# === Force HTTPS ===
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# === Redirect www to non-www ===
RewriteCond %{HTTP_HOST} ^www\.amipro\.me$ [NC]
RewriteRule ^(.*)$ https://amipro.me/$1 [L,R=301]

# === Serve static robots.txt and sitemap.xml directly (bypass WordPress) ===
RewriteRule ^robots\.txt$ /robots.txt [L]
RewriteRule ^sitemap\.xml$ /sitemap.xml [L]

# === Security Headers ===
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
    Header always set X-Frame-Options "DENY"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"
</IfModule>
