Options -Indexes
DirectoryIndex index.php

# Protect sensitive project files from direct browser access.
<FilesMatch "(^\.|.*\.sql$|README\.md|UPDATED_FILES_LIST\.txt|CPANEL_DEPLOYMENT_GUIDE\.txt)$">
    Require all denied
</FilesMatch>

# Basic security headers. Safe for normal PHP hosting / cPanel / LiteSpeed.
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
