HTTP headers security improvement - securityheaders.io

[ywarnier]

Current behavior / Resultado actual / Résultat actuel

At the moment Chamilo 1.11.x show very bad results in terms of HTTP headers security here https://securityheaders.io/?q=https%3A%2F%2F1.11.chamilo.org%2F&followRedirects=on
These headers are sometimes blocking some advanced features, so they should be optional. Nevertheless, they should be available for the administrator to configure.

Expected behavior / Resultado esperado / Résultat attendu

Have configuration.php settings (disabled by default to avoid changing existing behaviour) to enable those headers, with documented examples.
In future versions, these settings should go to the "Security" tab of the settings_current page

Chamilo Version / Versión de Chamilo / Version de Chamilo

1.11.x

[ywarnier]

Refs @jwarnier

[ywarnier]

Improved results at https://securityheaders.io/?q=https%3A%2F%2F1.11.chamilo.org%2F&followRedirects=on
There still some possible improvement, but it would generate issues with content loading.
https://campus.chamilo.org will have to be upgraded to 1.11 first.

[ywarnier]

Adding @ScottHelme as reference just in case