Permalink
Cannot retrieve contributors at this time
# This directive configures what you return as the Server HTTP response | |
# Header. The default is 'Full' which sends information about the OS-Type | |
# and compiled in modules. | |
# Set to one of: Full | OS | Minimal | Minor | Major | Prod | |
# where Full conveys the most information, and Prod the least. | |
ServerTokens Prod | |
# Optionally add a line containing the server version and virtual host | |
# name to server-generated pages (internal error documents, FTP directory | |
# listings, mod_status and mod_info output etc., but not CGI generated | |
# documents or custom error documents). | |
# Set to "EMail" to also include a mailto: link to the ServerAdmin. | |
# Set to one of: On | Off | EMail | |
ServerSignature off | |
# Allow TRACE method | |
# Set to "extended" to also reflect the request body (only for testing and | |
# diagnostic purposes). | |
# Set to one of: On | Off | extended | |
TraceEnable Off | |
# Setting this header will prevent MSIE from interpreting files as something | |
# else than declared by the content type in the HTTP headers. | |
# Requires mod_headers to be enabled. | |
Header set X-Content-Type-Options: "nosniff" | |
# Setting this header will prevent other sites from embedding pages from this | |
# site as frames. This defends against clickjacking attacks. | |
# Requires mod_headers to be enabled. | |
Header set X-Frame-Options: "sameorigin" | |
# See: https://www.owasp.org/index.php/List_of_useful_HTTP_headers | |
Header set X-XSS-Protection: "1; mode=block" |