Options -Indexes

# URL Rewriting
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Redirect backend root to login page
    RewriteRule ^$ /ESP/RESI/frontend/public/login.html [R=302,L]

    # Redirect root directory with trailing slash to login page
    RewriteRule ^/$ /ESP/RESI/frontend/public/login.html [R=302,L]
</IfModule>

# Security Headers
<IfModule mod_headers.c>
    # Prevent clickjacking attacks
    Header always set X-Frame-Options "DENY"

    # Content Security Policy
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';"

    # Prevent MIME type sniffing
    Header always set X-Content-Type-Options "nosniff"

    # Enable XSS protection
    Header always set X-XSS-Protection "1; mode=block"

    # Referrer Policy
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>