-
-
Save niraj-shah/5c858f36d42f464387fe7b865594971e to your computer and use it in GitHub Desktop.
Apache2 Security Settings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# hide server information | |
ServerTokens Prod | |
ServerSignature Off | |
TraceEnable Off | |
# set default security headers | |
# requires mod_header | |
Header set X-Content-Type-Options: "nosniff" | |
Header set X-Frame-Options: "sameorigin" | |
Header set X-XSS-Protection: "1; mode=block" | |
Header set Strict-Transport-Security: "max-age=31536000" | |
# prevent caching of php pages | |
<FilesMatch ".(php|cgi|htm|html)$"> | |
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform" | |
Header set Pragma "no-cache" | |
</FilesMatch> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment