Ecommerce software home
Shopping Cart Software Forum for Ecommerce Templates
 
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

Find us on Facebook Follow us on Twitter View our YouTube channel
Search our site
Forum Search
Google Site Search
Buy now for ...
How it works
General help
 All Forums
 Technical
 PHP (Unix / Linux / Apache) versions
 Increase site security via htaccess
Author « Topic »  

V45
Advanced Member

United Kingdom
416 Posts

Pre-sales questions only
(More Details...)

Posted - 03/08/2019 :  18:31:04  
[red]Firstly a word of caution for WordPress users[/red]

It's been reported that the following line may cause the Theme Customizer site preview to go blank/not work.

Header always append X-Frame-Options SAMEORIGIN

So to avoid any possible issue in a WordPress site, it is safe to comment out the above line in the previous "Extra Security Headers" code example. The site will not be as secure, but certainly won't hurt anything by excluding it. Understand that probably a vast majority of websites have not yet implemented any of these security headers and they're all doing just fine. It's about adding layers of protection.

Add the following lines to .htaccess for extra layer of site security. This is the combined code required.

[blue]# Extra Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
</IfModule>[/blue]

The following are the singular lines with explanations of exactly what they achieve.

Protecting against XSS (cross site scripting) attacks

First off, add an X-Security Header to help protect against XSS. To do so, add the following directive to your site's root .htaccess file:

# X-XSS-Protection
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>

No modifications are required, simply copy/paste and done. This code works by adding the X-XSS-Protection header to your server responses. Most modern web browsers understand this header and will use it to help protect your site against cross-site scripting attacks.

Protect against page-framing and click-jacking

Next, we want to add an X-Security Header to help protect against page-framing and clickjacking. To do so, add the following directive to your site's root .htaccess file:

# X-Frame-Options
<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
</IfModule>

No modifications are required, simply copy/paste and done. This code works by adding the X-Frame-Options header to your server responses. Most modern web browsers understand this header and will use it to ensure that your page can be displayed in a frame only if the frame is on the same domain.

Protect against content-sniffing

Last but not least, we want to add an X-Security Header to help protect against content-sniffing. To do so, add the following directive to your site's root .htaccess file:

# X-Content-Type nosniff
<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>

This code above works by adding the X-Content-Type-Options header to your server responses. Most modern web browsers understand this header and will use it to ensure proper MIME types for all loaded resources (e.g., CSS, JavaScript, fonts, images, video, et al).

Will - Bolton Manchester UK
  « Topic »  
Jump To:
Shopping Cart Software Forum for Ecommerce Templates © 2002-2022 ecommercetemplates.com
This page was generated in 0.02 seconds. Snitz Forums 2000