<ruby id="bdb3f"></ruby>

    <p id="bdb3f"><cite id="bdb3f"></cite></p>

      <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
        <p id="bdb3f"><cite id="bdb3f"></cite></p>

          <pre id="bdb3f"></pre>
          <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

          <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
          <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

          <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                <ruby id="bdb3f"></ruby>

                合規國際互聯網加速 OSASE為企業客戶提供高速穩定SD-WAN國際加速解決方案。 廣告
                >[primary]低危漏洞 常見的低危漏洞主要包括: HTTP X-Permitted-Cross-Domain-Policies 響應頭缺失 HTTP X-XSS-Protection 響應頭缺失 HTTP X-Download-Options 響應頭缺失 HTTP X-Content-Type-Options 響應頭缺失 HTTP Content-Security-Policy 響應頭缺失 HTTP Referer-Policy 響應頭缺失 服務器啟用了TRACE Method Cookie沒有設置secure屬性 缺少X-Frame-Options頭 HTTP Strict-Transport-Security 響應頭缺失 解決這類低危漏洞從服務器配置和代碼層面配置兩個方面入手: 1、服務器配置 (1)、修改httpd.conf ![](https://img.kancloud.cn/23/6d/236ddec15270c114b46c79b5644a78e1_712x221.png) (2)、修改conf/extra/httpd-vhosts.conf ![](https://img.kancloud.cn/62/cb/62cb87009aa1b81f40ea789f2d258470_864x640.png) 2、代碼層面 在入口文件中增加如下headers ~~~ //add cookie HttpOnly & secure settings ini_set("session.cookie_httponly", 1);//php 5.1 以前版本使用 header("Set-Cookie: hidden=value; httpOnly"); ini_set("session.cookie_secure", 0); //設置為true或者1時服務器只在https協議下接受cookie數據 //add safe headers header("Strict-Transport-Security: max-age=31536000; includeSubDomains"); header('X-Frame-Options:SAMEORIGIN'); header('Referer-Policy:origin'); header("Content-Security-Policy:object-src 'self'"); header('X-Permitted-Cross-Domain-Policies:master-only'); header('X-Content-Type-Options:nosniff'); header('X-XSS-Protection:1; mode=block'); header('X-Download-Options:noopen'); ~~~ [注意]:單一的在入口文件中增加header并不能完全解決問題,因為站點中可能存在純靜態的html資源,如果沒有在服務器上設置這些靜態資源在安全評測中仍然會暴雷。
                  <ruby id="bdb3f"></ruby>

                  <p id="bdb3f"><cite id="bdb3f"></cite></p>

                    <p id="bdb3f"><cite id="bdb3f"><th id="bdb3f"></th></cite></p><p id="bdb3f"></p>
                      <p id="bdb3f"><cite id="bdb3f"></cite></p>

                        <pre id="bdb3f"></pre>
                        <pre id="bdb3f"><del id="bdb3f"><thead id="bdb3f"></thead></del></pre>

                        <ruby id="bdb3f"><mark id="bdb3f"></mark></ruby><ruby id="bdb3f"></ruby>
                        <pre id="bdb3f"><pre id="bdb3f"><mark id="bdb3f"></mark></pre></pre><output id="bdb3f"></output><p id="bdb3f"></p><p id="bdb3f"></p>

                        <pre id="bdb3f"><del id="bdb3f"><progress id="bdb3f"></progress></del></pre>

                              <ruby id="bdb3f"></ruby>

                              哎呀哎呀视频在线观看