In addition to https://ssl-config.mozilla.org/ when setting up your website, there is another wonderful free tool by Mozilla: https://developer.mozilla.org/en-US/observatory

Unlike the Mozilla configurator it’s not as succinct with helping you configure but it is very good nevertheless.

A nice analysis is https://vaibhav.co.uk/2025/03/08/implementing-secure-headers-using-mozilla-observatory/ by Vaibhav Jain.

So a leg up is to start here with this:

<VirtualHost *:443>
    <IfModule mod_headers.c>
        Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        Header always set X-Frame-Options "SAMEORIGIN"
        Header always set X-Content-Type-Options "nosniff"
        Header always set Referrer-Policy "strict-origin-when-cross-origin"
        Header always set Permissions-Policy "geolocation=(), camera=(), microphone=()"
        Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none';"
    </IfModule>
</VirtualHost>

Like the excellent (and free) Qualys SSL Test site it gives you a grade which is a useful metric.