Hardening websites with .htaccess

Always use latest php available from your hosting provider:

AddType application/x-httpd-php-latest .php

Using mod_rewrite:

<IfModule mod_rewrite.c>

RewriteEngine On

#Redirect HTTP to HTTPS:
RewriteCond %{HTTPS} off

RewriteRule (.) https://%{HTTP_HOST}%{REQUEST_URI}

#Disable compression:

RewriteRule ^(.)$ $1 [NS,E=no-gzip:1,E=dont-vary:1]

</IfModule>

Strict HSTS, CSP, XSFR headers:

<IfModule mod_headers.c>

Header set Content-Security-Policy "upgrade-insecure-requests"

Header set Referrer-Policy "strict-origin-when-cross-origin"

Header set Strict-Transport-Security "max-age=15811200"

Header set X-Frame-Options "DENY"

</IfModule>