1- # Apache Server Configs v5.1 .0 | MIT License
1+ # Apache Server Configs v6.0 .0 | MIT License
22# https://github.com/h5bp/server-configs-apache
33
44# (!) Using `.htaccess` files slows down Apache, therefore, if you have
@@ -160,8 +160,7 @@ Options -MultiViews
160160
161161 AddType audio/mp4 f4a f4b m4a
162162 AddType audio/ogg oga ogg opus
163- AddType image/avif avif
164- AddType image/avif-sequence avifs
163+ AddType image/avif avif avifs
165164 AddType image/bmp bmp
166165 AddType image/jxl jxl
167166 AddType image/svg+xml svg svgz
@@ -691,7 +690,7 @@ AddDefaultCharset utf-8
691690# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
692691
693692# <IfModule mod_headers.c>
694- # # (1)
693+ # # (1)
695694# Header always set Referrer-Policy "strict-origin-when-cross-origin" "expr=%{CONTENT_TYPE} =~ m#text\/(css|html|javascript)|application\/pdf|xml#i"
696695# </IfModule>
697696
@@ -931,6 +930,11 @@ ServerSignature Off
931930# (!) To make this part relevant, you need to generate encoded files by your
932931# own. Enabling this part will not auto-generate brotlied files.
933932#
933+ # (!) In special case of serving pre-compressed content only, note that
934+ # `DirectoryIndex` directive adjustments could be required to change
935+ # default resources priorities.
936+ # https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
937+ #
934938# (1) Remove default Content-Language header added for .br files.
935939# https://httpd.apache.org/docs/current/mod/mod_mime.html#multipleext
936940#
@@ -994,13 +998,18 @@ ServerSignature Off
994998# (!) To make this part relevant, you need to generate encoded files by your
995999# own. Enabling this part will not auto-generate gziped files.
9961000#
997- # https://httpd.apache.org/docs/current/mod/mod_deflate.html#precompressed
1001+ # (!) In special case of serving pre-compressed content only, note that
1002+ # `DirectoryIndex` directive adjustments could be required to change
1003+ # default resources priorities.
1004+ # https://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
9981005#
9991006# (1) Removing default MIME Type for .gz files allowing to add custom
10001007# sub-types.
10011008# You may prefer using less generic extensions such as .html_gz in order to
10021009# keep the default behavior regarding .gz files.
10031010# https://httpd.apache.org/docs/current/mod/mod_mime.html#removetype
1011+ #
1012+ # https://httpd.apache.org/docs/current/mod/mod_deflate.html#precompressed
10041013
10051014# <IfModule mod_rewrite.c>
10061015
@@ -1046,38 +1055,6 @@ ServerSignature Off
10461055
10471056# </IfModule>
10481057
1049- # ----------------------------------------------------------------------
1050- # | Content transformation |
1051- # ----------------------------------------------------------------------
1052-
1053- # Prevent intermediate caches or proxies (such as those used by mobile
1054- # network providers) and browsers data-saving features from modifying
1055- # the website's content using the `cache-control: no-transform` directive.
1056- #
1057- # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
1058- # https://tools.ietf.org/html/rfc7234#section-5.2.2.4
1059- #
1060- # (!) Carefully consider the impact on your visitors before disabling
1061- # content transformation. These transformations are performed to
1062- # improve the experience for data- and cost-constrained users
1063- # (e.g. users on a 2G connection).
1064- #
1065- # You can test the effects of content transformation applied by
1066- # Google's Lite Mode by visiting: https://googleweblight.com/i?u=https://www.example.com
1067- #
1068- # https://support.google.com/webmasters/answer/6211428
1069- #
1070- # (!) If you are using `mod_pagespeed`, note that disabling this will
1071- # prevent `PageSpeed` from rewriting HTML files, and, if the
1072- # `ModPagespeedDisableRewriteOnNoTransform` directive isn't set to
1073- # `off`, also from rewriting other resources.
