SSLProtocol -all +TLSv1.1 +TLSv1.2 /etc/apache2/conf-available/security.conf

1. SSLProtocol -all +TLSv1.1 +TLSv1.2
2.  
3. /etc/apache2/conf-available/security.conf
4.  
5. a2dismod deflate
6.  
7. SSLCompression Off
8.  
9. Header always set X-Content-Type-Options: "nosniff"
10.  
11. Header always set X-Frame-Options: "sameorigin"
12.  
13. Header always set X-XSS-Protection: 1
14.  
15. Header always set Content-Security-Policy: "default-src 'none'; script-src 'none'; style-src 'self'; img-src 'self'"
16.  
17. Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
18.  
19. SSLCipherSuite ECDH+AESGCM256:DH+AESGCM256:ECDH+AES256:DH+AES256:ECDH+AES256:DH+AES256:RSA+AESGCM256:RSA+AES256:!aNULL:!MD5:!DSS:!eNULL:!ADH:!EXP:!LOW:!PSK:!SRP:!RC4