Options -Indexes ServerSignature Off # Security headers Header set X-Content-Type-Options "nosniff" Header set X-Frame-Options "SAMEORIGIN" Header set X-XSS-Protection "1; mode=block" Header set Referrer-Policy "strict-origin-when-cross-origin" # Block access to sensitive files Order deny,allow Deny from all # PHP settings php_flag display_errors Off php_flag log_errors On php_value upload_max_filesize 10M php_value post_max_size 12M php_value max_execution_time 120