1074- #
1075- # https://developers.google.com/speed/pagespeed/module/configuration#notransform
1076-
1077- # <IfModule mod_headers.c>
1078- # Header merge Cache-Control "no-transform"
1079- # </IfModule>
1080-
10811058# ----------------------------------------------------------------------
10821059# | ETags |
10831060# ----------------------------------------------------------------------
@@ -1105,7 +1082,7 @@ FileETag None
11051082# Serve resources with a far-future expiration date.
11061083#
11071084# (!) If you don't control versioning with filename-based cache busting, you
1108- # should consider lowering the cache times to something like one week.
1085+ # should consider lowering the cache times to something like one week.
11091086#
11101087# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
11111088# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
@@ -1114,112 +1091,155 @@ FileETag None
11141091<IfModule mod_expires.c >
11151092
11161093 ExpiresActive on
1117- ExpiresDefault "access plus 1 year"
1118-
1119- # CSS
1120-
1121- ExpiresByType text/css "access plus 1 year"
1122-
11231094
1124- # Data interchange
1125-
1126- ExpiresByType application/atom+xml "access plus 1 hour"
1127- ExpiresByType application/rdf+xml "access plus 1 hour"
1128- ExpiresByType application/rss+xml "access plus 1 hour"
1129-
1130- ExpiresByType application/json "access plus 0 seconds"
1131- ExpiresByType application/ld+json "access plus 0 seconds"
1132- ExpiresByType application/schema+json "access plus 0 seconds"
1133- ExpiresByType application/geo+json "access plus 0 seconds"
1134- ExpiresByType application/xml "access plus 0 seconds"
1135- ExpiresByType text/calendar "access plus 0 seconds"
1136- ExpiresByType text/xml "access plus 0 seconds"
1137-
1138-
1139- # Favicon (cannot be renamed!) and cursor images
1095+ # Default: Fallback
1096+ ExpiresDefault "access plus 1 year"
11401097
1098+ # Specific: Assets
11411099 ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
11421100 ExpiresByType image/x-icon "access plus 1 week"
11431101
1144- # HTML
1145-
1146- ExpiresByType text/html "access plus 0 seconds"
1147-
1148-
1149- # JavaScript
1150-
1151- ExpiresByType application/javascript "access plus 1 year"
1152- ExpiresByType application/x-javascript "access plus 1 year"
1153- ExpiresByType text/javascript "access plus 1 year"
1154-
1155-
1156- # Manifest files
1157-
1102+ # Specific: Manifests
11581103 ExpiresByType application/manifest+json "access plus 1 week"
1159- ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
1160- ExpiresByType text/cache-manifest "access plus 0 seconds"
1161-
1162-
1163- # Markdown
1104+ ExpiresByType application/x-web-app-manifest+json "access"
1105+ ExpiresByType text/cache-manifest "access"
11641106
1165- ExpiresByType text/markdown "access plus 0 seconds"
1107+ # Specific: Data interchange
1108+ ExpiresByType application/atom+xml "access plus 1 hour"
1109+ ExpiresByType application/rdf+xml "access plus 1 hour"
1110+ ExpiresByType application/rss+xml "access plus 1 hour"
11661111
1112+ # Specific: Documents
1113+ ExpiresByType text/html "access"
1114+ ExpiresByType text/markdown "access"
1115+ ExpiresByType text/calendar "access"
11671116
1168- # Media files
1117+ # Specific: Other
1118+ ExpiresByType text/x-cross-domain-policy "access plus 1 week"
11691119
1170- ExpiresByType audio/ogg "access plus 1 year"
1171- ExpiresByType image/apng "access plus 1 year"
1172- ExpiresByType image/avif "access plus 1 year"
