• Always send data via HTTPS, especially PCI data.

  • Perform all sensitive data read/writes over HTTPS.

  • Don’t use a weak SSL implementation. Use strong configuration with the latest protocols, ciphers, and certificates.

  • Remove all sensitive data from GET requests. Use other HTTP methods for update/delete operations.

  • Maintain strict HTTPS hygiene by using the HSTS security header.