There are lots of way to increase the security on the Apache Web Server and there is no one size fits all. Some hardening steps will beak specific needs.
But before you start, as advised in the Apache Setup, ensure Apache works with its intended integrated purpose in a test environment. Verify vanilla and then basic hardening first. Then carefully apply each security setting and test at intervals.
Use the Center for Internet Security Security and search "apache benchmark" and look for your version of Apache to get hardening documentation.
I'll create my own abridged version in the future with additional perspective of impact to web applications.
Disable Etag Header
Etag (entity tag) was introduced to help improve caching. However, besides not being very effective in an enterprise clusters environments), it also provides sensitive information like inode number, multipart MIME boundary and child processes. It allows hackers to uniquely identify a particular server.
Unless you have a compelling reason you may,
- Disable etag - rely on the default Expire or Cach-Control header information.
- Minimally disable INode
... to fill out