Hello, i ran my phpbb website through this
https://pentest-tools.com/website-vulne ... te-scanner
There were a few things it recommended.
1. It recomnmended changing the name of the cookie and also pointing it to .example.com (notice the beginning dot)
1a. i need to add this also but do not know where to place it in the phpbb files2. We recommend setting the X-Content-Type-Options header
2a. also do not know where to place that command in phpbb
3. Response headers do not include the Referrer-Policy HTTP security
header as well as the <meta> tag with name 'referrer' is not present in
the response.
3a. The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The valueof this header instructs the browser to omit the Referer header entirely.
3b. Where do i put that code in phpbb?
4. Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.
4a. How do do that in phpbb?
5. Security.txt file is missing
5a How to add one in phpbb. ?
Thank youi![:)]( "Smile")
https://pentest-tools.com/website-vulne ... te-scanner
There were a few things it recommended.
1. It recomnmended changing the name of the cookie and also pointing it to .example.com (notice the beginning dot)
1a. i need to add this also but do not know where to place it in the phpbb files
Code:
ini_set('session.cookie_httponly', '1'); 2a. also do not know where to place that command in phpbb
Code:
X-Content-Type-Options: nosniff 3. Response headers do not include the Referrer-Policy HTTP security
header as well as the <meta> tag with name 'referrer' is not present in
the response.
3a. The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value
Code:
no-referrer 3b. Where do i put that code in phpbb?
4. Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.
4a. How do do that in phpbb?
5. Security.txt file is missing
5a How to add one in phpbb. ?
Thank youi
Statistics: Posted by durangod — Fri Jul 26, 2024 9:05 pm