Would you like to learn how to enable HTTPONLY and SECURE flags on the Apache server? In this tutorial, we are going to show you how to protect your website Cookies by adding the HTTPONLY and SECURE headers on the apache server.
• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• Apache 2.4.41
In our example, the Apache server is hosting the website WWW.GAMEKING.TIPS
Copyright © 2018-2021 by Techexpert.tips.
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means without the prior written permission of the publisher.
Equipment list
The following section presents the list of equipment used to create this tutorial.
As an Amazon Associate, I earn from qualifying purchases.
Apache - Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Apache.
Tutorial Apache - Enable the HttpOnly and Secure flag
Install the Apache server.
Enable the required Apache modules.
Edit the Apache configuration file for the website.
If your website supports only HTTP, Add the following lines at the end of the file.
If your website supports only HTTPS, Add the following lines at the end of the file.
Restart the Apache service.
The HTTPONLY flag increases the COOKIE's protection, by not allowing access through client-side scripts.
The SECURE flag increases the security even further, by allowing only COOKIE requests through an HTTPS connection.
Create a PHP file to test the HTTPONLY configuration.
Here is the file content.
This test requires that your Apache server supports PHP.
From a remote Linux computer, try to access this page.
Here is the command output with the flag HTTPONLY enabled.
Here is the command output with the flags HTTPONLY and SECURE enabled.
Congratulations! You are able to enable the flags HTTPONLY and SECURE on the Apache server.
