CSRF issue:
REQUEST: " . $req . "
SESSION: " . xssClean($_SESSION["csrf"], "html") . "
FILE: " . xssClean($_SERVER["SCRIPT_NAME"], "html") . "
GET: " . xssClean(var_export($_GET, true), "html") . "
POST: " . xssClean(var_export($_POST, true), "html")); } if (!headers_sent()) { // Set our security related headers header("X-Frame-Options: SAMEORIGIN"); // Only frames of same origin header("X-XSS-Protection: 1; mode=block"); // Turn on IE8-9 XSS prevention tools // header("X-Content-Security-Policy: allow 'self'"); // Only allows JS on same domain & not inline to run header("X-Content-Type-Options: nosniff"); // Prevent MIME based attacks header('Cache-Control: no-cache, no-store, must-revalidate'); // Caching over HTTP 1.1 covered header('Pragma: no-cache'); // Caching over HTTP 1.0 covered header('Expires: 0'); // Caching over Proxies covered }