-
Always send data via HTTPS, especially PCI data.
-
Perform all sensitive data read/writes over HTTPS.
-
Don’t use a weak SSL implementation. Use strong configuration with the latest protocols, ciphers, and certificates.
-
Remove all sensitive data from GET requests. Use other HTTP methods for update/delete operations.
-
Maintain strict HTTPS hygiene by using the HSTS security header.