davidsantiago-bib/startup.sh

## startup.sh
#!/usr/bin/env bash
a2enmod headers

# Remove X-Powered-By
echo "Header always unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf
echo "Header unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf

# Strict-Transport-Security
echo "Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"" >> /etc/apache2/apache2.conf

# Content-Security-Policy
echo "Header set Content-Security-Policy \"default-src 'self' *.MYDOMAIN.com\"" >> /etc/apache2/apache2.conf

# Referrer-Policy
echo "Header set Referrer-Policy \"no-referrer-when-downgrade\"" >> /etc/apache2/apache2.conf

# X-Frame-Options
echo "Header set X-Frame-Options \"sameorigin\"" >> /etc/apache2/apache2.conf

# X-Frame-Options
echo "Header set X-Content-Type-Options \"nosniff\"" >> /etc/apache2/apache2.conf

# X-XSS-Protection
echo "Header set X-XSS-Protection \"1; mode=block\"" >> /etc/apache2/apache2.conf

/usr/sbin/apache2ctl -D FOREGROUND
	#!/usr/bin/env bash
	a2enmod headers

	# Remove X-Powered-By
	echo "Header always unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf
	echo "Header unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf

	# Strict-Transport-Security
	echo "Header always set Strict-Transport-Security \"max-age=31536000; includeSubDomains\"" >> /etc/apache2/apache2.conf

	# Content-Security-Policy
	echo "Header set Content-Security-Policy \"default-src 'self' *.MYDOMAIN.com\"" >> /etc/apache2/apache2.conf

	# Referrer-Policy
	echo "Header set Referrer-Policy \"no-referrer-when-downgrade\"" >> /etc/apache2/apache2.conf

	# X-Frame-Options
	echo "Header set X-Frame-Options \"sameorigin\"" >> /etc/apache2/apache2.conf

	# X-Frame-Options
	echo "Header set X-Content-Type-Options \"nosniff\"" >> /etc/apache2/apache2.conf

	# X-XSS-Protection
	echo "Header set X-XSS-Protection \"1; mode=block\"" >> /etc/apache2/apache2.conf

	/usr/sbin/apache2ctl -D FOREGROUND