# Security headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"

# Hide sensitive files from web access
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>

<Files config.php>
Order Allow,Deny
Deny from all
</Files>

# Prevent access to PHP files in generated folder
<FilesMatch "^(generated/).*\.(php|php3|php4|php5|phtml)$">
Order Allow,Deny
Deny from all
</FilesMatch>

# Allow audio files to be served with proper MIME types
AddType audio/mpeg .mp3
AddType audio/wav .wav
AddType audio/ogg .ogg

# Cache audio files
<FilesMatch "\.(mp3|wav|ogg)$">
ExpiresActive On
ExpiresDefault "access plus 1 month"
</FilesMatch>