Add headers to the http response

I want to add some additional headers/ header fields to my http response header. There should be these additions lines in my response when someone gets to any of my pages:

Content-Security-Policy: default-src 'self'; font-src 'self' https://fonts.googleapis.com
X-Content-Type-Options: nosniff

Does anyone know how I can achieve this?
Using mod_headers in my .htaccess does not work, because php files are ignored.
Simply calling the php-function header("my header text") has also not worked. I added them in my first snippet right before the beginning of all the html stuff.

I´m using apache and php 5.6 on uberspace. Thank you.

EDIT: It works fine on my local machine, but not on the server. I currently don´t know why.

The problem is, that I use caching in to production environment! And a cached site does not execute any functions any more.

How can I utilize the c::set('headers',array()); found in the cheat sheet option without having to add all of my templates?

Unfortunately you can’t (yet). That would require some kind of wildcard template definition (like a key of *, of which all headers will be applied to every template additionally to the specific headers).
The relevant code is in page.php. It would be awesome if you could open a PR on GitHub for that feature (using array merging for example).

1 Like

I would take a look in the next few days.

Because I´m trying to implement some of the security options mentions in https://httpsecurityreport.com I will try to solve this topic http://forum.getkirby.com/t/more-secure-php-session-cookie/1828 too.

Update:
The code is ready to be pulled: kirby/pull/294
And there is an corresponding docs update as well, linked to the pull request.