A friend of mine was reading my blog and he called me to visit him to check his .htaccess file. I went to see him and after the tea, I decided to look into his .htaccess file. I noticed many things were right and well-constructed but a few very important things were missing there. I just needed to add a few security headers to make it safe. Let’s see what I had to add there.
I found the following things were not there in his .htaccess file.
- Protection against XSS attack.
- Protection against content-sniffing.
- Protection against clickjacking and page-framing.
So, I added these following things into his .htaccess file and I placed them all at the very top of the .htaccess file and then I saved the file. It was all done.
You could easily copy these lines from here and paste them into your .htaccess file. Please try to place it at the top of the file.
<IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff Header always append X-Frame-Options "SAMEORIGIN" </IfModule>
Now, I feel better telling you about this protection. All the best.