# Disable directory browsing Options -Indexes # Block TRACE method RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE RewriteRule .* - [F] # Deny access to hidden files RedirectMatch 403 /\..*$ # Protect .git RedirectMatch 404 /\.git # Block common sensitive file types Order allow,deny Deny from all # Security Headers Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "geolocation=(), microphone=()" Header always set Content-Security-Policy "default-src 'self';" # Disable Apache signature ServerSignature Off # Clean URLs RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] ErrorDocument 404 index.php