## details here: https://github.com/h5bp/server-configs-apache



## SECURITY ###################################################################

DirectoryIndex disabled
FileETag None
ServerSignature Off

# Apache < 2.3
<IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    Satisfy All
</IfModule>

# Apache ≥ 2.3
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header unset ETag
    Header unset X-Powered-By
</IfModule>

<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>



## COMPAT #####################################################################

AddDefaultCharset utf-8

<IfModule mod_mime.c>
    AddCharset utf-8 .css .html .js .json .php .svg

    AddType application/font-woff                       woff
    AddType application/font-woff2                      woff2
    AddType application/json                            json
    AddType application/javascript                      js
    AddType application/vnd.ms-fontobject               eot
    AddType application/x-font-ttf                      ttc ttf
    AddType image/jpeg                                  jpeg jpg
    AddType image/png                                   png
    AddType image/svg+xml                               svg svgz
    AddType image/x-icon                                ico
    AddType font/opentype                               otf
    AddType text/css                                    css
    AddType text/html                                   html
</IfModule>



## SPEED ######################################################################

<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresDefault                                      "access plus 1 month"

    ExpiresByType application/json                      "access plus 0 seconds"

    ExpiresByType text/html                             "access plus 1 minute"

    ExpiresByType image/x-icon                          "access plus 1 week"

    ExpiresByType application/javascript                "access plus 1 year"
    ExpiresByType image/jpeg                            "access plus 1 year"
    ExpiresByType image/png                             "access plus 1 year"
    ExpiresByType image/svg+xml                         "access plus 1 year"
    ExpiresByType text/css                              "access plus 1 year"
</IfModule>

<IfModule mod_deflate.c>
    <IfModule mod_setenvif.c>
        <IfModule mod_headers.c>
            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
        </IfModule>
    </IfModule>

    # Apache ≥ 2.3
    <IfModule mod_authz_core.c>
        # mod_filter as module only available for Apache ≥ 2.3.7
        <IfModule mod_filter.c>
            AddOutputFilterByType DEFLATE "application/atom+xml" \
                                          "application/javascript" \
                                          "application/json" \
                                          "application/ld+json" \
                                          "application/manifest+json" \
                                          "application/rdf+xml" \
                                          "application/rss+xml" \
                                          "application/schema+json" \
                                          "application/vnd.geo+json" \
                                          "application/vnd.ms-fontobject" \
                                          "application/x-font-ttf" \
                                          "application/x-javascript" \
                                          "application/x-web-app-manifest+json" \
                                          "application/xhtml+xml" \
                                          "application/xml" \
                                          "font/eot" \
                                          "font/opentype" \
                                          "image/bmp" \
                                          "image/svg+xml" \
                                          "image/vnd.microsoft.icon" \
                                          "image/x-icon" \
                                          "text/cache-manifest" \
                                          "text/css" \
                                          "text/html" \
                                          "text/javascript" \
                                          "text/plain" \
                                          "text/vcard" \
                                          "text/vnd.rim.location.xloc" \
                                          "text/vtt" \
                                          "text/x-component" \
                                          "text/x-cross-domain-policy" \
                                          "text/xml"
        </IfModule>
    </IfModule>

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
            AddOutputFilterByType DEFLATE "application/atom+xml" \
                                          "application/javascript" \
                                          "application/json" \
                                          "application/ld+json" \
                                          "application/manifest+json" \
                                          "application/rdf+xml" \
                                          "application/rss+xml" \
                                          "application/schema+json" \
                                          "application/vnd.geo+json" \
                                          "application/vnd.ms-fontobject" \
                                          "application/x-font-ttf" \
                                          "application/x-javascript" \
                                          "application/x-web-app-manifest+json" \
                                          "application/xhtml+xml" \
                                          "application/xml" \
                                          "font/eot" \
                                          "font/opentype" \
                                          "image/bmp" \
                                          "image/svg+xml" \
                                          "image/vnd.microsoft.icon" \
                                          "image/x-icon" \
                                          "text/cache-manifest" \
                                          "text/css" \
                                          "text/html" \
                                          "text/javascript" \
                                          "text/plain" \
                                          "text/vcard" \
                                          "text/vnd.rim.location.xloc" \
                                          "text/vtt" \
                                          "text/x-component" \
                                          "text/x-cross-domain-policy" \
                                          "text/xml"
    </IfModule>

    <IfModule mod_mime.c>
        AddEncoding gzip              gz
        AddEncoding gzip              svgz
    </IfModule>
</IfModule>
