Skip to content

Instantly share code, notes, and snippets.

@niraj-shah

niraj-shah/security.conf Secret

Created Sep 21, 2020
Embed
What would you like to do?
Apache2 Security Settings
# hide server information
ServerTokens Prod
ServerSignature Off
TraceEnable Off
# set default security headers
# requires mod_header
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
Header set X-XSS-Protection: "1; mode=block"
Header set Strict-Transport-Security: "max-age=31536000"
# prevent caching of php pages
<FilesMatch ".(php|cgi|htm|html)$">
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.