Hello,
I have a security red score on webpagetest.org as you can see here : WebPageTest Test Result - Paris - EC2 - Ch...mprunter-malin.com - 05/28/21 05:27:25.
In order to improve security, a developer has asked me to do the follwowing :
1- Enable HSTS in Apache
OR :
Add the following code to your virtual hosts file"
Header always set Strict-Transport-Security max-age=31536000
2- Add HTTP security header
HTTP Strict Transport Security (HSTS)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Feature-Policy
(HSTS)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Feature-Policy
And this brings me to 2 questions :
1- I couldn't find how to enable HSTS in Apache in the docs, is it possible from CPanel or WHM ?
2- In wich file exactly do I insert the HTTP security header ?
More generally, if anyone has any suggestion on how to improve security as per webpagetest.org, I will be glad to listen.
Thanks in advanced.
I have a security red score on webpagetest.org as you can see here : WebPageTest Test Result - Paris - EC2 - Ch...mprunter-malin.com - 05/28/21 05:27:25.
In order to improve security, a developer has asked me to do the follwowing :
1- Enable HSTS in Apache
OR :
Add the following code to your virtual hosts file"
Header always set Strict-Transport-Security max-age=31536000
2- Add HTTP security header
HTTP Strict Transport Security (HSTS)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Feature-Policy
(HSTS)
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Referrer-Policy
Feature-Policy
And this brings me to 2 questions :
1- I couldn't find how to enable HSTS in Apache in the docs, is it possible from CPanel or WHM ?
2- In wich file exactly do I insert the HTTP security header ?
More generally, if anyone has any suggestion on how to improve security as per webpagetest.org, I will be glad to listen.
Thanks in advanced.
Last edited by a moderator: