Web server security configuration

1. Cryptographic hardware for encryption and key storage
   
2. Configure WebSEAL to support only Suite B ciphers
   
3. Configure NIST SP800-131A compliance
   
4. Prevention of vulnerability caused by cross-site scripting
   
5. Prevention of Cross-site Request Forgery (CSRF) attacks
   
6. Suppression of WebSEAL and back-end server identity
   
7. Disable HTTP methods
   
8. Platform for Privacy Preferences (P3P)
   

Parent topic: Configuration