Introduction
Note: cPanel Software Support does not provide full assistance in coding this. If you are unaware on how to do this, you should contact directly with a qualified system administrator. The below information are for general purpose and we do not guaranteed it complete functionality.
Procedure
You could add the following code either using an Apache Include or .htaccess
To do it from Apache Include, the below articles might help:
How to use Apache includes to add configuration directives to a specific domain's virtualhost
Add the following coding into your Apache include:
<ifModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header always set X-Frame-Options "sameorigin"
</ifModule>
Afterwards, rebuild and restart Apache
To do it from .htaccess
1. Add the following coding into the .htaccess
<ifModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header always set X-Frame-Options "deny"
Header setifempty Referrer-Policy: same-origin
Header set X-XSS-Protection "1; mode=block"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"
Header set X-Content-Type-Options: nosniff
</ifModule>
Once completed, you can test by the following way:
curl -s --head -D- https://domainname.tld/ | egrep -i 'strict|location|powered|sameorigin|deny'
OR
read -p "Domain: " domain ; curl -s --head -D- https://${domain}/ | egrep -i 'strict|location|powered|sameorigin|deny'
You should get this back:
Strict-Transport-Security: max-age=31536000
Note: You will need to use suPHP as CGI will not be compatible.
Comments
0 comments
Article is closed for comments.