# The following directives force the content-type application/octet-stream
# and force browsers to display a download dialog for non-image files.
# This prevents the execution of script files in the context of the website:
ForceType application/octet-stream
<IfModule mod_headers.c>
Header set Content-Disposition attachment
</IfModule>
<FilesMatch "(?i).(gif|jpe?g|png)$">
ForceType none
<IfModule mod_headers.c>
Header unset Content-Disposition
</IfModule>
</FilesMatch>
# The following directive prevents browsers from MIME-sniffing the content-type.
# This is an important complement to the ForceType directive above:
<IfModule mod_headers.c>
Header set X-Content-Type-Options nosniff
</IfModule>
# Uncomment the following lines to prevent unauthorized download of files:
#AuthName "Authorization required"
#AuthType Basic
#require valid-user