Skip to content
Commit f418e811 authored by JOduMonT's avatar JOduMonT Committed by Pierre Ozoux
Browse files

hardening SSL + HEADER (#10)

* hardening SSL + HEADER

+ global option == no-sslv3 no-tls-tickets force-tlsv12
- CAMELIA CIPHER == on the way to be NIST & HIPAA Compliant
+ redirect only if not already SSL

+ Hardening HEADER with:
++ X-Frame-Options:\ SAMEORIGIN # OR DENY is another option
++ X-XSS-Protection
++ X-Content-Type-Options == nosniff
++ Referrer-Policy == no-referrer-when-downgrade

which bring the security headers grade from E to B
tested with https://securityheaders.io

NOTE:
Public-Key-Pins is more or less a DEAD project (https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead)
Content-Security-Policy is tricky to make it GENERAL

* i forget the if
parent 017be687
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment