niraj-shah/security.conf Secret

## security.conf
# hide server information
ServerTokens Prod
ServerSignature Off
TraceEnable Off

# set default security headers
# requires mod_header
Header set X-Content-Type-Options: "nosniff"
Header set X-Frame-Options: "sameorigin"
Header set X-XSS-Protection: "1; mode=block"
Header set Strict-Transport-Security: "max-age=31536000"

# prevent caching of php pages
<FilesMatch ".(php|cgi|htm|html)$">
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
</FilesMatch>
	# hide server information
	ServerTokens Prod
	ServerSignature Off
	TraceEnable Off

	# set default security headers
	# requires mod_header
	Header set X-Content-Type-Options: "nosniff"
	Header set X-Frame-Options: "sameorigin"
	Header set X-XSS-Protection: "1; mode=block"
	Header set Strict-Transport-Security: "max-age=31536000"

	# prevent caching of php pages
	<FilesMatch ".(php\|cgi\|htm\|html)$">
	Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
	Header set Pragma "no-cache"
	</FilesMatch>