Author: John

All Website HTTP Security Headers
To Protect Website Against Vulnerability Attack, Hacker Attack, Virus Attack

HTTP Security Headers Checker Tool – Security Headers Response

Magento 2.x Differentiate Between Factory and Repository

Posted on August 5, 2021May 3, 2022 by John

	Factory	Repository
1	The factory pattern deals with how an object is created	The repository pattern deals with creating a set of data access services, It is CRUD methods
2	Factory Model having very limited data	Repository Model having all data
3	For saving model, never recommended Factory	For saving model, always recommended Repository
4	If creating Objects and fill those objects with data need to use a Factory	If creating objects and fill those objects with database data need to use a Repository

HTACCESS mod_expires Module

Posted on August 4, 2021August 4, 2021 by John

When user browsing a website, the website’s contents will cache in your browser. This cache can be controlled by using to configure Cache-Control HTTP headers for your website, This is done by adding mod_expires in the .htaccess file of your server.

If you don’t use Cache-Control HTTP headers, then, you will have a longer wait times when browsing your website. Each time your website is accessed without Cache-Control, your website has to make a request to the server for each content as image, html file, jquery file, javascript file, CSS file, and so forth to load.

HTACCESS mod_expires Module instructs Apache to generate Expires and Cache-Control HTTP response headers for the specified content types. Web browsers parse these HTTP response headers to determine how long to cache content on the client’s machine browser.

Magento 2.x CLI Command To Enable Query Logs

Posted on August 3, 2021May 3, 2022 by John

There are following below command to enable Query Logs

php bin/magento dev:query-log:enable
php bin/magento cache:flush

After running above CLI Command, you should be able to see the log file at var/debug/db.log

How to add Feature-Policy Security Header

Posted on July 30, 2021January 19, 2022 by John

There are following below methods to add Feature-Policy Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set Feature-Policy "geolocation 'self'; vibrate 'none'";



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set Feature-Policy "geolocation 'self'; vibrate 'none'"



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
<IfModule mod_headers.c>

Syntax: Feature-Policy: <directive> <allow-list>

There are following below things, according, website need, can enable/disable Feature-Policy


• Directive: This header accepts 2 directive but on directive can redirect with other directives, as mentioned and described below:

• <directive>: It corresponds to the instructions on how we can use different features and API’s. 

• <allow-list>: It is a list indicating that how the browser feature can be used. 

• <directive>: This directive can redirect to any of the following directive:
•
• accelerometer: Used to get information about acceleration of device

• ambient-light-sensor: Used to get information whether there is enough light in surroundings

• autoplay: Used to control media autoplay settings. Mostly used with audio and video elements

• battery: Used to get the status of battery using Battery Status API

• camera: Used to control video input via a camera of device

• display-capture: Captures screen contents through a screenshot

• document-domain: Used to control the current document’s document domain by setting it or unsetting it

• encrypted-media: Used to control Encrypted Media Extension API (EME)

• fullscreen : Used to control full screen access

• geolocation: Used to show location of user on a map by using geolocation API

• gyroscope: Used to get information about orientation of device accessing gyroscope of device

• layout-animations: Used to show layout animations and transitions

• legacy-image-formats: Displays image in legacy format

• magnetometer: Used to get information about magnetic orientation of device

• microphone: Used for audio input through device’s microphone

• midi: Used to access Web MIDI API

• oversized-images: Used in displaying and downloading large over-sized images

• payment: Controls all payment related activity by using Payment Request API

• picture-in-picture: Allows a video to play in Picture-in-Picture mode

• public key-credentials-get: Uses Web Authentication API and retrieves public-key credentials

• sync-xhr: Used in making synchronous XMLHTTPRequest

• usb: Controls WebUSB API for USB Media access

• wake-lock: Informs the device to not enter power-saving mode by using Wake Lock API

• xr-spatial-tracking: Used to interact with WebXR session by making use of WebXR Device API

HTTP Security Headers Checker Tool

HTTP Security Headers Checker Tool – Security Headers Response

How to add X-Content-Type-Options Security Header

Posted on July 30, 2021January 19, 2022 by John

There are following below methods to add X-Content-Type-Options Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set X-Content-Type-Options "nosniff" always;



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set X-Content-Type-Options "nosniff" always



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff" always;
<IfModule mod_headers.c>

HTTP Security Headers Checker Tool

How to add Expect-CT Security Header

How to add X-Frame-Options Security Header

How to add X-XSS-Protection Security Header

How to add HTTP Strict Transport Security (HSTS)

How to add Referrer Policy Security Header

Referrer Policy Header Security

HTTP Security Headers Checker Tool

Other Important HTTP Security Headers

HTTP Security Headers Checker Tool – Security Headers Response

How to add Expect-CT Security Header

Posted on July 30, 2021January 19, 2022 by John

There are following below methods to add Expect-CT Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set Expect-CT: max-age=604800, enforce, report-uri="https://www.example.com/report";



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set Expect-CT: max-age=604800, enforce, report-uri="https://www.example.com/report"



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set Expect-CT: max-age=604800, enforce, report-uri="https://www.example.com/report"
<IfModule mod_headers.c>

Note:: Instead of https://www.example.com, Please use your own URL

HTTP Security Headers Checker Tool

Other Important HTTP Security Headers

HTTP Security Headers Checker Tool – Security Headers Response

How to add X-Frame-Options Security Header

Posted on July 30, 2021January 19, 2022 by John

There are following below methods to add X-Frame-Options Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set X-Frame-Options "sameorigin";



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set X-Frame-Options "sameorigin"



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set X-Frame-Options "sameorigin"
<IfModule mod_headers.c>

HTTP Security Headers Checker Tool

Other Important HTTP Security Headers

HTTP Security Headers Checker Tool – Security Headers Response

How to add X-XSS-Protection Security Header

Posted on July 30, 2021January 19, 2022 by John

There are following below methods to add X-XSS-Protection Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set X-XSS-Protection "1; mode=block";



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set X-XSS-Protection "1; mode=block"



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block" 
<IfModule mod_headers.c>

HTTP Security Headers Checker Tool

Other Important HTTP Security Headers

HTTP Security Headers Checker Tool – Security Headers Response

How to add HTTP Strict Transport Security (HSTS)

Posted on July 29, 2021January 19, 2022 by John

There are following below methods to add HTTP Strict Transport Security Header in Apache or NGINX or .HTACCESS

[1] How to add in Nginx configuration file

There are following code need to add in Nginx configuration file

add_header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";



[2] How to add in Apache configuration file

There are following code need to add in Apache configuration file

header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"



[3] How to add in .htaccess file

There are following code need to add in .htaccess configuration file

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" 
<IfModule mod_headers.c>

HTTP Security Headers Checker Tool

Other Important HTTP Security Headers

HTTP Security Headers Checker Tool – Security Headers Response