# ==========================================
# CM BİLİŞİM - OPTİMİZASYON (2026)
# ==========================================

# 1. HTTPS Yönlendirme
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)\$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# 2. WWW Yönlendirme
RewriteCond %{HTTP_HOST} ^www\.(.*)\$ [NC]
RewriteRule ^(.*)\$ https://%1/\$1 [L,R=301]

# 3. GZIP Sıkıştırma
<IfModule mod_deflate.c>
 AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/json
</IfModule>

# 4. Tarayıcı Önbellek
<IfModule mod_expires.c>
 ExpiresActive On
 ExpiresByType image/jpg "access plus 1 year"
 ExpiresByType image/jpeg "access plus 1 year"
 ExpiresByType image/gif "access plus 1 year"
 ExpiresByType image/png "access plus 1 year"
 ExpiresByType image/webp "access plus 1 year"
 ExpiresByType text/css "access plus 1 month"
 ExpiresByType application/javascript "access plus 1 month"
 ExpiresByType font/woff2 "access plus 1 year"
</IfModule>

# 5. WebP Desteği
<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteCond %{HTTP_ACCEPT} image/webp
 RewriteCond %{REQUEST_FILENAME} -f
 RewriteRule \.(jpg|jpeg|png)\$ \$1.webp [T=image/webp,E=ACCEPT_WEBP]
</IfModule>

# 6. Güvenlik
<FilesMatch "\.(env|gitignore|htpasswd|sql|bak)\$">
 Order allow,deny
 Deny from all
</FilesMatch>

# 7. CORS Başlıkları
<IfModule mod_headers.c>
 Header set Access-Control-Allow-Origin "*"
 Header set X-Content-Type-Options "nosniff"
 Header set X-XSS-Protection "1; mode=block"
 Header set X-Frame-Options "SAMEORIGIN"
</IfModule>