Most of the current Application has a web server as first origin of the request .It is very important to secure the site using headers to prevent the site from being compromised with middleman .

We would like to give some of the important Http headers that can be configured in web server to secure the system

<IfModule mod_headers.c>
	Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
	Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
        Header always append X-Frame-Options: SAMEORIGIN
     	Header set Server "my web server"
	Header set X-XSS-Protection: "1; mode=block"
	Header set Strict-Transport-Security "max-age=63072000; includeSubDomains"
        Header set X-Content-Type-Options nosniff
        Header set Cache-Control "no-cache, no-store"
        Header set Pragma "no-cache"
        Header set Expires 0
        Header set Access-Control-Allow-Origin "*"
        Header always unset "X-Powered-By"
        Header unset "X-Powered-By"
        RequestHeader unset Host
        RequestHeader append Host
	RequestHeader unset Host
        Header set Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self';"

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *