Skip to content

Instantly share code, notes, and snippets.

@niraj-shah
Created September 21, 2020 14:55
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Apache2 Security Settings
# hide server information
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# set default security headers
# requires mod_header
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
Header set X-XSS-Protection: "1; mode=block"
Header set Strict-Transport-Security: "max-age=31536000"
# prevent caching of php pages
<FilesMatch ".(php|cgi|htm|html)$">
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment