# The following directives prevent the execution of script files

# in the context of the website.

# They also force the content-type application/octet-stream and

# force browsers to display a download dialog for non-image files.

SetHandler default-handler

ForceType application/octet-stream

Header set Content-Disposition attachment



# The following unsets the forced type and Content-Disposition headers

# for known image files:

<FilesMatch "(?i)\.(gif|jpe?g|png)$">

	ForceType none

	Header unset Content-Disposition

</FilesMatch>



# The following directive prevents browsers from MIME-sniffing the content-type.

# This is an important complement to the ForceType directive above:

Header set X-Content-Type-Options nosniff



# Uncomment the following lines to prevent unauthorized download of files:

#AuthName "Authorization required"

#AuthType Basic

#require valid-user

