- [ ] Use HTTPS browsing to prevent MITM attacks - [ ] Generate an SSL certificate - [ ] Protect forms against automated attacks - [ ] Protect password reset form against email spamming - [ ] Create dedicated error pages to hide technical details - [ ] Add `Secure` attribute to session cookies - [ ] Secure image url input to prevent XSS, phishing and malicious file upload - [ ] Restrict ping and scan to your own monitoring engines
Secureattribute to session cookies