This Ansible role aims at installing the Apache HTTPd HTTP server on RHEL/CentOS.
httpd_headers_xss_protection: "1; mode=block": sets theX-XSS-Protectionheader.httpd_headers_x_content_type_options: "nosniff": sets theX-Content-Type-Optionsheader.httpd_headers_referer_policy: "strict-origin": sets theReferrer-Policyheader.httpd_headers_csp: "": sets theContent-Security-Policyheader. This is undefined by default.httpd_headers_xframe_options: "SAMEORIGIN": sets theX-Frame-Optionsheader.httpd_headers_feature_policy: "": sets theFeature-Policyheader. This is undefined by default.httpd_headers_hsts: "max-age=15552001; includeSubDomains;": sets the HTTP Strict Transport Security header.
httpd_ssl_cipher_order: "on": sets theSSLHonorCipherOrderoption.httpd_ssl_protocol: sets theSSLProtocoloption.httpd_ssl_cipher_suite: sets theSSLCipherSuiteoption.httpd_ssl_compression: "off": sets theSSLCompressionoption.httpd_ssl_session_tickets: "off": sets theSSLSessionTicketsoption.
Please, refer to the HTTPd document on TLS encryption and take a look at the Mozilla SSL Configuration Generator.
httpd_security_server_tokens: "Prod": sets theServerTokensoption.httpd_security_signature: "Off": sets theServerSignatureoption.httpd_security_secserver_signature: "": sets theSecServerSignaturewithin from thesecurity2_module.