Discussion on "HSTS Header (Strict Transport Security) Explained"

Teo Selenius · 2021-03-06T11:40:06.530Z

Learn why HTTPS is not enough to protect your website from network attacks and how the HSTS header comes in to solve the problem. Let's begin! The original article can be found here: HSTS on AppSec Monkey. What is HSTS? HTTP Strict Transport Security...

Hey! It doesn't really matter how and where you set the header, as long as it is correctly returned to the web browser.

If you're using Apache, you can use mod_headers like so:

Header set Strict-Transport-Security "options"

httpd.apache.org/docs/current/mod/mod_headers.html

Not really related to HSTS, but since you are already using Apache then check out ModSecurity and the OWASP Core Ruleset as well, it will provide you a WAF (Web Application Firewall) capability to your Apache server and protect your PHP application from most obviously malicious input.

owasp.org/www-project-modsecurity-core-rule-set

Discussion

HSTS Header (Strict Transport Security) Explained

Responses(1)

Recent in Forum

Search Hashnode

HSTS Header (Strict Transport Security) Explained

Responses(1)

Recent in Forum