Skip to main content

Webserver secure config

Apache2

<VirtualHost www.example.com:80>

  ...

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Header always set X-XSS-Protection "1;  mode=block"
Header set X-Frame-Options: "SAMEORIGIN"
Header set X-Content-Type-Options nosniff

  ...

</VirtualHost>