diff --git a/xCAT/xCAT.spec b/xCAT/xCAT.spec
index 9d35ca21d..24ca8314f 100644
--- a/xCAT/xCAT.spec
+++ b/xCAT/xCAT.spec
@@ -87,6 +87,7 @@ tar zxf %{SOURCE2}
 tar zxf %{SOURCE4}
 tar zxf %{SOURCE6}
 tar zxf %{SOURCE8}
+rm -f postscripts/sudoers
 %else
 rm -rf postscripts
 cp %{SOURCE2} /opt/freeware/src/packages/BUILD
diff --git a/xCAT/xcat.conf b/xCAT/xcat.conf
index 89fbd115b..0e49ab321 100644
--- a/xCAT/xcat.conf
+++ b/xCAT/xcat.conf
@@ -8,21 +8,37 @@ AliasMatch ^/install/(.*)$ "/install/$1"
 AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
 
 <Directory "/tftpboot">
-    Options Indexes +FollowSymLinks +Includes MultiViews
     AllowOverride None
     Order allow,deny
     Allow from all
+    AllowMethods GET
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 <Directory "/install">
-    Options Indexes +FollowSymLinks +Includes MultiViews
     AllowOverride None
     Order allow,deny
     Allow from all
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 
 Alias /xcat-doc "/opt/xcat/share/doc"
 <Directory "/opt/xcat/share/doc">
- Options Indexes
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
  AllowOverride None
  Order allow,deny
  Allow from all
diff --git a/xCAT/xcat.conf.apach24 b/xCAT/xcat.conf.apach24
index 89e28e345..2a3570847 100644
--- a/xCAT/xcat.conf.apach24
+++ b/xCAT/xcat.conf.apach24
@@ -8,19 +8,35 @@ AliasMatch ^/install/(.*)$ "/install/$1"
 AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
 
 <Directory "/tftpboot">
-    Options Indexes FollowSymLinks Includes MultiViews
     AllowOverride None
     Require all granted
+    Options Indexes FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 <Directory "/install">
     Options Indexes FollowSymLinks Includes MultiViews
     AllowOverride None
     Require all granted
+    Options Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 
 Alias /xcat-doc "/opt/xcat/share/doc"
 <Directory "/opt/xcat/share/doc">
- Options Indexes
  AllowOverride None
  Require all granted
+    Options Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
diff --git a/xCATsn/xcat.conf b/xCATsn/xcat.conf
index 89fbd115b..8984a6641 100644
--- a/xCATsn/xcat.conf
+++ b/xCATsn/xcat.conf
@@ -8,22 +8,37 @@ AliasMatch ^/install/(.*)$ "/install/$1"
 AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
 
 <Directory "/tftpboot">
-    Options Indexes +FollowSymLinks +Includes MultiViews
     AllowOverride None
     Order allow,deny
     Allow from all
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 <Directory "/install">
-    Options Indexes +FollowSymLinks +Includes MultiViews
     AllowOverride None
     Order allow,deny
     Allow from all
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 
 Alias /xcat-doc "/opt/xcat/share/doc"
 <Directory "/opt/xcat/share/doc">
- Options Indexes
  AllowOverride None
  Order allow,deny
  Allow from all
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
diff --git a/xCATsn/xcat.conf.apach24 b/xCATsn/xcat.conf.apach24
index d4e83370c..49ebaf369 100644
--- a/xCATsn/xcat.conf.apach24
+++ b/xCATsn/xcat.conf.apach24
@@ -8,20 +8,35 @@ AliasMatch ^/install/(.*)$ "/install/$1"
 AliasMatch ^/tftpboot/(.*)$ "/tftpboot/$1"
 
 <Directory "/tftpboot">
-    Options Indexes FollowSymLinks Includes MultiViews
     AllowOverride None
     Require all granted
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 <Directory "/install">
-    Options Indexes FollowSymLinks Includes MultiViews
     AllowOverride None
     Require all granted
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>
 
 Alias /xcat-doc "/opt/xcat/share/doc"
 <Directory "/opt/xcat/share/doc">
- Options Indexes
  AllowOverride None
  Require all granted
+    Options -Indexes +FollowSymLinks
+    Header always append  X-Frame-Options SAMEORIGIN
+    Header always append X-XSS-Protection "1; mode=block"
+    Header always append X-Content-Type-Options nosniff
+    Header always append Content-Security-Policy "script-src 'self' 'unsafe-eval'"
+    Header always append X-Permitted-Cross-Domain-Policies none
 </Directory>