# Deny all access to includes directory
Order Deny,Allow
Deny from all

# Block access to PHP class files
<Files "*.php">
    Order Deny,Allow
    Deny from all
</Files>

# Prevent directory listing
Options -Indexes

# Additional security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>