# ReviewPR.com - Advanced SEO & Performance .htaccess
# Updated: 2025-10-13 - Optimized for Modern UI

# Enable URL Rewriting
RewriteEngine On

# Advanced Security Headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), autoplay=(), fullscreen=()"
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' data: https: http:; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'none';"
    Header always set Feature-Policy "geolocation 'none'; microphone 'none'; camera 'none'; payment 'none'; usb 'none'; magnetometer 'none'; gyroscope 'none'; autoplay 'none'; fullscreen 'none'"
    Header always set Cross-Origin-Embedder-Policy "unsafe-none"
    Header always set Cross-Origin-Opener-Policy "same-origin"
    Header always set Cross-Origin-Resource-Policy "cross-origin"
</IfModule>

# Advanced Compression
<IfModule mod_deflate.c>
    # Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml
    
    # Remove browser bugs (only needed for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary User-Agent
</IfModule>

# Advanced Browser Caching
<IfModule mod_expires.c>
    ExpiresActive On
    
    # Images
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    
    # Video
    ExpiresByType video/mp4 "access plus 1 year"
    ExpiresByType video/webm "access plus 1 year"
    
    # Fonts
    ExpiresByType font/ttf "access plus 1 year"
    ExpiresByType font/otf "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType application/font-woff "access plus 1 year"
    
    # CSS and JavaScript
    ExpiresByType text/css "access plus 1 year"
    ExpiresByType application/javascript "access plus 1 year"
    ExpiresByType text/javascript "access plus 1 year"
    
    # Documents
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    
    # Data
    ExpiresByType text/xml "access plus 0 seconds"
    ExpiresByType application/xml "access plus 0 seconds"
    ExpiresByType application/json "access plus 0 seconds"
    
    # HTML
    ExpiresByType text/html "access plus 0 seconds"
    
    # Default
    ExpiresDefault "access plus 1 week"
</IfModule>

# Cache Control Headers
<IfModule mod_headers.c>
    # 1 Year for most static assets
    <FilesMatch "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|otf|eot)$">
        Header set Cache-Control "max-age=31536000, public, immutable"
    </FilesMatch>
    
    # 1 Week for HTML
    <FilesMatch "\.(html|htm)$">
        Header set Cache-Control "max-age=604800, public, must-revalidate"
    </FilesMatch>
    
    # No cache for dynamic content
    <FilesMatch "\.(php|pl|cgi)$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires 0
    </FilesMatch>
</IfModule>

# Security - Prevent access to sensitive files
<Files "config.php">
    Order allow,deny
    Deny from all
</Files>

<Files "db.php">
    Order allow,deny
    Deny from all
</Files>

<Files ".env">
    Order allow,deny
    Deny from all
</Files>

<Files "env.php">
    Order allow,deny
    Deny from all
</Files>

<Files "*.log">
    Order allow,deny
    Deny from all
</Files>

# SEO-Friendly URL Rewrites
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Service page rewrites
RewriteRule ^trustpilot-reviews/?$ /index.php?service=trustpilot [L,QSA]
RewriteRule ^google-reviews/?$ /index.php?service=google [L,QSA]
RewriteRule ^g2-reviews/?$ /index.php?service=g2 [L,QSA]
RewriteRule ^capterra-reviews/?$ /index.php?service=capterra [L,QSA]
RewriteRule ^sitejabber-reviews/?$ /index.php?service=sitejabber [L,QSA]

# Information pages
RewriteRule ^about/?$ /index.php?page=about [L,QSA]
RewriteRule ^contact/?$ /index.php?page=contact [L,QSA]
RewriteRule ^pricing/?$ /index.php?page=pricing [L,QSA]
RewriteRule ^faq/?$ /index.php?page=faq [L,QSA]
RewriteRule ^testimonials/?$ /index.php?page=testimonials [L,QSA]
RewriteRule ^blog/?$ /index.php?page=blog [L,QSA]

# Remove trailing slashes (SEO best practice)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{THE_REQUEST} /+([^?]+?)/+(\?.*)?(\s|\#|$)
RewriteRule ^ /%1%2 [R=301,L]

# Remove index.php from URLs
RewriteCond %{THE_REQUEST} /+index\.php(\?[^?\s]*)?(\s|\#|$)
RewriteRule ^index\.php$ /%1 [R=301,L]

# Force lowercase URLs (SEO best practice)
RewriteCond %{REQUEST_URI} [A-Z]
RewriteRule (.*) ${lowercase:$1} [R=301,L]

# Remove www (choose one - with or without www)
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Prevent directory browsing
Options -Indexes -MultiViews

# Follow symbolic links
Options +FollowSymLinks

# Default charset
AddDefaultCharset UTF-8

# MIME Types for better SEO
AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType font/woff .woff
AddType font/woff2 .woff2
AddType image/svg+xml .svg .svgz
AddEncoding gzip .svgz

# Error Pages (SEO-friendly)
ErrorDocument 404 /404.php
ErrorDocument 403 /403.php
ErrorDocument 500 /500.php

# Prevent access to version control
RedirectMatch 404 /\.git

# Block access to backup files
<FilesMatch "\.(bak|backup|old|orig|original|tmp|temp)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Block access to log files
<FilesMatch "\.log$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Performance - ETags
FileETag MTime Size

# Performance - Remove ETags for better caching
<IfModule mod_headers.c>
    Header unset ETag
</IfModule>
