Common Apache PHP .htaccess Security Header Updates as of 2016-11-08
These are common .htaccess security header that should be applied to almost all websites.
This is useful for Apache/PHP combination.
Add the following in your .htaccess file:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=3600; includeSubdomains;"
Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
# You can modify the following to allow external (e.g. CDN) javascript
Header set X-Content-Security-Policy "allow 'self';"
# You can replace "PHP" with "-" to completely hide your PHP version
Header set X-Powered-By "PHP"
</IfModule>
Hope it helps someone.
This is useful for Apache/PHP combination.
Add the following in your .htaccess file:
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=3600; includeSubdomains;"
Header set X-Frame-Options SAMEORIGIN
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
# You can modify the following to allow external (e.g. CDN) javascript
Header set X-Content-Security-Policy "allow 'self';"
# You can replace "PHP" with "-" to completely hide your PHP version
Header set X-Powered-By "PHP"
</IfModule>
Hope it helps someone.
Comments