Security Headers.


A friend of mine was reading my blog and he called me to visit him to check his .htaccess file. I went to see him and after the tea, I decided to look into his .htaccess file. I noticed many things were right and well-constructed but a few very important things were missing there. I just needed to add a few security headers to make it safe. Let’s see what I had to add there.

I found the following things were not there in his .htaccess file.

  1. Protection against XSS attack.

  2. Protection against content-sniffing.

  3. Protection against clickjacking and page-framing.

So, I added these following things into his .htaccess file and I placed them all at the very top of the .htaccess file and then I saved the file. It was all done.

You could easily copy these lines from here and paste them into your .htaccess file. Please try to place it at the top of the file.

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options nosniff
Header always append X-Frame-Options "SAMEORIGIN"
</IfModule>

Now, I feel better telling you about this protection. All the best.

(Please see related posts below)

9 thoughts on “Security Headers.

  • March 16, 2019 at 4:58 am

    With thanks! Valuable information!

    Reply
    • March 16, 2019 at 3:21 pm

      Thank you and welcome “Dane Misiak”

      Reply
  • March 16, 2019 at 10:53 am

    I am not sure where you’re getting your info, but good topic. I needs to spend some time learning much more or understanding more. Thanks for fantastic information I was looking for this information for my mission.

    Reply
  • March 31, 2019 at 11:14 am

    Your web site has exceptional web content. I bookmarked the site

    Reply
    • March 31, 2019 at 12:52 pm

      Thank you, “Alberta”. You could subscribe to get notifications on new posts as well. All the best.

      Reply
  • June 26, 2019 at 10:42 pm

    “I appreciate you sharing this blog article.Thanks Again. Fantastic.”

    Reply
  • June 27, 2019 at 2:18 am

    Hi there would you mind stating which blog platform you’re working with? I’m planning to start my own blog soon but I’m having a hard time deciding between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your design and style seems different then most blogs and I’m looking for something completely unique. P.S My apologies for getting off-topic but I had to ask!

    Reply
    • July 1, 2019 at 8:05 pm

      Hello Freebies. I work with WordPress.org version. Others are good too. I used a free theme from the wordpress repository and I added/modified CSS,JS,PHP to customize this theme but before I created a child theme as a precaution. You could do better than this website as well. All the best.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *