## details here: https://github.com/h5bp/server-configs-apache
## SECURITY ###################################################################
DirectoryIndex disabled
FileETag None
ServerSignature Off
# Apache < 2.3
Order allow,deny
Deny from all
Satisfy All
# Apache ≥ 2.3
Require all denied
Header set X-Content-Type-Options "nosniff"
Header unset ETag
Header unset X-Powered-By
Options -Indexes
## COMPAT #####################################################################
AddDefaultCharset utf-8
AddCharset utf-8 .css .html .js .json .php .svg
AddType application/font-woff woff
AddType application/font-woff2 woff2
AddType application/json json
AddType application/javascript js
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttc ttf
AddType image/jpeg jpeg jpg
AddType image/png png
AddType image/svg+xml svg svgz
AddType image/x-icon ico
AddType font/opentype otf
AddType text/css css
AddType text/html html
## SPEED ######################################################################
ExpiresActive on
ExpiresDefault "access plus 1 month"
ExpiresByType application/json "access plus 0 seconds"
ExpiresByType text/html "access plus 1 minute"
ExpiresByType image/x-icon "access plus 1 week"
ExpiresByType application/javascript "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType text/css "access plus 1 year"
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
# Apache ≥ 2.3
# mod_filter as module only available for Apache ≥ 2.3.7
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
# Apache < 2.3
AddOutputFilterByType DEFLATE "application/atom+xml" \
"application/javascript" \
"application/json" \
"application/ld+json" \
"application/manifest+json" \
"application/rdf+xml" \
"application/rss+xml" \
"application/schema+json" \
"application/vnd.geo+json" \
"application/vnd.ms-fontobject" \
"application/x-font-ttf" \
"application/x-javascript" \
"application/x-web-app-manifest+json" \
"application/xhtml+xml" \
"application/xml" \
"font/eot" \
"font/opentype" \
"image/bmp" \
"image/svg+xml" \
"image/vnd.microsoft.icon" \
"image/x-icon" \
"text/cache-manifest" \
"text/css" \
"text/html" \
"text/javascript" \
"text/plain" \
"text/vcard" \
"text/vnd.rim.location.xloc" \
"text/vtt" \
"text/x-component" \
"text/x-cross-domain-policy" \
"text/xml"
AddEncoding gzip gz
AddEncoding gzip svgz