# Admin panel - proteksi tambahan
Options -Indexes -MultiViews
DirectoryIndex index.php

# Block direct access to data folder (JSON file dengan key)
<Files "*.json">
    Require all denied
</Files>

# Header keamanan
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
