# Disable directory listing Options -Indexes # Prevent access to sensitive files Order deny,allow Deny from all # Protect against cross-site scripting (XSS) attacks Header set X-XSS-Protection "1; mode=block" # Enable Content Security Policy (CSP) to prevent XSS attacks Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self';" # Remove .php extension RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}.php -f RewriteRule ^([^/]+)/?$ $1.php [L]