Common Apache PHP .htaccess Security Header Updates as of 2016-11-08

These are common .htaccess security header that should be applied to almost all websites.

This is useful for Apache/PHP combination.

Add the following in your .htaccess file:

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=3600; includeSubdomains;"
  Header set X-Frame-Options SAMEORIGIN
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Content-Type-Options "nosniff"

        # You can modify the following to allow external (e.g. CDN) javascript
  Header set X-Content-Security-Policy "allow 'self';"

        # You can replace "PHP" with "-" to completely hide your PHP version
  Header set X-Powered-By "PHP"

Hope it helps someone.


Popular posts from this blog

TCPDF How to show/display Chinese Character?

Using wget bypass htaccess username password 401 authorization

Wordpress Load balancing: 2 web servers 1 MySQL without any Cloud services