Apache2 Security Settings
# hide server information | |
ServerTokens Prod | |
ServerSignature Off | |
TraceEnable Off | |
# set default security headers | |
# requires mod_header | |
Header set X-Content-Type-Options: "nosniff" | |
Header set X-Frame-Options: "sameorigin" | |
Header set X-XSS-Protection: "1; mode=block" | |
Header set Strict-Transport-Security: "max-age=31536000" | |
# prevent caching of php pages | |
<FilesMatch ".(php|cgi|htm|html)$"> | |
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform" | |
Header set Pragma "no-cache" | |
</FilesMatch> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment