delight-im/htaccess/master/Source/.htaccess - Htaccess File

delight-im/htaccess/master/Source/.htaccess

# https://github.com/delight-im/htaccess

<ifModule mod_headers.c>

  # Prevent clickjacking (forbids framing by third-party sites)
  Header set X-Frame-Options sameorigin

  # Prevent content sniffing (MIME sniffing)
  Header set X-Content-Type-Options nosniff

  # Attempt to enable XSS filters in browsers, if available, and block reflected XSS
  Header set X-XSS-Protection "1; mode=block"

  # Cache media files for a month
  <FilesMatch ".(js|css|jpg|jpeg|png|svg|webp|gif|ico|ogg|mp4|webm)$">
    Header set Cache-Control max-age=2629800
  </FilesMatch>

  # Remove response headers that provide no value but leak information
  Header unset X-Powered-By

  # Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers
  Header unset ETag

</ifModule>

<IfModule mod_autoindex.c>

  # Turn off directory listings for folders without default documents
  Options -Indexes

</IfModule>

<IfModule mod_negotiation.c>

  # Disable 'MultiViews' implicit filename pattern matches
  Options -MultiViews

</IfModule>

# Serve "text/plain" and "text/html" documents as UTF-8 by default
AddDefaultCharset utf-8

# Disable "ETag" headers so that browsers rely on the "Cache-Control" and "Expires" headers
FileETag None

<ifModule mod_headers.c>

  # Enable HTTP Strict Transport Security (HSTS) with a duration of six months (Uncomment 1 line below)
  # Header set Strict-Transport-Security max-age=15778800

</ifModule>

<ifModule mod_rewrite.c>

  # Force 'www' (i.e. prefix the "bare" domain and all subdomains with 'www' through permanent redirects) (Uncomment 5 lines below)
  # RewriteEngine On
  # RewriteCond %{HTTP_HOST} !^$
  # RewriteCond %{HTTP_HOST} !^www. [NC]
  # RewriteCond %{HTTPS}s ^on(s)|
  # RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

</IfModule>

# Prevent access to non-minified CSS and JS (Uncomment 3 lines below)
# <FilesMatch "(?<!.min).(css|js)$">
#   Require all denied
# </FilesMatch>

# Show a custom error document for "404 Not Found" errors (Uncomment 1 line below)
# ErrorDocument 404 /notFound.html

On Github License

Files

Download PDF of Htaccess file
HTTP_HOST, HTTPS, REQUEST_URI

Comments

Apache