I still use Apache for a web server because of the vast amount of documentation on the web, something I’ve overlooked for a long time are security headers… The more I read about security breaches from other sites the more paranoid I get about the sites I have on the internet.
Enabling Apache security headers is pretty straight forward, first enable the Apache module headers
sudo a2enmod headers
And reload Apache
sudo systemctl restart apache2
You may wish to go into each individual virtual host to enable specific headers for specific sites but in my case I’m going to edit the Apache config which effects every website running.
Open Apache config