Photo Gallery Forums

is it possible to add a couple of php (apache) tags for additional security

e.g.

(1) Response headers do not include the HTTP X-XSS-Protection security header
adding: Header set X-XSS-Protection "1; mode=block" 

(2) Response headers do not include the HTTP X-Frame-Options security header
HTTP header with the values `DENY` or `SAMEORIGIN` to every page

You mean for the X3 website page? Or for the control panel? You can add them to your own .htaccess file, although I don't really see the point. See comments:

BigBobbyD wrote:(2) Response headers do not include the HTTP X-Frame-Options security header

The only thing this does, is block other websites from showing your website inside an <iframe>. It's not strictly security related.

BigBobbyD wrote:(1) Response headers do not include the HTTP X-XSS-Protection security header

This is only useful if you don't trust users that have access to your X3 control panel. Or if you have a "comments" section where unknown users can insert comments that contain <script> tags, but this is not a feature in X3.

As noted, you can add these into the .htaccess file, but they are pointless unless you are running other insecure apps on your website unrelated to X3.

Thanks for the quick response.  My webhosting site made these recommendations.  They said it wasn't imperative, only recommended.

Thanks again,

BigBobbyD wrote:Thanks for the quick response.  My webhosting site made these recommendations.  They said it wasn't imperative, only recommended.

Nothing wrong with staying secure, but these options don't really offer any additional security for X3. If you wanted to add them anyway, you could open the file /.htaccess in any text editor, and add this chunk of code at the top: