Server Signature invisible
Whatever technology you are using PHP, .Net, ASP etc you should not let to know other.Hide the Server Signature.
Open php.ini file.
expose_php = onto
expose_php = off
Add Following code in .htaccess
ServerSignature Off
XSS Protection header Enabled
Cross-site scripting (XSS) is a type of computer security vulnerability found in web applications. XSS enables attackers to inject client-side script into webpages.We can add Protection layer to XSS attack by adding this on header.
Add Following code in .htaccess
Header set X-XSS-Protection "1; mode=block"
Content Security Policy (CSP)
It is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting and data injection attacks.This header is designed to specify how content interacts with your website.
Add Following code in .htaccess
Header set X-Content-Security-Policy "allow 'self';"
X-Content-Type-Options
This header prevents "mime" based attacks. Add Following code in .htaccessHeader set X-Content-Type-Options "nosniff"
Protection From libwww-perl
LWP is a Perl modules that give Perl programming easy access to sending requests to the website. We can protect our website from thisAdd Following code in .htaccess
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* ? [F,L]
Always Use Https over http
An extra security layer because of SSL (Encryption, Data Integrity, Authentication ) X-Frame-Options
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame or iframe. Add Following code in .htaccessHeader set X-Frame-Options SAMEORIGIN
No comments:
Post a Comment