# Activate gzip compression of text mod_gzip_on Yes # Set HTTP Strict Transport Security (HSTS) header and optimize for preload list (https://hstspreload.org) (63072000 seconds = 2 years) Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header append X-Frame-Options "SAMEORIGIN" Header unset X-Powered-By Header unset Server Header set Content-Security-Policy: "object-src 'none'; script-src 'self' 'unsafe-inline'; font-src 'self'; manifest-src 'self'; connect-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'none'" Header set Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), usb=()" Header set Referrer-Policy "no-referrer" # Add correct content-type for fonts AddType application/vnd.ms-fontobject .eot AddType application/x-font-ttf .ttf AddType application/x-font-opentype .otf AddType application/x-font-woff .woff AddType application/x-font-woff2 .woff2 AddType image/svg+xml .svg # Create file hashes based on the modification time and size. # If the modification time or size of the file changes # the existing cache is invalidated on the user's web browser FileETag MTime Size # Configure expiry periods ExpiresActive On ExpiresByType text/css "access plus 1 weeks" ExpiresByType application/javascript "access plus 1 weeks" ExpiresByType application/x-javascript "access plus 1 weeks" ExpiresByType image/gif "access plus 1 months" ExpiresByType image/jpeg "access plus 1 months" ExpiresByType image/png "access plus 1 months" ExpiresByType image/x-icon "access plus 1 months" ExpiresByType application/vnd.ms-fontobject "access plus 1 years" ExpiresByType application/x-font-ttf "access plus 1 years" ExpiresByType application/x-font-opentype "access plus 1 years" ExpiresByType application/x-font-woff "access plus 1 years" ExpiresByType application/x-font-woff2 "access plus 1 years" ExpiresByType image/svg+xml "access plus 1 years"