diff --git a/.htaccess b/.htaccess
index e2bbc23..da6358e 100644
--- a/.htaccess
+++ b/.htaccess
@@ -1,18 +1,161 @@
-DirectoryIndex index.php index.html
+# KI-Fit Check - AI Readiness Assessment Tool
+# .htaccess Configuration
+
+# Set default index files (your HTML file doesn't have PHP, so removed index.php)
+DirectoryIndex index.html
+
+# Security & Performance Settings
 Options -Indexes
 Options -MultiViews
+ServerSignature Off
 
+# Enable Rewrite Engine
 RewriteEngine On
 
+# Force HTTPS (if you have SSL certificate)
+# Uncomment when you have SSL installed
+# RewriteCond %{HTTPS} off
+# RewriteCond %{HTTP_HOST} !^localhost [NC]
+# RewriteCond %{HTTP_HOST} !^127\.0\.0\.1 [NC]
+# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
+
+# ===== SECURITY HEADERS =====
+<IfModule mod_headers.c>
+    # Prevent MIME type sniffing
+    Header set X-Content-Type-Options "nosniff"
+    
+    # Enable XSS protection
+    Header set X-XSS-Protection "1; mode=block"
+    
+    # Prevent clickjacking
+    Header set X-Frame-Options "SAMEORIGIN"
+    
+    # Referrer Policy
+    Header set Referrer-Policy "strict-origin-when-cross-origin"
+    
+    # Content Security Policy (adjust based on your needs)
+    # Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self';"
+</IfModule>
+
+# ===== PERFORMANCE OPTIMIZATION =====
+<IfModule mod_expires.c>
+    ExpiresActive On
+    
+    # Images
+    ExpiresByType image/jpeg "access plus 1 year"
+    ExpiresByType image/png "access plus 1 year"
+    ExpiresByType image/gif "access plus 1 year"
+    ExpiresByType image/svg+xml "access plus 1 year"
+    ExpiresByType image/webp "access plus 1 year"
+    
+    # Fonts
+    ExpiresByType font/ttf "access plus 1 year"
+    ExpiresByType font/otf "access plus 1 year"
+    ExpiresByType font/woff "access plus 1 year"
+    ExpiresByType font/woff2 "access plus 1 year"
+    
+    # CSS & JavaScript
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType text/javascript "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
+    
+    # HTML
+    ExpiresByType text/html "access plus 1 hour"
+</IfModule>
+
+<IfModule mod_deflate.c>
+    # Compress HTML, CSS, JavaScript, Text, XML and fonts
+    AddOutputFilterByType DEFLATE text/html
+    AddOutputFilterByType DEFLATE text/css
+    AddOutputFilterByType DEFLATE text/javascript
+    AddOutputFilterByType DEFLATE text/plain
+    AddOutputFilterByType DEFLATE text/xml
+    AddOutputFilterByType DEFLATE application/javascript
+    AddOutputFilterByType DEFLATE application/json
+    AddOutputFilterByType DEFLATE application/xml
+    AddOutputFilterByType DEFLATE application/xhtml+xml
+    AddOutputFilterByType DEFLATE application/rss+xml
+    AddOutputFilterByType DEFLATE application/atom+xml
+    AddOutputFilterByType DEFLATE image/svg+xml
+    AddOutputFilterByType DEFLATE font/ttf
+    AddOutputFilterByType DEFLATE font/otf
+    AddOutputFilterByType DEFLATE font/woff
+    AddOutputFilterByType DEFLATE font/woff2
+</IfModule>
+
+# ===== URL REWRITING =====
+
 # 0) Serve existing files/directories as-is
 RewriteCond %{REQUEST_FILENAME} -f [OR]
 RewriteCond %{REQUEST_FILENAME} -d
 RewriteRule ^ - [L]
 
-# 1) Internal map: /page or /page/ -> /page.php (if such PHP file exists)
-RewriteCond %{REQUEST_FILENAME}.php -f
-RewriteRule ^(.+?)/?$ $1.php [L]
+# 1) Handle clean URLs for questionnaire
+# Rewrite /ki-fit-check to /index.html (your main page)
+RewriteRule ^ki-fit-check/?$ /index.html [L]
 
-# 2) Optional: strip trailing slash for non-directories (keeps .php links working)
+# 2) Handle other pages if they exist
+# Example: Rewrite /kontakt to /contact.html
+# RewriteRule ^kontakt/?$ /contact.html [L]
+# RewriteRule ^agb/?$ /terms.html [L]
+# RewriteRule ^datenschutz/?$ /privacy.html [L]
+
+# 3) Remove trailing slashes for non-directories
 RewriteCond %{REQUEST_FILENAME} !-d
-RewriteRule ^(.+)/$ $1 [R=301,L]
+RewriteCond %{REQUEST_URI} (.+)/$
+RewriteRule ^ %1 [R=301,L]
+
+# 4) Custom error pages (if you create them)
+# ErrorDocument 404 /404.html
+# ErrorDocument 500 /500.html
+
+# ===== REDIRECTIONS (OPTIONAL) =====
+
+# Redirect old .php URLs to clean URLs (if migrating)
+# RewriteRule ^index\.php$ / [R=301,L]
+# RewriteRule ^ki-fit-check\.php$ /ki-fit-check [R=301,L]
+
+# Redirect www to non-www (or vice versa)
+# Uncomment and choose one:
+# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
+# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
+
+# OR non-www to www:
+# RewriteCond %{HTTP_HOST} !^www\. [NC]
+# RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]
+
+# ===== BLOCK ACCESS TO SENSITIVE FILES =====
+<FilesMatch "^\.">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
+<FilesMatch "\.(log|sql|bak|inc|cfg|config|ini)$">
+    Order allow,deny
+    Deny from all
+</FilesMatch>
+
+# ===== CORS SETTINGS (if needed for API calls) =====
+<IfModule mod_headers.c>
+    # Allow requests from your domain only
+    Header set Access-Control-Allow-Origin "https://yourdomain.com"
+    
+    # Allow specific methods
+    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
+    
+    # Allow specific headers
+    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
+</IfModule>
+
+# ===== CACHE CONTROL =====
+<IfModule mod_headers.c>
+    # Cache static assets
+    <FilesMatch "\.(css|js|jpg|jpeg|png|gif|svg|woff|woff2|ttf|eot|ico)$">
+        Header set Cache-Control "public, max-age=31536000, immutable"
+    </FilesMatch>
+    
+    # Don't cache HTML files (except static pages)
+    <FilesMatch "\.(html)$">
+        Header set Cache-Control "public, max-age=3600, must-revalidate"
+    </FilesMatch>
+</IfModule>
\ No newline at end of file