# Disable directory listing
Options -Indexes
# Prevent access to sensitive files
Order deny,allow
Deny from all
# Protect against cross-site scripting (XSS) attacks
Header set X-XSS-Protection "1; mode=block"
# Enable Content Security Policy (CSP) to prevent XSS attacks
Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';"
# Remove .php extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^([^/]+)/?$ $1.php [L]