# The following directives force the Content-Type
# "application/octet-stream" for all files except images.
# This prevents executing any uploaded scripts
# and forces a download dialog for non-image files:
ForceType application/octet-stream
<FilesMatch "(?i).(csv)$">
ForceType none
</FilesMatch>
# Prevent IE from MIME-sniffing:
Header set X-Content-Type-Options "nosniff"
# Uncomment the following lines to prevent unauthorized download of files:
#AuthName "Authorization required"
#AuthType Basic
#require valid-user
