Most of the current Application has a web server as first origin of the request .It is very important to secure the site using headers to prevent the site from being compromised with middleman .
We would like to give some of the important Http headers that can be configured in web server to secure the system
<IfModule mod_headers.c>
Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; secure"
Header always append X-Frame-Options: SAMEORIGIN
Header set Server "my web server"
Header set X-XSS-Protection: "1; mode=block"
Header set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header set X-Content-Type-Options nosniff
Header set Cache-Control "no-cache, no-store"
Header set Pragma "no-cache"
Header set Expires 0
Header set Access-Control-Allow-Origin "*"
Header always unset "X-Powered-By"
Header unset "X-Powered-By"
RequestHeader unset Host
RequestHeader append Host app.com
RequestHeader unset Host
Header set Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self';"
</IfModule>
No comments:
Post a Comment