Protection. |