-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
40 lines (36 loc) · 1.65 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
RewriteEngine On
# rewrite www to non www
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# expires caching
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 6 month"
ExpiresByType image/jpeg "access plus 6 month"
ExpiresByType image/gif "access plus 6 month"
ExpiresByType image/png "access plus 6 month"
ExpiresByType text/css "access plus 6 month"
ExpiresByType application/pdf "access plus 6 month"
ExpiresByType text/x-javascript "access plus 6 month"
ExpiresByType application/x-javascript "access plus 6 month"
ExpiresByType application/javascript "access plus 6 month"
ExpiresByType application/x-shockwave-flash "access plus 6 month"
ExpiresByType image/x-icon "access plus 6 month"
ExpiresByType image/icon "access plus 3 month"
ExpiresByType application/x-ico "access plus 6 month"
ExpiresByType application/ico "access plus 6 month"
ExpiresDefault "access plus 1 days"
</IfModule>
# gzip compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript application/javascript application/json
</IfModule>
# Security
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Header set Content-Security-Policy "default-src 'self'; img-src 'self' data:; script-src 'self'; style-src 'self'; object-src 'self'; font-src 'self' data:;"
Header set X-Content-Type-Options nosniff
Header set X-Frame-Options DENY
Header set X-XSS-Protection "1; mode=block"
Header set Referrer-Policy "no-referrer"
</IfModule>