RewriteEngine On

# Block direct access to HTML files to prevent source viewing
<Files "*.html">
    Deny from all
</Files>

# Block common source viewing tools and bots
RewriteCond %{HTTP_USER_AGENT} (curl|wget|python-requests|bot|scraper) [NC]
RewriteRule .* - [F,L]

# Remove .php extension and redirect root to Str4ng.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/?$ $1.php [L]

# Redirect root to Str4ng.php without showing filename
RewriteRule ^$ Str4ng.php [L]

# Security headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"