First install the Headers-module in Apache:

sudo a2enmod headers

Additions to /etc/apache2/httpd.conf:

Open the httpd.conf-file with 'sudo nano /etc/apache2/httpd.conf' and add this text:

 <IfModule mod_headers.c>
   <Directory />
      # Turn on IE8-IE9 XSS prevention tool:
      Header always set X-XSS-Protection "1; mode=block"
     # Don't allow any pages to be framed, defends against CSRF
     Header always set x-Frame-Options "SAMEORIGIN"
     # Prevent mime based attacks:
     Header always set X-Content-Type-Options "nosniff"
     Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
     # Protection against 'in line' Java script attacks
     Header always set Referrer-Policy "strict-origin"
     # This helps guard against cross-site scripting attacks (XSS)
     Header set Content-Security-Policy "default-src 'self';  script-src 'self' or 'unsafe-inline'"
     # Set strict Coockie policy
     Header always edit Set-Cookie (.*) "$1; SameSite-strict"
   </Directory>
</IfModule>

Restart Apache:

sudo service apache2 restart