# Security Headers untuk Mitra Dashboard
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    # Batasi CORS (hanya domain ini yang boleh)
    Header set Access-Control-Allow-Origin "https://apps.texaproject.com"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

# Mencegah akses ke file JSON jika ada
<FilesMatch "\.json$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Disable Directory Browsing
Options -Indexes
