diff --git a/core/lib/Drupal/Component/FileSecurity/FileSecurity.php b/core/lib/Drupal/Component/FileSecurity/FileSecurity.php
index d5060cf7d7..b3ae81a856 100644
--- a/core/lib/Drupal/Component/FileSecurity/FileSecurity.php
+++ b/core/lib/Drupal/Component/FileSecurity/FileSecurity.php
@@ -62,7 +62,7 @@ public static function htaccessLines($deny_public_access = TRUE) {
   protected static function htaccessPreventExecution() {
     return <<<EOF
 # Turn off all options we don't need.
-Options -Indexes -ExecCGI -Includes -MultiViews
+Options -Indexes -ExecCGI -Includes
 
 # Set the catch-all handler to prevent scripts from being executed.
 SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
index bdcdd2f5c8..f89f299970 100644
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
+++ b/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
@@ -8,4 +8,4 @@
   Deny from all
 </IfModule>
 # Turn off all options we don't need.
-Options -Indexes -ExecCGI -Includes -MultiViews
+Options -Indexes -ExecCGI -Includes
diff --git a/core/tests/Drupal/KernelTests/Core/File/HtaccessTest.php b/core/tests/Drupal/KernelTests/Core/File/HtaccessTest.php
index 56ef36e897..d78e75f600 100644
--- a/core/tests/Drupal/KernelTests/Core/File/HtaccessTest.php
+++ b/core/tests/Drupal/KernelTests/Core/File/HtaccessTest.php
@@ -57,7 +57,7 @@ public function testHtaccessSave() {
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
     $this->assertFalse(strpos($content, "Require all denied") !== FALSE);
     $this->assertFalse(strpos($content, "Deny from all") !== FALSE);
-    $this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
+    $this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes") !== FALSE);
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
     $this->assertFilePermissions($this->public . '/.htaccess', 0444);
 
@@ -70,7 +70,7 @@ public function testHtaccessSave() {
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
     $this->assertTrue(strpos($content, "Require all denied") !== FALSE);
     $this->assertTrue(strpos($content, "Deny from all") !== FALSE);
-    $this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
+    $this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes") !== FALSE);
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
     $this->assertFilePermissions($private . '/.htaccess', 0444);
 
@@ -83,7 +83,7 @@ public function testHtaccessSave() {
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006") !== FALSE);
     $this->assertTrue(strpos($content, "Require all denied") !== FALSE);
     $this->assertTrue(strpos($content, "Deny from all") !== FALSE);
-    $this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes -MultiViews") !== FALSE);
+    $this->assertTrue(strpos($content, "Options -Indexes -ExecCGI -Includes") !== FALSE);
     $this->assertTrue(strpos($content, "SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003") !== FALSE);
     $this->assertFilePermissions($stream . '/.htaccess', 0444);