Those automated penetration testers tend to pick these up. They are probably worth putting in just in case. Be careful with the Strict-Transport-Security - read the docs first.
# prevent site being embedded in someone elses iframe Header always set X-Frame-Options SAMEORIGIN # supposedly aids XSS protection Header set X-XSS-Protection "1; mode=block" # this one is tricky, set the TTL to be one hour (3600) when you start as you can permanently cache the DNS Header set Strict-Transport-Security "max-age=31536000" env=HTTPS # secure cookies to HTTPS Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure # make charset utf-8 AddDefaultCharset utf-8 Header set X-Content-Type-Options: nosniff #disable indexing of folders Options -Indexes # disable access to another of these file extensions - globally <FilesMatch "(?i)\.(phar|log|psd|sh|bat|json|htaccess|conf|config|csv|env|project|iml|babelrc|webapp|lock|md|git|gitignore|gitattributes|buildpath|cache|unused|bak|sublime-project|sublime-workspace)$"> Deny from all #satisfy all </FilesMatch>
My personal list of links which I keep here publicly incase they help someone else one day.
Snippets of PHP code I have gathered over the years. I keep them here for my own repository but also to share with others. I always link back when I remember the source.
This site was originally intended as a test bed for code. It now includes my blog about business and powerlifting, as well as games for Spanish language learning