TYPO3 Core

These lines should be put in the shipped default .htaccess (ext:install/Resources/Private/FolderStructureTemplateFiles/root-htaccess)

See https://stackoverflow.com/questions/61759835/security-message-after-upgrade-to-9-5-17

Meaningful security measures should be included by default if they are reported anyways in the reports module in the backend.

<IfModule mod_mime.c>
    RemoveType .html .htm
    <FilesMatch ".+\.html?$">
        AddType text/html .html
        AddType text/html .htm
    </FilesMatch>

    RemoveType .svg .svgz
    <FilesMatch ".+\.svgz?$">
        AddType image/svg+xml .svg
        AddType image/svg+xml .svgz
    </FilesMatch>
</IfModule>