public function onKernelResponse(FilterResponseEvent $event)
{
$headers = ['X-Frame-Options' => 'deny', 'X-XSS-Protection' => '1; mode=block', 'X-Content-Type-Options' => 'nosniff'];
foreach ($headers as $header => $value) {
if (!$event->getResponse()->headers->has($header)) {
$event->getResponse()->headers->set($header, $value);
}
}
}