HTML and CSS Reference
In-Depth Information
IVDi CONi HIS OUR IND CNT\""
# </IfModule>
To the following code snippet:
<IfModule mod_headers.c>
Header set P3P "policyref=\"/w3c/p3p.xml\",
CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi
IVDi CONi HIS OUR IND CNT\""
</IfModule>
Note
Eric Law wrote about IE's cookie policies in detail, which makes for good reading
at blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-
ie-cookie-internals-faq.aspx .
PHP security defaults
If you are serving PHP, there are a lot of configuration options in the HTML5 Boil-
erplate's .htaccess file that could make your PHP installation more secure. If you
are using PHP, you can turn them on using the same procedure as the one outlined
in the section titled Suppress or force the "www."' at the beginning of URLs .
Given we aren't using PHP in our website, we do not need to turn them on.
Stop advertising Apache version
You can prevent Apache from advertising its version to mitigate chances of malicious
programmers exploiting vulnerabilities in a particular version. Here is how the
Apache version is advertised:
Search WWH ::




Custom Search