# Use UTF-8 encoding for all content
AddDefaultCharset UTF-8

# Prevent directory browsing
Options -Indexes

# Protect config file from direct access
<Files "config.php">
    Require all denied
</Files>

# Rewrite to force HTTPS (optional, uncomment if SSL enabled)
# RewriteEngine On
# RewriteCond %{HTTPS} off
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Enable basic security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Basic caching for CSS/JS files (adjust as needed)
<FilesMatch "\.(css|js)$">
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
</FilesMatch>
