header('X-Content-Type-Options: nosniff'); ?> header("Content-Security-Policy: frame-ancestors 'self'"); ?> header('X-Frame-Options: SAMEORIGIN'); ?>