.htaccess

FileETag None
AddDefaultCharset utf-8

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

AddType audio/ogg .oga
AddType audio/wav .wav
AddType video/ogg .ogv .ogg
AddType video/mp4 .mp4

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
  Header unset ETag
  # It won't work but dammit, I'm gonna say it anyway
  Header unset Server
  Header unset X-Powered-By
  Header set X-XSS-Protection: "1; mode=block"
  Header set X-Content-Type-Options nosniff
  # interest-cohort blocks (the now dead?) google FLoC: https://twitter.com/henshaw/status/1383807527935119363
  # browsing-topics blocks google topics 
  Header set Permissions-Policy: "geolocation=(), camera=(), microphone=(), payment=(), screen-wake-lock=(), interest-cohort=(), browsing-topics=()"
  Header set Referer-Policy: "origin"
  Header set X-Content-Type-Options: "nosniff"
  Header set X-Frame-Options: DENY
  Header set Cache-Control: "no-transform, immutable, public"
  Header set Referrer-Policy: "strict-origin-when-cross-origin"
</IfModule>
<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>
<IfModule mod_mime.c>
    RemoveHandler .php .phtml .php3 .php4 .php5
    RemoveType .php .phtml .php3 .php4 .php5
</IfModule>
<IfModule mod_php5.c>
    php_flag engine off
</IfModule>
<IfModule mod_deflate.c>
  SetOutputFilter DEFLATE
  
  # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
  <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
      SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
      RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    </IfModule>
  </IfModule>
  # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
  <IfModule filter_module>
    FilterDeclare   COMPRESS
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$text/html'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$text/css'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$text/plain'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$text/xml'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$text/x-component'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/javascript'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/json'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/xml'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/xhtml+xml'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/rss+xml'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/atom+xml'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/vnd.ms-fontobject'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$image/svg+xml'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$image/x-icon'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$application/x-font-ttf'"
    FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = '$font/opentype'"
    FilterChain     COMPRESS
    FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
  </IfModule>
</IfModule>
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/cache-manifest       "access plus 0 seconds"
    ExpiresByType text/html                 "access plus 0 seconds"
    ExpiresByType text/xml                  "access plus 1 hour"
    ExpiresByType application/json          "access plus 0 seconds"
    ExpiresByType application/xml           "access plus 1 hour"
    ExpiresByType application/rss+xml       "access plus 1 hour"
    ExpiresByType application/atom+xml      "access plus 1 hour"
    ExpiresByType audio/mp3                 "access plus 1 month"
    ExpiresByType audio/mp4                 "access plus 1 month"
    ExpiresByType audio/ogg                 "access plus 1 month"
    ExpiresByType audio/wav                 "access plus 1 month"
    ExpiresByType image/x-icon              "access plus 1 month"
    ExpiresByType image/gif                 "access plus 1 month"
    ExpiresByType image/png                 "access plus 1 month"
    ExpiresByType image/jpg                 "access plus 1 month"
    ExpiresByType image/jpeg                "access plus 1 month"
    ExpiresByType image/svg+xml             "access plus 1 month"
    ExpiresByType text/css                  "access plus 1 year"
    ExpiresByType application/javascript    "access plus 1 year"
</IfModule>
<IfModule mod_setenvif.c>
  <IfModule mod_headers.c>
    # mod_headers, y u no match by Content-Type?!
    <FilesMatch "\.(gif|png|jpe?g|svg|svgz|ico|webp)$">
      SetEnvIf Origin ":" IS_CORS
      Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
  </IfModule>
</IfModule>