mhou1981 · September 26, 2018 06:09
diff --git a/apache2_header_security.txt b/apache2_header_security.txt
 a2enmod headers
 systemctl restart apache2.service
 vim /etc/apache2/conf-enabled/security.conf

 ### add the following:
 Header set X-Content-Type-Options: "nosniff"
 Header set X-Frame-Options: "sameorigin"
 Header unset X-Powered-By
 Header set X-XSS-Protection 1;mode=block
 Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
 Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
 Header always set Referrer-Policy "same-origin"
 Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://domain-name.com"

 # Save and exit
 apachectl -t
 systemctl restart apache2.service
	a2enmod headers
	systemctl restart apache2.service
	vim /etc/apache2/conf-enabled/security.conf

	### add the following:
	Header set X-Content-Type-Options: "nosniff"
	Header set X-Frame-Options: "sameorigin"
	Header unset X-Powered-By
	Header set X-XSS-Protection 1;mode=block
	Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
	Header always set Referrer-Policy "same-origin"
	Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://domain-name.com"

	# Save and exit
	apachectl -t
	systemctl restart apache2.service