# RAD Ensemble — Apache config
Options -Indexes

# PHP mail protection — only allow POST to send_mail.php from same origin
<Files "send_mail.php">
  <LimitExcept POST>
    Require all denied
  </LimitExcept>
</Files>

# Cache static assets
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/svg+xml "access plus 1 month"
  ExpiresByType text/css "access plus 1 week"
  ExpiresByType application/javascript "access plus 1 week"
</IfModule>

# GZIP compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css application/javascript image/svg+xml
</IfModule>

# Security headers
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options nosniff
  Header always set X-Frame-Options SAMEORIGIN
  Header always set Referrer-Policy strict-origin-when-cross-origin
</IfModule>

# Default to index.html
DirectoryIndex index.html