346
votes
Allow disabling of directory listing on Apache servers via .htaccess
Disable directory listing on Apache servers via .htaccess; per Securi recommendation
40
votes
Security headers via PHP
For server configurations without (editable) .htaccess file, inserting Security Headers via PHP can be a viable solution.
12
votes
Allow CSP report-uri while enforcing existing CSP to catch new violations that should be added
Allow CSP report-uri to work while enforcing an existing CSP. This way one can constantly review new violations to allow items that should otherwise be allowed.
2
votes
5.2.3 Cross-Origin-Resource-Policy header
Cross-Origin Resource Policy allows a resource owner to specify who can load the resource.
1
vote