# HelpDesk — root .htaccess
Options -Indexes
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "SAMEORIGIN"
</IfModule>

# Never allow PHP to run inside the uploads folder (defence in depth)
<IfModule mod_php7.c>
  <Directory "uploads">
    php_flag engine off
  </Directory>
</IfModule>
<IfModule mod_php8.c>
  <Directory "uploads">
    php_flag engine off
  </Directory>
</IfModule>
