Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…
Cannot retrieve contributors at this time
| # This directive configures what you return as the Server HTTP response | |
| # Header. The default is 'Full' which sends information about the OS-Type | |
| # and compiled in modules. | |
| # Set to one of: Full | OS | Minimal | Minor | Major | Prod | |
| # where Full conveys the most information, and Prod the least. | |
| ServerTokens Prod | |
| # Optionally add a line containing the server version and virtual host | |
| # name to server-generated pages (internal error documents, FTP directory | |
| # listings, mod_status and mod_info output etc., but not CGI generated | |
| # documents or custom error documents). | |
| # Set to "EMail" to also include a mailto: link to the ServerAdmin. | |
| # Set to one of: On | Off | EMail | |
| ServerSignature off | |
| # Allow TRACE method | |
| # Set to "extended" to also reflect the request body (only for testing and | |
| # diagnostic purposes). | |
| # Set to one of: On | Off | extended | |
| TraceEnable Off | |
| # Setting this header will prevent MSIE from interpreting files as something | |
| # else than declared by the content type in the HTTP headers. | |
| # Requires mod_headers to be enabled. | |
| Header set X-Content-Type-Options: "nosniff" | |
| # Setting this header will prevent other sites from embedding pages from this | |
| # site as frames. This defends against clickjacking attacks. | |
| # Requires mod_headers to be enabled. | |
| Header set X-Frame-Options: "sameorigin" | |
| # See: https://www.owasp.org/index.php/List_of_useful_HTTP_headers | |
| Header set X-XSS-Protection: "1; mode=block" |