RewriteEngine On

# Handle shortened URLs - redirect everything except existing files/directories to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^.*(assets|includes|data)/.*$
RewriteCond %{REQUEST_URI} !^.*(\.php|\.css|\.js|\.png|\.jpg|\.gif|\.ico)$
RewriteRule ^([a-zA-Z0-9]+)/?$ index.php [L,QSA]

# Prevent direct access to includes and data directories
RewriteRule ^(includes|data)/ - [F,L]

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>