Permalink
Cannot retrieve contributors at this time
| # This directive configures what you return as the Server HTTP response | |
| # Header. The default is 'Full' which sends information about the OS-Type | |
| # and compiled in modules. | |
| # Set to one of: Full | OS | Minimal | Minor | Major | Prod | |
| # where Full conveys the most information, and Prod the least. | |
| ServerTokens Prod | |
| # Optionally add a line containing the server version and virtual host | |
| # name to server-generated pages (internal error documents, FTP directory | |
| # listings, mod_status and mod_info output etc., but not CGI generated | |
| # documents or custom error documents). | |
| # Set to "EMail" to also include a mailto: link to the ServerAdmin. | |
| # Set to one of: On | Off | EMail | |
| ServerSignature off | |
| # Allow TRACE method | |
| # Set to "extended" to also reflect the request body (only for testing and | |
| # diagnostic purposes). | |
| # Set to one of: On | Off | extended | |
| TraceEnable Off | |
| # Setting this header will prevent MSIE from interpreting files as something | |
| # else than declared by the content type in the HTTP headers. | |
| # Requires mod_headers to be enabled. | |
| Header set X-Content-Type-Options: "nosniff" | |
| # Setting this header will prevent other sites from embedding pages from this | |
| # site as frames. This defends against clickjacking attacks. | |
| # Requires mod_headers to be enabled. | |
| Header set X-Frame-Options: "sameorigin" | |
| # See: https://www.owasp.org/index.php/List_of_useful_HTTP_headers | |
| Header set X-XSS-Protection: "1; mode=block" |