Enable Security HTTP Headers

Nirjonadda · Jan 24, 2018

We want Enable Security HTTP Headers. Does correct location is "Pre Main Include" or "Pre VirtualHost Include" section in "WHM >> Home >> Service Configuration >> Apache Configuration" ?

Does this correct rules for Apache Configuration?

Code:

# Enable Support Forward Secrecy
SSLHonorCipherOrder On
SSLProtocol all -SSLv2 -SSLv3

# Security header Enable HSTS
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

# Turn on IE8-IE9 XSS prevention tools X-XSS
Header always set X-XSS-Protection "1; mode=block"

# Referrer-Policy
Header always set Referrer-Policy "no-referrer-when-downgrade"

# X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"

cPanelMichael · Jan 25, 2018

Hello,

There's a thread on this topic at:

SOLVED - Auto Force TLS

Let us know if this helps.
https://documentation.cpanel.net/display/EA4/Modify+Apache+Virtual+Hosts+with+Include+Files
Thank you.

Thread starter	Similar threads	Forum	Replies	Date
	Security items displayed in cPanel for use who is not enabled for them	Security	5	May 4, 2020
W	How to force enable modsecurity for all User	Security	6	May 15, 2019
M	Security Warning: Enable “Jail Apache” in the “Tweak Settings” ?	Security	3	Dec 19, 2013
M	Security implicatons Ldap enabled on cpanel	Security	0	May 13, 2013
M	Is Mod_security enabled?	Security	3	Feb 9, 2013

Search

Search

Enable Security HTTP Headers

Nirjonadda

Well-Known Member

cPanelMichael

Administrator