Sucuri recommended headers

[clawduda]

Hello

Sucuri recommends the following headers to be added either directly or in htaccess: http://s14.postimg.org/ex0ovn0wx/sucuri_recommended_headers.png

As I am using your plugin ( excelent btw ! thanks ) I was thinking of adding this as custom code However, I would like to know what you think. It is necessary ? Will it interfere with any of your codes ?

Update, to be more exact this is the additional code for the 3 headers :

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
</IfModule>

<IfModule mod_headers.c>
Header always append X-Frame-Options SAMEORIGIN
</IfModule>

<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>

I trust you guys. What I always liked about you is that you know what you are talking about and you talk in technical terms not “sales” terms 🙂 So, your input will be greatly appreciated

Thanks in advance
Claudiu

[AITpro Admin]

For this code: Header set X-XSS-Protection "1; mode=block" see below.  “…The filter is already built into most recent browsers…”, but it probably is a good thing to add anyway.

OWASP List of useful HTTP headers

This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It’s usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user. This header is supported in IE 8+, and in Chrome (not sure which versions). The anti-XSS filter was added in Chrome 4. Its unknown if that version honored this header.

For the other sections of code you can combine them into 1 block of code.  See either one of these Bonus Custom Code forum topic links below for the combined Bonus Custom Code and how to add the Bonus Custom Code to BPS Custom Code:

External iFrame and Clickjacking Protection
Mime Sniffing and Drive-by Download Attack Protection

[Author]

Posts