DEV Community

Cover image for PHP security
Eko Priyanto
Eko Priyanto

Posted on • Edited on

PHP security

php security header



// Essential security headers
header("Content-Security-Policy: default-src 'self'");
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
header("Strict-Transport-Security: max-age=31536000; includeSubDomains");


Enter fullscreen mode Exit fullscreen mode

Improper session handling can lead to security vulnerabilities.

essential cooie setting


// Essential session security settings
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_secure', 1);
session_start([
    'cookie_lifetime' => 0,
    'cookie_samesite' => 'Lax'
]);


Enter fullscreen mode Exit fullscreen mode

Top comments (0)

AWS GenAI LIVE!

GenAI LIVE! is a dynamic live-streamed show exploring how AWS and our partners are helping organizations unlock real value with generative AI.

Tune in to the full event

DEV is partnering to bring live events to the community. Join us or dismiss this billboard if you're not interested. ❤️