Skip to content

Instantly share code, notes, and snippets.

@niraj-shah
Created September 21, 2020 14:55
Show Gist options
  • Save niraj-shah/5c858f36d42f464387fe7b865594971e to your computer and use it in GitHub Desktop.
Save niraj-shah/5c858f36d42f464387fe7b865594971e to your computer and use it in GitHub Desktop.
Apache2 Security Settings
# hide server information
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# set default security headers
# requires mod_header
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
Header set X-XSS-Protection: "1; mode=block"
Header set Strict-Transport-Security: "max-age=31536000"
# prevent caching of php pages
<FilesMatch ".(php|cgi|htm|html)$">
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment