.htaccess

# Redirect www to non-www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [L,R=301]

# Custom error pages
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
ErrorDocument 500 /500.php

# Protect sensitive files
<FilesMatch "^\.(.*)$|\.log$|\.sql$|\.conf$|config\.php$|\.email-config\.php$|\.htaccess|\.htpasswd|\.ini|\.sh|\.inc|\.bak$">
    Require all denied
</FilesMatch>

# Protect handlers (POST only)
<Files "contact-handler.php">
    <LimitExcept POST>
        Require all denied
    </LimitExcept>
</Files>
<Files "quote-handler.php">
    <LimitExcept POST>
        Require all denied
    </LimitExcept>
</Files>

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=()"
    <FilesMatch "(quote|contact)\.php$">
        Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
        Header set Pragma "no-cache"
    </FilesMatch>
</IfModule>

# Compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/javascript application/json image/svg+xml font/woff font/woff2
</IfModule>

# Caching
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/json "access plus 0 seconds"
    ExpiresDefault "access plus 1 week"
</IfModule>
<IfModule mod_headers.c>
    <FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico|woff|woff2|ttf|otf)$">
        Header set Cache-Control "max-age=31536000, public, immutable"
    </FilesMatch>
    <FilesMatch "\.(css|js)$">
        Header set Cache-Control "max-age=2592000, public"
    </FilesMatch>
    Header set Connection keep-alive
</IfModule>

FileETag None
Header unset ETag
Options -Indexes
ServerSignature Off

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Block requests for non-existent PHP files (webshell scanners)
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule \.php$ - [F,L]

    # Redirect old pages to homepage
    RewriteRule ^services(/.*)?$ / [R=301,L]
    RewriteRule ^locations(/.*)?$ / [R=301,L]
    RewriteRule ^tools(/.*)?$ / [R=301,L]
    RewriteRule ^project-types/?$ / [R=301,L]
    RewriteRule ^web-scraping-services(/.*)?$ / [R=301,L]
    RewriteRule ^data-scraping-services(/.*)?$ / [R=301,L]
    RewriteRule ^price-monitoring-services(/.*)?$ / [R=301,L]
    RewriteRule ^data-analytics-services(/.*)?$ / [R=301,L]
    RewriteRule ^data-analytics-consultancy-london(/.*)?$ / [R=301,L]
    RewriteRule ^data-analytics-services-london(/.*)?$ / [R=301,L]
    RewriteRule ^data-services-london(/.*)?$ / [R=301,L]

    # Clean URL rewriting - remove .php extension
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME}.php -f
    RewriteRule ^(.+?)/?$ $1.php [END]

    # Block access to sensitive directories
    RewriteRule ^(logs|database|docker)(/.*)?$ - [F,L]
    RewriteRule ^\.git(/.*)?$ - [F,L]
</IfModule>
SEO: fix 404 redirects, sitemap cleanup, canonical fix, internal links - .htaccess: 301 redirect data-analytics-companies-london-top-providers → -compared - .htaccess: 301 redirect gdpr-compliance-web-scraping-uk-guide → web-scraping-compliance-uk-guide - sitemap.xml: remove redirecting /services/data-analytics entry - sitemap.xml: remove duplicate real-time-analytics-streaming (2025) entry - sitemap.xml: add locations/london, /manchester, /birmingham pages - real-time-analytics-streaming.php: canonical → real-time-analytics-streaming-data (2026 version) - data-analytics-companies-london-top-providers-compared.php: internal link to churn article - python-data-pipeline-tools-2025.php: internal link to churn article - real-time-analytics-streaming-data.php: internal link to churn article 2026-02-20 11:00:23 +00:00			`# Redirect www to non-www`
			`RewriteEngine On`
Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]`
SEO: fix 404 redirects, sitemap cleanup, canonical fix, internal links - .htaccess: 301 redirect data-analytics-companies-london-top-providers → -compared - .htaccess: 301 redirect gdpr-compliance-web-scraping-uk-guide → web-scraping-compliance-uk-guide - sitemap.xml: remove redirecting /services/data-analytics entry - sitemap.xml: remove duplicate real-time-analytics-streaming (2025) entry - sitemap.xml: add locations/london, /manchester, /birmingham pages - real-time-analytics-streaming.php: canonical → real-time-analytics-streaming-data (2026 version) - data-analytics-companies-london-top-providers-compared.php: internal link to churn article - python-data-pipeline-tools-2025.php: internal link to churn article - real-time-analytics-streaming-data.php: internal link to churn article 2026-02-20 11:00:23 +00:00			`RewriteRule ^(.*)$ https://%1/$1 [L,R=301]`

Fix navbar across all pages: add nav include, fonts, active state, spacing, stats, error pages - Add nav.php include to 5 missing pages (cost-calculator, thank-you, 403, 404, 500) - Add ErrorDocument directives to .htaccess for custom 403/404/500 pages - Fix bogus accuracy stats (homepage, web-scraping, location pages) - Fix invisible CTA buttons on property and financial service pages - Add Google Fonts (Roboto Slab + Lato) to all pages missing it (tools, blog articles, error pages) - Add active nav link highlighting (teal underline for current page) - Improve footer contrast to WCAG AA, equal-height cards, mobile text scaling - Consistent navbar-to-content spacing across all pages - Bump cache version to v1.1.3 2026-02-11 07:15:11 +00:00			`# Custom error pages`
			`ErrorDocument 403 /403.php`
			`ErrorDocument 404 /404.php`
			`ErrorDocument 500 /500.php`

Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Protect sensitive files`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`<FilesMatch "^\.(.*)$\|\.log$\|\.sql$\|\.conf$\|config\.php$\|\.email-config\.php$\|\.htaccess\|\.htpasswd\|\.ini\|\.sh\|\.inc\|\.bak$">`
			`Require all denied`
			`</FilesMatch>`

Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Protect handlers (POST only)`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`<Files "contact-handler.php">`
			`<LimitExcept POST>`
			`Require all denied`
			`</LimitExcept>`
			`</Files>`
			`<Files "quote-handler.php">`
			`<LimitExcept POST>`
			`Require all denied`
			`</LimitExcept>`
			`</Files>`

			`# Security headers`
			`<IfModule mod_headers.c>`
			`Header always set X-Content-Type-Options "nosniff"`
			`Header always set X-Frame-Options "SAMEORIGIN"`
			`Header always set Referrer-Policy "strict-origin-when-cross-origin"`
Security hardening + new tools deployment - Hide Apache version (ServerTokens Prod) - Add Permissions-Policy header - Remove deprecated X-XSS-Protection - Consolidate security headers to .htaccess only (remove duplicates from PHP) - Deploy free tools: robots-analyzer, data-converter - Deploy tools announcement blog post - Update sitemap with new tools and blog post 2026-02-05 04:11:15 +00:00			`Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=(), usb=()"`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`<FilesMatch "(quote\|contact)\.php$">`
			`Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"`
			`Header set Pragma "no-cache"`
			`</FilesMatch>`
			`</IfModule>`

Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Compression`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`<IfModule mod_deflate.c>`
Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript application/javascript application/json image/svg+xml font/woff font/woff2`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`</IfModule>`

Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Caching`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`<IfModule mod_expires.c>`
			`ExpiresActive On`
			`ExpiresByType image/jpeg "access plus 1 year"`
			`ExpiresByType image/png "access plus 1 year"`
			`ExpiresByType image/webp "access plus 1 year"`
			`ExpiresByType image/svg+xml "access plus 1 year"`
			`ExpiresByType image/x-icon "access plus 1 year"`
			`ExpiresByType font/woff "access plus 1 year"`
			`ExpiresByType font/woff2 "access plus 1 year"`
			`ExpiresByType text/css "access plus 1 month"`
			`ExpiresByType application/javascript "access plus 1 month"`
			`ExpiresByType application/json "access plus 0 seconds"`
			`ExpiresDefault "access plus 1 week"`
			`</IfModule>`
			`<IfModule mod_headers.c>`
Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`<FilesMatch "\.(jpg\|jpeg\|png\|gif\|webp\|svg\|ico\|woff\|woff2\|ttf\|otf)$">`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`Header set Cache-Control "max-age=31536000, public, immutable"`
			`</FilesMatch>`
			`<FilesMatch "\.(css\|js)$">`
			`Header set Cache-Control "max-age=2592000, public"`
			`</FilesMatch>`
			`Header set Connection keep-alive`
			`</IfModule>`

			`FileETag None`
			`Header unset ETag`
			`Options -Indexes`
Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`ServerSignature Off`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00
			`<IfModule mod_rewrite.c>`
			`RewriteEngine On`

Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Block requests for non-existent PHP files (webshell scanners)`
Block scanner IPs and non-existent PHP file requests 2026-03-02 11:15:06 +00:00			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteRule \.php$ - [F,L]`

Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Redirect old pages to homepage`
			`RewriteRule ^services(/.*)?$ / [R=301,L]`
			`RewriteRule ^locations(/.*)?$ / [R=301,L]`
			`RewriteRule ^tools(/.*)?$ / [R=301,L]`
			`RewriteRule ^project-types/?$ / [R=301,L]`
			`RewriteRule ^web-scraping-services(/.*)?$ / [R=301,L]`
			`RewriteRule ^data-scraping-services(/.*)?$ / [R=301,L]`
			`RewriteRule ^price-monitoring-services(/.*)?$ / [R=301,L]`
			`RewriteRule ^data-analytics-services(/.*)?$ / [R=301,L]`
			`RewriteRule ^data-analytics-consultancy-london(/.*)?$ / [R=301,L]`
			`RewriteRule ^data-analytics-services-london(/.*)?$ / [R=301,L]`
			`RewriteRule ^data-services-london(/.*)?$ / [R=301,L]`
SEO: fix 404 redirects, sitemap cleanup, canonical fix, internal links - .htaccess: 301 redirect data-analytics-companies-london-top-providers → -compared - .htaccess: 301 redirect gdpr-compliance-web-scraping-uk-guide → web-scraping-compliance-uk-guide - sitemap.xml: remove redirecting /services/data-analytics entry - sitemap.xml: remove duplicate real-time-analytics-streaming (2025) entry - sitemap.xml: add locations/london, /manchester, /birmingham pages - real-time-analytics-streaming.php: canonical → real-time-analytics-streaming-data (2026 version) - data-analytics-companies-london-top-providers-compared.php: internal link to churn article - python-data-pipeline-tools-2025.php: internal link to churn article - real-time-analytics-streaming-data.php: internal link to churn article 2026-02-20 11:00:23 +00:00
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00			`# Clean URL rewriting - remove .php extension`
			`RewriteCond %{REQUEST_FILENAME} !-d`
			`RewriteCond %{REQUEST_FILENAME} !-f`
			`RewriteCond %{REQUEST_FILENAME}.php -f`
Fix internal redirect loop on trailing-slash URLs 2026-03-02 11:08:53 +00:00			`RewriteRule ^(.+?)/?$ $1.php [END]`
Fix quote page gap: wrap noscript fallback, reduce hero/form padding 2026-02-04 03:17:55 +00:00
Rebrand: UK AI Automation — new domain, logo, indigo colour scheme, AI services content 2026-03-21 09:48:46 +00:00			`# Block access to sensitive directories`
			`RewriteRule ^(logs\|database\|docker)(/.*)?$ - [F,L]`
			`RewriteRule ^\.git(/.*)?$ - [F,L]`
Security hardening + new tools deployment - Hide Apache version (ServerTokens Prod) - Add Permissions-Policy header - Remove deprecated X-XSS-Protection - Consolidate security headers to .htaccess only (remove duplicates from PHP) - Deploy free tools: robots-analyzer, data-converter - Deploy tools announcement blog post - Update sitemap with new tools and blog post 2026-02-05 04:11:15 +00:00			`</IfModule>`