# The following directives force the content-type application/octet-stream# and force browsers to display a download dialog for non-image files.# This prevents the execution of script files in the context of the website:ForceType application/octet-streamHeaderset Content-Disposition attachment<FilesMatch "(?i)\.(gif|jpe?g|png)$">ForceTypenoneHeaderunset Content-Disposition</FilesMatch># The following directive prevents browsers from MIME-sniffing the content-type.# This is an important complement to the ForceType directive above:Headerset X-Content-Type-Options nosniff# Uncomment the following lines to prevent unauthorized download of files:#AuthName "Authorization required"#AuthType Basic#require valid-user
