Section
10.1.9
Top Level
Sub Level
General
The production site should not contain ANY debug or test code.
Coldfusion
On the ColdFusion server, under the Debugging & Logging > Debugging Output Settings, disable Robust Exception Information, AJAX Debug Log Window, Request Debugging Output for production servers.
Under Debugging & Logging > Debugging IP Addresses allow only the localhost IP (127.0.0.1 (IPv4) or 0:0:0:0:0:0:0:1 (IPv6)) in the list on production machines.
Under Debugging & Logging > Debugger Settings, disable Allow Line Debugging for production servers.
Django
Be sure to set the DEBUG and TEMPLATE_DEBUG settings to False when deploying to your production site.
PHP
Restrict access to the phpinfo() function
It can allow an attacker to view important information about the PHP server configuration.