# PSKF Shotokan — place this at the root of public_html (alongside the # Nuxt build output, api/, admin/, uploads/ and config.php). # Never serve config.php directly, from any location. Require all denied # Nicer 404s for the static Nuxt site (nuxt generate creates 404.html). ErrorDocument 404 /404.html # Basic security headers. Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header always set Referrer-Policy "strict-origin-when-cross-origin"