.htaccess

#cross-browser compatibility
<IfModule headers_module>
	Header set X-UA-Compatible "IE=Edge,chrome=1"
	Header set X-Frame-Options SAMEORIGIN
	Header set X-XSS-Protection "1; mode=block"
	<FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|woff2|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$" >
		Header unset X-UA-Compatible
		Header unset X-Frame-Options
		Header unset X-XSS-Protection
	</FilesMatch>
	<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2)$">
		Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
	
	#Content-Security-Policy protection
	#Header set Content-Security-Policy "script-src 'self' *.example.com example.com; object-src 'self' *.example.com example.com"
	#<FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
	#	Header unset Content-Security-Policy
	#</FilesMatch>
	
</IfModule>

#mime types
AddType application/javascript         js
AddType audio/ogg                      oga ogg
AddType audio/mp4                      m4a
AddType video/ogg                      ogv
AddType video/mp4                      mp4 m4v
AddType video/webm                     webm
AddType image/svg+xml                  svg svgz 
AddEncoding gzip                       svgz
AddType application/vnd.ms-fontobject  eot
AddType application/x-font-ttf         ttf ttc
AddType font/opentype                  otf
AddType application/x-font-woff        woff
AddType application/x-font-woff2       woff2
AddType image/x-icon                   ico
AddType image/webp                     webp
AddType text/cache-manifest            appcache manifest
AddType text/x-component               htc
AddType application/x-chrome-extension crx
AddType application/x-xpinstall        xpi
AddType application/octet-stream       safariextz
AddType text/x-vcard                   vcf
AddType text/html                      jml
AddType text/html                      xjml
<FilesMatch "\.jml$">
    ForceType text/html
</FilesMatch>
<FilesMatch "\.xjml$">
    ForceType text/html
</FilesMatch>
<FilesMatch "\.js$">
    ForceType application/javascript
</FilesMatch>

#SSI (enable Server-Side-Include)
<IfModule include_module>
	SSILastModified on
	<FilesMatch "(?<!\.min)\.js$">
		AddHandler server-parsed js
		Options +Includes
		<IfModule filter_module>
			AddOutputFilterByType INCLUDES application/javascript application/json
		</IfModule>
		SetOutputFilter INCLUDES
		<IfModule headers_module>
			Header merge Cache-Control max-age=604800
		</IfModule>
	</FilesMatch>
</IfModule>

#Compress on the fly
<IfModule deflate_module>
	<IfModule setenvif_module>
		<IfModule headers_module>
			SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
			RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
		</IfModule>
	</IfModule>
	<IfModule version_module>
		<IfVersion < 2.4.4>
			<IfModule filter_module>
				FilterDeclare   COMPRESS
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/css
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/plain
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/xml
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/x-component
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/javascript
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/json
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xml
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/xhtml+xml
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/rss+xml
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/atom+xml
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/vnd.ms-fontobject
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $image/svg+xml
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $application/x-font-ttf
				FilterProvider  COMPRESS  DEFLATE resp=Content-Type $font/opentype
				FilterChain     COMPRESS
				#FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
				FilterProtocol  COMPRESS  DEFLATE byteranges=no
			</IfModule>
		</IfVersion>
		<IfVersion >= 2.4.4>
			<IfModule filter_module>
				FilterDeclare   COMPRESS
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/html'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/css'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/plain'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/xml'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/x-component'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/javascript'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/json'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/xml'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/xhtml+xml'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/rss+xml'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/atom+xml'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/vnd.ms-fontobject'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/svg+xml'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/x-icon'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/x-font-ttf'"
				FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'font/opentype'"
				FilterChain     COMPRESS
				#FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
				FilterProtocol  COMPRESS  DEFLATE byteranges=no
			</IfModule>
		</IfVersion>
	</IfModule>
	<IfModule filter_module>
		AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
		AddOutputFilterByType DEFLATE application/javascript
		AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
		AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
		AddOutputFilterByType DEFLATE image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
	</IfModule>
</IfModule>

#Add expire headers
<IfModule expires_module>
	ExpiresActive on
	ExpiresDefault                          "access plus 1 month"
	ExpiresByType text/cache-manifest       "access plus 0 seconds"
	ExpiresByType text/html                 "access plus 0 seconds"
	ExpiresByType text/xml                  "access plus 0 seconds"
	ExpiresByType application/xml           "access plus 0 seconds"
	ExpiresByType application/json          "access plus 0 seconds"
	ExpiresByType application/rss+xml       "access plus 1 hour"
	ExpiresByType application/atom+xml      "access plus 1 hour"
	ExpiresByType image/x-icon              "access plus 1 month" 
	ExpiresByType image/gif                 "access plus 1 month"
	ExpiresByType image/png                 "access plus 1 month"
	ExpiresByType image/jpg                 "access plus 1 month"
	ExpiresByType image/jpeg                "access plus 1 month"
	ExpiresByType video/ogg                 "access plus 1 month"
	ExpiresByType audio/ogg                 "access plus 1 month"
	ExpiresByType video/mp4                 "access plus 1 month"
	ExpiresByType video/webm                "access plus 1 month"
	ExpiresByType text/x-component          "access plus 1 month"
	ExpiresByType font/truetype             "access plus 1 month"
	ExpiresByType font/opentype             "access plus 1 month"
	ExpiresByType application/x-font-woff   "access plus 1 month"
	ExpiresByType application/x-font-woff2  "access plus 1 month"
	ExpiresByType image/svg+xml             "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
	ExpiresByType text/css                  "access plus 1 year"
	ExpiresByType application/javascript    "access plus 1 year"
	ExpiresByType text/javascript    		  "access plus 1 year"
	<IfModule headers_module>
		Header append Cache-Control "public"
	</IfModule>
</IfModule>

