on(Application::EVENT_BEFORE_REQUEST, function () { if (is_a(Yii::$app, 'yii\web\Application')) { $headers = Yii::$app->response->headers; $headerPolicy = [ new XPoweredBy($this->xPoweredBy), new XFrameOptions($this->xFrameOptions), new XContentTypeOptions($this->contentTypeOptions), new StrictTransportSecurity($this->strictTransportSecurity), new ReferrerPolicy($this->referrerPolicy), new XssProtection($this->xssProtection, $this->reportUri), new \common\components\SecureHeaders\ContentSecurityPolicy($this->cspDirectives, [ 'requireSriForScript' => $this->requireSriForScript, 'requireSriForStyle' => $this->requireSriForStyle, 'blockAllMixedContent' => $this->blockAllMixedContent, 'upgradeInsecureRequests' => $this->upgradeInsecureRequests, ], $this->reportUri) ]; foreach ($headerPolicy as $policy) { if ($policy->isValid()) { $headers->set($policy->getName(), $policy->getValue()); } } } }); } }