Some tips to secure your web server
Disable any version and module information
# nano /etc/httpd/conf/httpd.conf
ServerSignature Off
ServerTokens ProdSecure from Clickjacking Attack
# nano /etc/httpd/conf/httpd.conf
Header append X-Frame-Options SAMEORIGINApply Cross Site Scripting (XSS) protection
Header set X-XSS-Protection "1; mode=block"Prevent browsers from MIME-type sniffing
Header set X-Content-Type-Options: "nosniff"Use HTTP Strict-Transport-Security (HSTS) to enforce secure connections
Header set Strict-Transport-Security "max-age=31556926, includeSubDomains"Disable TRACE and TRACK method
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]Disable unsecure protocols and ciphers in secured connection requests
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder on
SSLCipherSuite 'EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EECDH:EDH+AESGCM:EDH:+3DES:ECDH+AESGCM:ECDH+AES:ECDH:AES:HIGH:MEDIUM:!RC4:!CAMELLIA:!SEED:!aNULL:!MD5:!eNULL:!LOW:!EXP:!DSS:!PSK:!SRP'Verify i.e. with Live HTTP headers, Firebug or similar