Table of Contents Table of Contents Title and Copyright Information Preface Audience Documentation Accessibility Diversity and Inclusion Related Documents Conventions 1 Introduction to Oracle HTTP Server Security 2 Configuring SSL and TLS Security Configuring Protocols and Ciphers Using Server Certificates Using Strong Keys Protecting the Keys Using Strong Cryptographic Hashing Algorithms Using a Certificate That Supports the Required Domain Name Using a CA Signed Certificate Using Location Directive to Secure URIs Enabling Perfect Forward Secrecy on Oracle HTTP Server 3 Configurations for Enhanced Security Mitigate XSS Attacks Content Security Policy X-XSS-Protection HttpOnly HTTP Strict Transport Security Header Referrer-Policy X-Frame-Options Header to Mitigate Clickjacking Attempts X-Content-Type-Options ServerSignature ServerTokens Secure Flag for Cookies SameSite Flag for Cookies 4 Protecting Oracle HTTP Server Against Known Web Server Attacks Securing Oracle HTTP Server Against DoS Attacks Protecting Oracle HTTP Server Against Slow HTTP Attacks Protecting Oracle HTTP Server Against Host Header Attacks