# Protect some other files Order Deny,Allow Deny from all # Extra Security Headers Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options nosniff Header set Strict-Transport-Security "max-age=31536000" env=HTTPS Header set Referrer-Policy "no-referrer-when-downgrade" Header always unset X-Powered-By Header unset X-Powered-By #Directory Browsing Options All -Indexes