# Global headers for security and performance
/*
  X-Frame-Options: DENY
  X-Content-Type-Options: nosniff
  Referrer-Policy: strict-origin-when-cross-origin
  Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload"
  Permissions-Policy: "camera=(), microphone=(), geolocation=()"
  Content-Security-Policy: "default-src 'self'; script-src 'self' https://static.cloudflareinsights.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'"

# Cache static assets for maximum performance
/assets/*
  Cache-Control: public, max-age=31536000, immutable
  
/*.js
  Cache-Control: public, max-age=31536000, immutable
  
/*.css
  Cache-Control: public, max-age=31536000, immutable
  
/*.woff2
  Cache-Control: public, max-age=31536000, immutable
  
/*.woff
  Cache-Control: public, max-age=31536000, immutable

# Images - 30 days cache
/*.svg
  Cache-Control: public, max-age=2592000
  
/*.png
  Cache-Control: public, max-age=2592000
  
/*.jpg
  Cache-Control: public, max-age=2592000
  
/*.jpeg
  Cache-Control: public, max-age=2592000
  
/*.webp
  Cache-Control: public, max-age=2592000
  
/*.avif
  Cache-Control: public, max-age=2592000
  
/*.ico
  Cache-Control: public, max-age=2592000

# Manifest and service worker
/site.webmanifest
  Cache-Control: public, max-age=86400
  
/sw.js
  Cache-Control: public, max-age=0, must-revalidate

# Offline page and HTML caching
/*.html
  Cache-Control: public, max-age=60, must-revalidate

/offline.html
  Cache-Control: public, max-age=3600