PHP 7.1 - Adding security and Smarty Update

Filed under PHP 7.1

February 2017

Fixing a OWASP warning by adding a few lines to the defaults.php.


// OWASP - Browser Cache - How can the browser cache be used in attacks?
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
// End of send header

And next step updating the in Flatpress included Smarty Template Engine Version to get a bit more security.

Interesting Links

» Github - Smarty Template Engine project
» OWASP - Browser Cache - How can the browser cache be used in attacks?
» Stack Overflow - How to prevent Browser cache for php site

Add comment

Fill out the form below to add your own comments


Top of Page