Always use latest php available from your hosting provider:
AddType application/x-httpd-php-latest .php
Using mod_rewrite:
<IfModule mod_rewrite.c>
RewriteEngine On
#Redirect HTTP to HTTPS:RewriteCond %{HTTPS} off
RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI}
#Disable compression:
RewriteRule ^(.)$ $1 [NS,E=no-gzip:1,E=dont-vary:1]
</IfModule>
Strict HSTS, CSP, XSFR headers:
<IfModule mod_headers.c>
Header set Content-Security-Policy "upgrade-insecure-requests"
Header set Referrer-Policy "strict-origin-when-cross-origin"
Header set Strict-Transport-Security "max-age=15811200"
Header set X-Frame-Options "DENY"
</IfModule>