+# Use this command to generate 4096 DH parameters (it will take long time):
+# openssl dhparam -out /etc//httpd/ssl/dhparams.pem 4096
+# When finished, uncomment line below
+#SSLOpenSSLConfCmd DHParameters /etc/httpd/ssl/dhparams.pem
+
+SSLOpenSSLConfCmd ECDHParameters secp384r1
+SSLOpenSSLConfCmd Curves secp521r1:secp384r1
+
+Header always set Strict-Transport-Security max-age=31556952;includeSubDomains
+Header always set X-Frame-Options SAMEORIGIN
+Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
+Header always set X-Content-Type-Options nosnif
+