Options -Indexes
ServerSignature Off

<FilesMatch "^(config\.php|db\.php|auth\.php|helpers\.php|layout\.php)$">
    Require all denied
</FilesMatch>

<FilesMatch "\.(sql|bak|ini|log)$">
    Require all denied
</FilesMatch>

<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
