-
* hardening SSL + HEADER + global option == no-sslv3 no-tls-tickets force-tlsv12 - CAMELIA CIPHER == on the way to be NIST & HIPAA Compliant + redirect only if not already SSL + Hardening HEADER with: ++ X-Frame-Options:\ SAMEORIGIN # OR DENY is another option ++ X-XSS-Protection ++ X-Content-Type-Options == nosniff ++ Referrer-Policy == no-referrer-when-downgrade which bring the security headers grade from E to B tested with https://securityheaders.io NOTE: Public-Key-Pins is more or less a DEAD project (https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead) Content-Security-Policy is tricky to make it GENERAL * i forget the if
f418e811
