1. Set headers on Hosting
On the web server control panel,
- Got to the website
- Then Hosting & DNS tab
- Apache & nginx Settings
Add the following to "Additional directives for HTTP" and "Additional directives for HTTPS"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options "nosniff"
Header always set Cache-control "no-store, Pragma: no-cache"
Header always set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"
Header unset X-Powered-By
Add the following to "Additional nginx directives"
proxy_hide_header X-Powered-By;
Click "Apply"
2. Set headers on php
On the web server control panel,
- Got to the website
- Dashboard tab
- PHP Settings
Add the following to "Additional configuration directives"
expose_php=off
Click "Apply"