Some tips to secure your web server

Disable any version and module information

# nano /etc/httpd/conf/httpd.conf
ServerSignature Off
ServerTokens Prod

Secure from Clickjacking Attack

# nano /etc/httpd/conf/httpd.conf
Header append X-Frame-Options SAMEORIGIN

Apply Cross Site Scripting (XSS) protection

Header set X-XSS-Protection "1; mode=block"

Prevent browsers from MIME-type sniffing

Header set X-Content-Type-Options: "nosniff"

Use HTTP Strict-Transport-Security (HSTS) to enforce secure connections

Header set Strict-Transport-Security "max-age=31556926, includeSubDomains"

Disable TRACE and TRACK method

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

Disable unsecure protocols and ciphers in secured connection requests

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder on
SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'

Verify i.e. with Live HTTP headers, Firebug or similar