#Disable Etag
<FilesMatch "\.(css|js|png|jpg|gif|ico|ttf|ttc|otf|eot|woff|woff2|txt|xml|html|swf)(\.gz)?$">
	<IfModule headers_module>
		Header unset ETag
	</IfModule>
	FileETag None
	#FileETag Size Mtime
</FilesMatch>

#Configure options
Options -MultiViews
Options +FollowSymlinks
Options All -Indexes
DirectorySlash Off
DirectoryIndex index.php
ServerSignature Off
AddDefaultCharset utf-8
AddCharset utf-8 .html .css .js .xml .json .rss .atom .jml .xjml
<IfModule php5_module>
	php_value session.cookie_httponly true
</IfModule>

#Block access to certain file types
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
	Order Allow,Deny
	Deny from all
</FilesMatch>

#Custom Error Document
ErrorDocument 401 /401
ErrorDocument 403 /403
ErrorDocument 404 /404
ErrorDocument 500 /500

#Enable Rewrite Engine
RewriteEngine On

#Let's Encrypt Free SSL/TLS Certificates
#RewriteRule ^(\.well-known/.*)$ $1 [L]

#Get the current CWD
RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
RewriteRule ^.*$ - [E=REDCAT_URI:%2]

#Block access to dot prefixed files and directories with exceptions
RewriteCond %{REQUEST_URI} !^(.*)\.jml
RewriteCond %{REQUEST_URI} !^(.*)\.xjml
RewriteCond %{REQUEST_URI} !^(.*)\.js
RewriteCond %{REQUEST_URI} !(^|/)\.tmp/min/(.*)
RewriteCond %{REQUEST_URI} (^|/)\.
RewriteRule ^(.*)$ %{ENV:REDCAT_URI}403 [L,R=302]

#Versioned ressources
RewriteRule ^(.*)\.redcat-deploy-([a-z0-9]{1,9})\.(|min.)(js|css)$ $1.$3$4 [L]

#Tmp min
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}%{ENV:REDCAT_URI}.tmp/min/$1.min.$2 -f
RewriteRule ^(.*)\.min\.(js|css)$ %{ENV:REDCAT_URI}.tmp/min/$1.min.$2 [L]

#Shared Mirror
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_URI} !^/shared/
#RewriteCond %{DOCUMENT_ROOT}%{ENV:REDCAT_URI}shared/$1.$2 -f
#RewriteRule ^(.*)\.(css|js|png|jpg|gif|ico|ttf|ttc|otf|eot|woff|woff2|php|txt|xml|html|swf)$ %{ENV:REDCAT_URI}shared/$1.$2 [L,QSA]

#favicon.ico
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^favicon.ico$ %{ENV:REDCAT_URI}img/favicon.ico [L]

#Pre-compressed gzip
AddEncoding gzip .gz .tgz
<IfModule version_module>
	<IfVersion < 2.4.4>
		<Files *.js>
			ForceType application/javascript
		</Files>
		<Files *.css>
			ForceType text/css
		</Files>
		<Files *.js.gz>
			ForceType application/javascript
		</Files>
		<Files *.css.gz>
			ForceType text/css
		</Files>
	</IfVersion>
	<IfVersion >= 2.4.4>	
		<Files *.js.gz>
			ForceType "application/javascript; charset=UTF-8"
		</Files>
		<Files *.css.gz>
			ForceType "text/css; charset=UTF-8"
		</Files>
	</IfVersion>
</IfModule>
RewriteCond %{HTTP_USER_AGENT} !MSIE
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}.gz -f
RewriteRule ^(.*)\.min\.(js|css)$ $1.min.$2.gz [L]

#Shared Mirror for directory to index.php
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_URI} !^/shared/
#RewriteCond %{REQUEST_URI} !^/$
#RewriteCond %{DOCUMENT_ROOT}%{ENV:REDCAT_URI}shared/%{REQUEST_URI}/index.php -f
#RewriteRule ^(.*)$ %{ENV:REDCAT_URI}shared/$1/index.php [L,QSA]

#Avoid Duplicate Content on by removing index.php access
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)/index\.php/*(.*) /$1$2 [R=301,NE,L]

#RedCat Bootstrap
RewriteCond %{DOCUMENT_ROOT}%{ENV:REDCAT_URI}%{REQUEST_URI}/index.php !-f
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php/$1 [L,QSA]

#Force remove www
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

#Force add www
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
#RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#RewriteCond %{HTTPS} =on
#RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
#RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

#SSL - Avoid Duplicate-Content from SSL
#RewriteCond %{SERVER_PORT} ^443$
#RewriteRule ^robots\.txt$ %{ENV:REDCAT_URI}robots_ssl.txt [L]

#CDN - Avoid Duplicate-Content from Content-Delivery-Network
#RewriteCond %{HTTP_HOST} ^cdn\.(.+)$ [NC]
#RewriteRule ^robots\.txt$ %{ENV:REDCAT_URI}robots_cdn.txt [L]

#Domain - Canonicalize domain
#RewriteCond %{HTTP_HOST} !^my-canonical-domain.com$ [NC]
#RewriteCond %{HTTP_HOST} !^my-canonical-domain.dev$ [NC]
#CDN allow static extensions
#RewriteCond %{REQUEST_URI} !.*\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|woff2|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)
#RewriteRule ^(.*)$ http://my-canonical-domain.com/$1 [L,R=301]