'nosniff', 'X-Frame-Options' => 'DENY', 'X-XSS-Protection' => '1; mode=block', 'Content-Security-Policy' => 'default-src \'none\'', 'Access-Control-Allow-Origin' => null, // Will check if exists 'Access-Control-Allow-Methods' => null, // Will check if exists 'Access-Control-Allow-Headers' => null, // Will check if exists 'Strict-Transport-Security' => null // Will check if exists ]; // Check each expected header echo "Security Headers Test Results:\n"; echo "==============================\n\n"; foreach ($expectedHeaders as $header => $expectedValue) { if (isset($headers[$header])) { if ($expectedValue === null) { echo "✅ {$header} is present: {$headers[$header]}\n"; } elseif ($headers[$header] === $expectedValue) { echo "✅ {$header} has correct value: {$headers[$header]}\n"; } else { echo "❌ {$header} has incorrect value. Expected: {$expectedValue}, Got: {$headers[$header]}\n"; } } else { echo "❌ {$header} is missing\n"; } } // Check for HTTPS $isHttps = strpos($url, 'https://') === 0; echo $isHttps ? "\n✅ HTTPS is enabled\n" : "\n❌ HTTPS is not enabled - Security headers may not be effective!\n"; curl_close($ch); } // Usage testSecurityHeaders('https://dev.veliti.nl/api.php');