# FamilyAlbums - Apache Configuration
# Security Headers
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Deny access to config file
Require all denied
Order deny,allow
Deny from all
# Deny access to hidden files
Require all denied
Order deny,allow
Deny from all
# Enable compression
AddOutputFilterByType DEFLATE text/html text/plain text/css application/json application/javascript
# Cache static assets
ExpiresActive On
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/webp "access plus 1 month"
# Default charset
AddDefaultCharset UTF-8