httpd security Tips (Centos6,7,8)
1. /etc/httpd/conf/httpd.conf の DocumentRootの直前ぐらいに以下を追記する
ServerTokens Prod ServerSignature Off TraceEnable Off # httproxy RequestHeader unset Proxy Header unset X-Powered-By # Click Jack Header append X-FRAME-OPTIONS "SAMEORIGIN" # XSS Header set X-XSS-Protection "1; mode=block" Header set X-Content-Type-Options nosniff #