<?php
class XFO{
        const DENY       = 'DENY';
        const SAMEORIGIN = 'SAMEORIGIN';
        const ALLOWFROM  = 'ALLOW-FROM';
 
        public static $allowFrom = array();
 
        public static function enable($policy = self::SAMEORIGIN) {
            $header = 'X-FRAME-OPTIONS: '. $policy;
 
            if($policy === self::ALLOWFROM) {
                $header .= ' '.join(', ', self::$allowFrom);
            }
 
            header($header);
        }
    }

PD9waHAKY2xhc3MgWEZPewogICAgICAgIGNvbnN0IERFTlkgICAgICAgPSAnREVOWSc7CiAgICAgICAgY29uc3QgU0FNRU9SSUdJTiA9ICdTQU1FT1JJR0lOJzsKICAgICAgICBjb25zdCBBTExPV0ZST00gID0gJ0FMTE9XLUZST00nOwoKICAgICAgICBwdWJsaWMgc3RhdGljICRhbGxvd0Zyb20gPSBhcnJheSgpOwoKICAgICAgICBwdWJsaWMgc3RhdGljIGZ1bmN0aW9uIGVuYWJsZSgkcG9saWN5ID0gc2VsZjo6U0FNRU9SSUdJTikgewogICAgICAgICAgICAkaGVhZGVyID0gJ1gtRlJBTUUtT1BUSU9OUzogJy4gJHBvbGljeTsKCiAgICAgICAgICAgIGlmKCRwb2xpY3kgPT09IHNlbGY6OkFMTE9XRlJPTSkgewogICAgICAgICAgICAgICAgJGhlYWRlciAuPSAnICcuam9pbignLCAnLCBzZWxmOjokYWxsb3dGcm9tKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaGVhZGVyKCRoZWFkZXIpOwogICAgICAgIH0KICAgIH0=