$badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:"); foreach($_POST as $k => $v){ foreach($badStrings as $v2){ if(strpos($v, $v2) !== false){ header("HTTP/1.0 403 Forbidden"); exit; } } } ?>