# Keep-Alive Configuration for Warm API
<IfModule mod_headers.c>
    # Keep connections alive longer
    Header set Connection "keep-alive"
    Header set Keep-Alive "timeout=30, max=200"
</IfModule>

# Enable CORS
<IfModule mod_headers.c>
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
    Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With, If-None-Match"
    Header always set Access-Control-Max-Age "86400"
</IfModule>

# Enable GZIP Compression
<IfModule mod_deflate.c>
    # Compress JSON responses
    AddOutputFilterByType DEFLATE application/json
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE text/css
    
    # Don't compress images
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|ico)$ no-gzip
</IfModule>

# Browser Caching for static files
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType application/json "access plus 5 minutes"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
</IfModule>

# Handle OPTIONS preflight requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]

# Increase limits
php_value upload_max_filesize 10M
php_value post_max_size 12M
php_value max_execution_time 60
php_value max_input_time 60

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Disable directory listing
Options -Indexes

# Protect sensitive files
<FilesMatch "^(db\.php)$">
    Order allow,deny
    Deny from all
</FilesMatch>