1173- ExpiresByType image/avif-sequence "access plus 1 year"
1174- ExpiresByType image/bmp "access plus 1 year"
1175- ExpiresByType image/gif "access plus 1 year"
1176- ExpiresByType image/jpeg "access plus 1 year"
1177- ExpiresByType image/jxl "access plus 1 year"
1178- ExpiresByType image/png "access plus 1 year"
1179- ExpiresByType image/svg+xml "access plus 1 year"
1180- ExpiresByType image/webp "access plus 1 year"
1181- ExpiresByType video/mp4 "access plus 1 year"
1182- ExpiresByType video/ogg "access plus 1 year"
1183- ExpiresByType video/webm "access plus 1 year"
1120+ # Generic: Data
1121+ ExpiresByType application/json "access"
1122+ ExpiresByType application/ld+json "access"
1123+ ExpiresByType application/schema+json "access"
1124+ ExpiresByType application/geo+json "access"
1125+ ExpiresByType application/xml "access"
1126+ ExpiresByType text/xml "access"
1127+
1128+ # Generic: WebAssembly
1129+ # ExpiresByType application/wasm "access plus 1 year" # default
1130+
1131+ # Generic: Assets
1132+ # ExpiresByType application/javascript "access plus 1 year" # default
1133+ # ExpiresByType application/x-javascript "access plus 1 year" # default
1134+ # ExpiresByType text/javascript "access plus 1 year" # default
1135+ # ExpiresByType text/css "access plus 1 year" # default
1136+
1137+ # Generic: Medias
1138+ # ExpiresByType audio/* "access plus 1 year" # default
1139+ # ExpiresByType image/* "access plus 1 year" # default
1140+ # ExpiresByType video/* "access plus 1 year" # default
1141+ # ExpiresByType font/* "access plus 1 year" # default
11841142
1143+ </IfModule >
11851144
1186- # WebAssembly
1145+ # ----------------------------------------------------------------------
1146+ # | Cache Control |
1147+ # ----------------------------------------------------------------------
11871148
1188- ExpiresByType application/wasm "access plus 1 year"
1149+ # Serve resources with appropriate cache control directives.
1150+ #
1151+ # The `Cache-Control` header field holds directives (instructions) that control
1152+ # caching in browsers and shared caches (e.g. Proxies, CDNs).
1153+ # Its use targets web performances improvement by specifying the expected
1154+ # client and network caches behaviors.
1155+ #
1156+ # The usable cache directives are listed here:
1157+ # https://www.iana.org/assignments/http-cache-directives/http-cache-directives.xml
1158+ #
1159+ # The cache directives are documented here:
1160+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#response_directives
1161+ #
1162+ # (!) Enable and configure this configuration with care.
1163+ # Default values should embrace conformance for static files and simple
1164+ # apps, but cache control definition at backend level is highly preferred.
1165+ # Incorrect directives can lead to data leaks, or can degrade performances.
1166+ #
1167+ # More specifically, in-depth understanding on `public` vs `private`
1168+ # directives meanings is highly recommended. A resource with `public` will
1169+ # be cached by shared caches like CDN, even if a user session is active.
1170+ #
1171+ # (!) The config directive `Header` must be used with the appropriate action.
1172+ # Depending on the need, `merge` keeps the current value, if any, of
1173+ # `Cache-Control` header, while `set` reset the value including the one
1174+ # added by `ExpiresByType` directive in the cache expiration config file
1175+ # h5bp/web_performance/cache_expiration.conf.
