# === Force HTTPS === RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # === Redirect www to non-www === RewriteCond %{HTTP_HOST} ^www\.amipro\.me$ [NC] RewriteRule ^(.*)$ https://amipro.me/$1 [L,R=301] # === Serve static robots.txt and sitemap.xml directly (bypass WordPress) === RewriteRule ^robots\.txt$ /robots.txt [L] RewriteRule ^sitemap\.xml$ /sitemap.xml [L] RewriteRule ^llms\.txt$ /llms.txt [L] # === Security Headers === Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS Header always set X-Frame-Options "DENY" Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "strict-origin-when-cross-origin" Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"