php security header
// Essential security headers
header("Content-Security-Policy: default-src 'self'");
header("X-Frame-Options: SAMEORIGIN");
header("X-Content-Type-Options: nosniff");
header("Strict-Transport-Security: max-age=31536000; includeSubDomains");
Improper session handling can lead to security vulnerabilities.
essential cooie setting
// Essential session security settings
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_secure', 1);
session_start([
'cookie_lifetime' => 0,
'cookie_samesite' => 'Lax'
]);
Top comments (0)