Added Security Headers Apache config

Jsitech · Aug 24, 2018 · 60a7c4e · 60a7c4e
1 parent 927a5f3
commit 60a7c4e
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/UbuntuServer_16.04LTS/templates/apache b/UbuntuServer_16.04LTS/templates/apache
@@ -85,3 +85,12 @@ ErrorDocument 500 "Tareas de mantenimiento en curso. Disculpe las molestias"
 FileETag None
 Header unset ETag
 TraceEnable off
+
+# Security Headers
+
+Header set X-XSS-Protection "1; mode=block"
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+Header always append X-Frame-Options DENY
+Header set X-Content-Type-Options nosniff
+Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
+Header set Referrer-Policy "no-referrer-when-downgrade"
diff --git a/UbuntuServer_18.04LTS/templates/apache b/UbuntuServer_18.04LTS/templates/apache
@@ -80,3 +80,12 @@ ErrorDocument 500 "Tareas de mantenimiento en curso. Disculpe las molestias"
 FileETag None
 Header unset ETag
 TraceEnable off
+
+# Security Headers
+
+Header set X-XSS-Protection "1; mode=block"
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+Header always append X-Frame-Options DENY
+Header set X-Content-Type-Options nosniff
+Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
+Header set Referrer-Policy "no-referrer-when-downgrade"