# Security Headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set Referrer-Policy "strict-origin-when-cross-origin"

# Prevent access to sensitive files
<Files "*.sqlite">
    Order allow,deny
    Deny from all
</Files>

<Files "*.log">
    Order allow,deny
    Deny from all
</Files>

# Hide PHP errors in production
php_flag display_errors off
php_flag log_errors on

# Prevent directory browsing
Options -Indexes

# File upload security
php_value upload_max_filesize 2M
php_value post_max_size 8M

# Session security
php_value session.cookie_httponly 1
php_value session.use_only_cookies 1
php_value session.cookie_secure 0
php_value session.gc_maxlifetime 1800