RewriteEngine On

# Force canonical (non-trailing slash, https). Edit to your domain.
# RewriteCond %{HTTPS} !=on
# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# /guides/<slug>  →  guide.php?slug=<slug>
RewriteRule ^guides/([a-z0-9-]+)/?$ guide.php?slug=$1 [L,QSA]

# /guides → guides.php
RewriteRule ^guides/?$ guides.php [L]

# /about, /terms, /privacy, /contact
RewriteRule ^about/?$   about.php   [L]
RewriteRule ^terms/?$   terms.php   [L]
RewriteRule ^privacy/?$ privacy.php [L]
RewriteRule ^contact/?$ contact.php [L]

# Block direct access to data/api directories from web
RewriteRule ^(data|api|inc)/ - [F,L]

# Cache static assets
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|ico|svg|woff2)$">
  Header set Cache-Control "public, max-age=31536000, immutable"
</FilesMatch>

# Security headers
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"

# Compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json
</IfModule>
