AddDefaultCharset UTF-8
Options -Indexes
# Security Headers
<IfModule mod_headers.c>
	Header set Content-Security-Policy "upgrade-insecure-requests" # instructs user agents to treat all of a sites insecure URLs (those served over HTTP) as though they have been replaced with secure URLs (those served over HTTPS).
	Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" # only accessible through https
	Header set X-Xss-Protection "1; mode=block" # Enables XSS filtering. Rather than sanitizing the page, the browser will prevent rendering of the page if an attack is detected.
	 # Header set X-Frame-Options "SAMEORIGIN" # prevent iframe from other websites
	Header set X-Content-Type-Options "nosniff" # always use the MIME type that is declared in the Content-Type header rather than trying to determine the MIME type based
	Header set Referrer-Policy "strict-origin-when-cross-origin" # only the origin is sent in the Referer header of cross-origin requests.
	Header set Permissions-Policy "geolocation=self" # The feature will be allowed in this document, and in all nested browsing contexts (<iframe>s) in the same origin only.
</IfModule>

# BEGIN Expire headers
<IfModule mod_expires.c>
 ExpiresActive On
 ExpiresDefault "access plus 7200 seconds"
 ExpiresByType image/jpg "access plus one week"
 ExpiresByType image/jpeg "access plus one week"
 ExpiresByType image/png "access plus one week"
 ExpiresByType image/gif "access plus one week"
 ExpiresByType image/ico "access plus 2592000 seconds"
 ExpiresByType image/icon "access plus 2592000 seconds"
 ExpiresByType image/x-icon "access plus 2592000 seconds"
 ExpiresByType text/css "access plus 2592000 seconds"
 ExpiresByType text/javascript "access plus 2592000 seconds"
 ExpiresByType text/html "access plus 7200 seconds"
 ExpiresByType application/xhtml+xml "access plus 7200 seconds"
 ExpiresByType application/javascript "access plus 2592000 seconds"
 ExpiresByType application/x-javascript "access plus 2592000 seconds"
</IfModule>
# END Expire headers
 
 # BEGIN Cache-Control Headers
<IfModule mod_headers.c>
 <FilesMatch "\.(ico|jpe?g|png|gif|swf|css|gz)$">
 	Header set Cache-Control "max-age=2592000, public"
 </FilesMatch>
 <FilesMatch "\.(js)$">
 	Header set Cache-Control "max-age=2592000, private"
 </FilesMatch>
 <FilesMatch "\.(html?|php)$">
	Header set Cache-Control "max-age=10, private, must-revalidate"
 </FilesMatch>
</IfModule>
# END Cache-Control Headers
