set some security flags recommended by the Mozilla Observatory

[authserver.git] / api.php

diff --git a/api.php b/api.php
index b3096d16518c4493402c7cd52899f36932c48dff..f51f20198eda8c59c146e24d858c8e50e777a192 100644 (file)
--- a/api.php
+++ b/api.php
@@ -11,6 +11,7 @@
 require_once(__DIR__.'/authsystem.inc.php');
 
 $errors = $utils->checkForSecureConnection();
+$utils->sendSecurityHeaders();
 
 if (!count($errors)) {
   // Handle a request to a resource and authenticate the access token