Apache

Update cookie headers from proxied server

Header always edit Set-Cookie "(?i)^((?:(?!;\s?HttpOnly).)+)$" "$1; HttpOnly"
Header always edit Set-Cookie "(?i)^((?:(?!;\s?secure).)+)$" "$1; Secure"

Note: Header set - The response header is set, replacing any previous header with this name. The value may be a format string.

Apache configuration for Kerberos authentication

DocumentRoot /usr/share/zabbix
<Directory /usr/share/zabbix>
    AuthType Kerberos
    KrbAuthRealms COMPANY.DOMAIN.COM
    KrbMethodNegotiate On
    KrbMethodK5Passwd On
    KrbServiceName http/zabbix.domain.com
    Krb5KeyTab /etc/krb5.keytab
    KrbLocalUserMapping On
    Require valid-user
</Directory>

Apache HTTP secure headers

<VirtualHost *:443>  
    Header always set Strict-Transport-Security "max-age=31536000"  
    Header always set X-Frame-Options "deny"  
    Header always set X-XSS-Protection "1; mode=block"  
    Header always set X-Content-Type-Options "nosniff"  
    Header always set Content-Security-Policy "default-src 'self'"  
    Header always set Referrer-Policy "strict-origin-when-cross-origin"  
</VirtualHost>