diff --git a/Running-Mastodon/Alternatives.md b/Running-Mastodon/Alternatives.md
index 68f6b5bb..bf5e2e1d 100644
--- a/Running-Mastodon/Alternatives.md
+++ b/Running-Mastodon/Alternatives.md
@@ -191,15 +191,26 @@ Setting up Mastodon behind Apache is possible as well, although you will need to
 
    DocumentRoot /home/mastodon/live/public/
 
-   Header add Strict-Transport-Security "max-age=31536000"
+   Header always set Referrer-Policy "strict-origin-when-cross-origin"
+   Header always set Strict-Transport-Security "max-age=31536000"
+
    SSLEngine on
    SSLProtocol -all +TLSv1.2
    SSLHonorCipherOrder on
    SSLCipherSuite EECDH+AESGCM:AES256+EECDH:AES128+EECDH
+   SSLCompression off
+   SSLSessionTickets off
+   SSLStaplingResponderTimeout 5
+   SSLStaplingReturnResponderErrors off
+   SSLUseStapling on
 
    SSLCertificateFile example.pem
    SSLCertificateKeyFile example.key
 
+   <Location /assets>
+      Header always set Cache-Control "public, max-age=31536000, immutable"
+   </Location>
+
    ProxyPreserveHost On
    RequestHeader set X-Forwarded-Proto "https"
    ProxyPass /500.html !