1+ # Do not leak headers.
2+ Header unset X-Powered-By
3+ Header unset Server
4+
5+ # HSTS (force the browser to always use https to this domain
6+ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
7+
8+ # Block other domains of using this domain as an iframe
9+ Header always set X-Frame-Options SAMEORIGIN
10+ Header always set X-Content-Type-Options nosniff
11+
12+ # Enable browsers to use beter XSS protection
13+ Header always set X-XSS-Protection "1; mode=block"
14+
15+ # Only send the referrer header when the next request is to the same application
16+ Header always set Referrer-Policy Same-Origin
17+
118RewriteEngine On
219
320# Handle HTTP Calls
@@ -10,18 +27,69 @@ RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
1027RewriteCond %{REQUEST_FILENAME} !-d
1128RewriteRule ^(.*)/$ /$1 [L,R=301]
1229
13- # Handle Front Controller...
30+ # Redirect all requests that are not files or directories to the index.html
1431RewriteCond %{REQUEST_FILENAME} !-d
1532RewriteCond %{REQUEST_FILENAME} !-f
1633RewriteRule ^ index.html [L]
1734
35+ <IfModule mod_expires.c>
36+ ExpiresActive On
37+ ExpiresDefault "access plus 1 week"
38+
39+ ExpiresByType text/css "access plus 1 month"
40+
41+ ExpiresByType application/atom+xml "access plus 1 hour"
42+ ExpiresByType application/rdf+xml "access plus 1 hour"
43+ ExpiresByType application/rss+xml "access plus 1 hour"
44+
45+ ExpiresByType application/json "access plus 0 seconds"
46+ ExpiresByType application/ld+json "access plus 0 seconds"
47+ ExpiresByType application/schema+json "access plus 0 seconds"
48+ ExpiresByType application/vnd.geo+json "access plus 0 seconds"
49+ ExpiresByType application/xml "access plus 0 seconds"
50+ ExpiresByType text/xml "access plus 0 seconds"
51+
52+ ExpiresByType image/x-icon "access plus 1 month"
53+ ExpiresByType image/vnd.microsoft.icon "access plus 1 month"
54+
55+ ExpiresByType text/html "access plus 1 minute"
56+
57+ ExpiresByType text/javascript "access plus 1 month"
58+ ExpiresByType text/x-javascript "access plus 1 month"
59+ ExpiresByType application/javascript "access plus 1 months"
60+ ExpiresByType application/x-javascript "access plus 1 months"
61+
62+ ExpiresByType image/jpg "access plus 1 month"
63+ ExpiresByType image/jpeg "access plus 1 month"
64+ ExpiresByType image/gif "access plus 1 month"
65+ ExpiresByType image/png "access plus 1 month"
66+ ExpiresByType image/svg+xml "access plus 1 month"
67+ ExpiresByType image/bmp "access plus 1 month"
68+ ExpiresByType image/webp "access plus 1 month"
69+
70+ ExpiresByType audio/ogg "access plus 1 month"
71+
72+ ExpiresByType video/mp4 "access plus 1 month"
73+ ExpiresByType video/ogg "access plus 1 month"
74+ ExpiresByType video/webm "access plus 1 month"
75+
76+ ExpiresByType text/plain "access plus 1 month"
77+ ExpiresByType text/x-component "access plus 1 month"
78+
79+ ExpiresByType application/manifest+json "access plus 1 week"
80+ ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
81+ ExpiresByType text/cache-manifest "access plus 0 seconds"
82+
83+ ExpiresByType application/pdf "access plus 1 month"
84+
85+ ExpiresByType application/x-shockwave-flash "access plus 1 month"
1886
19- <FilesMatch "\.(html|htm|js|css|pl)$">
20- FileETag None
21- <ifModule mod_headers.c>
22- Header unset ETag
23- Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate "
24- Header set Pragma "no-cache "
25- Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT "
26- </ifModule>
27- </FilesMatch >
87+ ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
88+ ExpiresByType font/eot "access plus 1 month"
89+ ExpiresByType font/opentype "access plus 1 month"
90+ ExpiresByType application/x-font-ttf "access plus 1 month"
91+ ExpiresByType application/font-woff "access plus 1 month "
92+ ExpiresByType application/font-woff2 "access plus 1 month "
93+ ExpiresByType application/x-font-woff "access plus 1 month "
94+ ExpiresByType font/woff "access plus 1 month"
95+ </IfModule >
0 commit comments