Options -Indexes
DirectoryIndex index.php

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Block direct access to uploads of non-image/pdf types
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Allow images and PDFs in uploads
<FilesMatch "\.(jpg|jpeg|png|gif|pdf)$">
    Order Deny,Allow
    Allow from all
</FilesMatch>
