X-Git-Url: http://git.archive.openwrt.org/?p=project%2Fluci.git;a=blobdiff_plain;f=modules%2Fluci-base%2Fluasrc%2Fhttp.lua;h=9cc9857867a430d00c67be669249685fa483daf2;hp=8795dfc4b27984059b1f697d0a9157795d49ea21;hb=4469c06e0a7d08a084c5e941c9879e51aa8b2b28;hpb=b130ca554f13e17c787a1c6fd09e67dd7727a4d3

diff --git a/modules/luci-base/luasrc/http.lua b/modules/luci-base/luasrc/http.lua
index 8795dfc4b..9cc985786 100644
--- a/modules/luci-base/luasrc/http.lua
+++ b/modules/luci-base/luasrc/http.lua
@@ -224,7 +224,15 @@ function write(content, src_err)
 				header("Cache-Control", "no-cache")
 				header("Expires", "0")
 			end
-
+			if not context.headers["x-frame-options"] then
+				header("X-Frame-Options", "SAMEORIGIN")
+			end
+			if not context.headers["x-xss-protection"] then
+				header("X-XSS-Protection", "1; mode=block")
+			end
+			if not context.headers["x-content-type-options"] then
+				header("X-Content-Type-Options", "nosniff")
+			end
 
 			context.eoh = true
 			coroutine.yield(3)