I'd like to have the abiity to implement the following headers on NginX and Apache so I can convince my clients they can pass Header Security Test in conjunction with PCI/DSS. The following are recommendations.
addheader X-Frame-Options "SAMEORIGIN" always;
addheader X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Referrer-Policy: strict-origin-when-cross-origin22 votes
- Don't see your idea?