# ScriptVault — Root .htaccess
Options -Indexes

# Protect config
<Files "config.php">
    Order Deny,Allow
    Deny from all
</Files>

# Rewrite for clean URLs (optional)
<IfModule mod_rewrite.c>
    RewriteEngine On
    # Redirect to installer if config.php not yet created
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}/config.php !-f
</IfModule>

# Security headers
<IfModule mod_headers.c>
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
