ServerAdmin webmaster@localhost DocumentRoot /var/www/html Options Indexes FollowSymLinks AllowOverride All Require all granted # Protect sensitive files Require all denied ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # Security headers Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set X-XSS-Protection "1; mode=block"