# Disable directory browsing
Options -Indexes

# Prevent direct access to PHP source via view-source
<FilesMatch "\.php$">
  Header set X-Content-Type-Options nosniff
</FilesMatch>

# Disable right-click and view source via JavaScript (handled in index.php)
