https://pentest-tools.com/website-vulne ... te-scanner
There were a few things it recommended.
1. It recomnmended changing the name of the cookie and also pointing it to .example.com (notice the beginning dot)
1a. i need to add this also but do not know where to place it in the phpbb files
Code: Select all
ini_set('session.cookie_httponly', '1');
2a. also do not know where to place that command in phpbb
Code: Select all
X-Content-Type-Options: nosniff
3. Response headers do not include the Referrer-Policy HTTP security
header as well as the <meta> tag with name 'referrer' is not present in
the response.
3a. The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value
Code: Select all
no-referrer
3b. Where do i put that code in phpbb?
4. Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.
4a. How do do that in phpbb?
5. Security.txt file is missing
5a How to add one in phpbb. ?
Thank youi