1176+ # https://httpd.apache.org/docs/current/mod/mod_headers.html#header
1177+ #
1178+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
1179+ # https://www.rfc-editor.org/rfc/rfc9111.html
1180+ # https://www.rfc-editor.org/rfc/rfc8246.html
1181+ # https://www.rfc-editor.org/rfc/rfc5861.html
1182+ # https://www.iana.org/assignments/http-cache-directives/http-cache-directives.xml
1183+ # https://cache-tests.fyi/
11891184
1185+ # <IfModule mod_headers.c>
11901186
1191- # Web fonts
1187+ # # Default
1188+ # Header merge Cache-Control "public, immutable, stale-while-revalidate" "expr=%{resp:Cache-Control} == 'max-age=31536000'"
11921189
1193- # Collection
1194- ExpiresByType font/collection "access plus 1 year "
1190+ # # No content
1191+ # Header merge Cache-Control "no-store" "expr=-z %{CONTENT_TYPE} "
11951192
1196- # Embedded OpenType (EOT)
1197- ExpiresByType application/vnd.ms-fontobject "access plus 1 year "
1198- ExpiresByType font/eot "access plus 1 year "
1193+ # # Manifest files
1194+ # Header merge Cache-Control "public" "expr=%{CONTENT_TYPE} =~ m#application/manifest\+json#i "
1195+ # Header set Cache-Control "no-cache" "expr=%{CONTENT_TYPE} =~ m#text/cache-manifest#i "
11991196
1200- # OpenType
1201- ExpiresByType font/opentype "access plus 1 year"
1202- ExpiresByType font/otf "access plus 1 year"
1197+ # # Assets
1198+ # Header merge Cache-Control "public, immutable, stale-while-revalidate" "expr=%{CONTENT_TYPE} =~ m#image/x-icon#i"
12031199
1204- # TrueType
1205- ExpiresByType application/x-font-ttf "access plus 1 year"
1206- ExpiresByType font/ttf "access plus 1 year"
1200+ # # Data interchange
1201+ # Header merge Cache-Control "public, stale-while-revalidate" "expr=%{CONTENT_TYPE} =~ m#application/(atom|rdf|rss)\+xml#i"
12071202
1208- # Web Open Font Format (WOFF) 1.0
1209- ExpiresByType application/font-woff "access plus 1 year"
1210- ExpiresByType application/x-font-woff "access plus 1 year"
1211- ExpiresByType font/woff "access plus 1 year"
1203+ # # Documents
1204+ # Header set Cache-Control "no-cache, private, must-revalidate" "expr=%{CONTENT_TYPE} =~ m#text/(html|markdown|calendar)#i"
12121205
1213- # Web Open Font Format (WOFF) 2.0
1214- ExpiresByType application/font-woff2 "access plus 1 year"
1215- ExpiresByType font/woff2 "access plus 1 year"
1206+ # # Data
1207+ # Header set Cache-Control "no-cache" "expr=%{CONTENT_TYPE} =~ m#json|xml#i && %{CONTENT_TYPE} !~ m#/(atom|rdf|rss|manifest|svg)\+#i"
12161208
1209+ # </IfModule>
12171210
1218- # Other
1211+ # ----------------------------------------------------------------------
1212+ # | Content transformation |
1213+ # ----------------------------------------------------------------------
12191214
1220- ExpiresByType text/x-cross-domain-policy "access plus 1 week"
1215+ # Prevent intermediate caches or proxies (such as those used by mobile
1216+ # network providers) and browsers data-saving features from modifying
1217+ # the website's content using the `no-transform` directive for
1218+ # `Cache-Control` header.
1219+ #
1220+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
1221+ # https://tools.ietf.org/html/rfc7234#section-5.2.2.4
1222+ #
1223+ # (!) Carefully consider the impact on your visitors before disabling
1224+ # content transformation. These transformations are performed to
1225+ # improve the experience for data- and cost-constrained users
1226+ # (e.g. users on a 2G connection).
1227+ #
1228+ # You can test the effects of content transformation applied by
1229+ # Google's Lite Mode by visiting: https://googleweblight.com/i?u=https://www.example.com
1230+ #
1231+ # https://support.google.com/webmasters/answer/6211428
1232+ #
1233+ # (!) If you are using `mod_pagespeed`, note that disabling this will
1234+ # prevent `PageSpeed` from rewriting HTML files, and, if the
1235+ # `ModPagespeedDisableRewriteOnNoTransform` directive isn't set to
1236+ # `off`, also from rewriting other resources.
1237+ #
1238+ # https://developers.google.com/speed/pagespeed/module/configuration#notransform
12211239
1222- </IfModule >
1240+ # <IfModule mod_headers.c>
1241+ # Header merge Cache-Control "no-transform"
1242+ # </IfModule>
12231243
12241244# ----------------------------------------------------------------------
12251245# | File concatenation |
0 commit comments