diff --git a/defaults/main.yml b/defaults/main.yml
index 8264829e..e0423542 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -124,6 +124,8 @@ keystone_service_adminurl: "{{ keystone_service_adminurl_v3 }}"
 
 ## Apache setup
 keystone_apache_log_level: info
+keystone_apache_servertokens: "Prod"
+keystone_apache_serversignature: "Off"
 keystone_wsgi_threads: "{{ ansible_processor_vcpus | default(2) // 2 }}"
 keystone_wsgi_processes: "{{ ansible_processor_vcpus | default(1) }}"
 
diff --git a/tasks/keystone_apache.yml b/tasks/keystone_apache.yml
index 1f25d011..5576d127 100644
--- a/tasks/keystone_apache.yml
+++ b/tasks/keystone_apache.yml
@@ -57,6 +57,26 @@
   tags:
     - keystone-httpd
 
+- name: Ensure Apache ServerTokens
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerTokens'
+    line: "ServerTokens {{ keystone_apache_servertokens }}"
+  notify:
+    - Restart Apache
+  tags:
+    - keystone-httpd
+
+- name: Ensure Apache ServerSignature
+  lineinfile:
+    dest: "/etc/apache2/conf-available/security.conf"
+    regexp: '^ServerSignature'
+    line: "ServerSignature {{ keystone_apache_serversignature }}"
+  notify:
+    - Restart Apache
+  tags:
+    - keystone-httpd
+
 - name: Enable/disable mod_ssl for apache2
   apache2_module:
     name: ssl