Htaccess rules update

Author: tamedevelopers

src/Dummy/dummyHtaccess.dum

@@ -1,96 +1,92 @@
-<IfModule mod_rewrite.c>
-    # Start Engine
-    RewriteEngine On
-    
-    # Define additional rules below
-    # 
-    
-    # Cache control headers
-    <IfModule mod_headers.c>
-        <filesMatch ".(js|css|xml|gz|html|php)$">
-            Header append Vary: Accept-Encoding
-        </filesMatch>
-        <filesMatch "\.(ico|flv|gif|swf|eot|woff|otf|ttf|svg)$">
-            Header set Cache-Control "max-age=31536000, public"
-        </filesMatch>
-        <filesMatch "\.(jpg|jpeg|png)$">
-            Header set Cache-Control "max-age=31536000, public"
-        </filesMatch>
-        <filesMatch "\.(css)$">
-            Header set Cache-Control "max-age=2592000, public"
-        </filesMatch>
-        <filesMatch "\.(js)$">
-            Header set Cache-Control "max-age=2592000, public"
-        </filesMatch>
-        <filesMatch "\.(x?html?)$">
-            Header set Cache-Control "public, must-revalidate"
-        </filesMatch>
-        <filesMatch "\.(x?php)$">
-            Header set Cache-Control "private, must-revalidate"
-        </filesMatch>
-    </IfModule>
-    
-    # Mod security
-    <IfModule mod_security.c>
-        SecFilterScanPOST Off
-    </IfModule>
-    
-    # Mod Speling
-    <IfModule mod_speling.c>
-        CheckCaseOnly On
-        CheckSpelling On
-    </IfModule>
+# Performance-optimized minimal .htaccess
+
+# Compression: prefer Brotli, fallback to Gzip/Deflate
+<IfModule mod_brotli.c>
+    AddOutputFilterByType BROTLI_COMPRESS \
+        text/html text/plain text/css text/xml \
+        application/javascript application/json application/xml application/xhtml+xml \
+        image/svg+xml
+</IfModule>
+
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE \
+        text/html text/plain text/css text/xml \
+        application/javascript application/json application/xml application/xhtml+xml \
+        image/svg+xml
+    # Skip already-compressed binary formats
+    SetEnvIfNoCase Request_URI "\.(?:gif|jpe?g|png|webp|avif|ico)$" no-gzip dont-vary
 </IfModule>
 
+# Caching: long-lived for static assets, revalidate dynamic pages
+<IfModule mod_headers.c>
+    # Ensure caches differentiate compressed/uncompressed
+    <FilesMatch "\.(?:css|js|mjs|xml|json|html|svg)$">
+        Header merge Vary "Accept-Encoding"
+    </FilesMatch>
+
+    # Immutable for hashed assets (e.g., app-abcdef12.js or app.abcdef12.css)
+    <FilesMatch "(?:-[0-9a-f]{8,}|\.[0-9a-f]{8,})\.(?:css|js|mjs)$">
+        Header set Cache-Control "public, max-age=31536000, immutable"
+    </FilesMatch>
+
+    # Images and fonts: cache for 1 year (safe to mark immutable)
+    <FilesMatch "\.(?:ico|gif|png|jpe?g|svg|webp|avif|eot|ttf|otf|woff2?)$">
+        Header set Cache-Control "public, max-age=31536000, immutable"
+    </FilesMatch>
+
+    # Non-hashed CSS/JS: cache for 30 days
+    <FilesMatch "\.(?:css|js|mjs)$">
+        Header set Cache-Control "public, max-age=2592000"
+    </FilesMatch>
+
+    # HTML: always revalidate
+    <FilesMatch "\.(?:x?html?)$">
+        Header set Cache-Control "no-cache, must-revalidate"
+    </FilesMatch>
+
+    # Prefer Cache-Control/Last-Modified over ETag
+    Header unset ETag
+</IfModule>
+
+# Disable ETags at the source
+FileETag None
+
+# Optional: allow cross-origin font loads (prevents 403/blocked fonts)
+<IfModule mod_headers.c>
+    <FilesMatch "\.(?:eot|ttf|otf|woff2?)$">
+        Header set Access-Control-Allow-Origin "*"
+    </FilesMatch>
+</IfModule>
+
+<Files "service-worker.js">
+    Header set Cache-Control "no-cache, must-revalidate"
+</Files>
+
+# Fallback Expires headers (extra cache control for older proxies/CDNs)
 <IfModule mod_expires.c>
-    # Set expiration for different file types
     ExpiresActive On
+    
+    # Default: 30 days
+    ExpiresDefault "access plus 30 days"
+
+    # HTML always revalidate
     ExpiresByType text/html "access plus 600 seconds"
     ExpiresByType application/xhtml+xml "access plus 600 seconds"
-    ExpiresByType image/gif "access plus 1 year"
-    ExpiresByType image/png "access plus 1 year"
-    ExpiresByType image/jpg "access plus 1 year"
-    ExpiresByType image/jpeg "access plus 1 year"
-    ExpiresByType image/x-icon "access plus 1 year"
-    ExpiresByType image/svg+xml "access plus 1 year"
-    ExpiresByType audio/ogg "access plus 1 year"
-    ExpiresByType video/mp4 "access plus 1 year"
-    ExpiresByType video/ogg "access plus 1 year"
-    ExpiresByType video/webm "access plus 1 year"
-    ExpiresByType application/atom+xml "access plus 1 hour"
-    ExpiresByType application/rss+xml "access plus 1 hour"
-    ExpiresByType application/pdf "access plus 1 month"
-    ExpiresByType text/css "access 1 month"
-    ExpiresByType application/javascript "access 1 month"
-    ExpiresByType text/x-javascript "access 1 month"
-    ExpiresByType text/x-component "access plus 1 month"
-    ExpiresByType application/x-shockwave-flash "access 1 month"
-    ExpiresByType font/opentype "access plus 1 month"
-    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
-    ExpiresByType application/x-font-ttf "access plus 1 month"
-    ExpiresByType application/font-woff "access plus 1 month"
-    ExpiresByType application/font-woff2 "access plus 1 month"
-    ExpiresDefault "access plus 30 days"
-</IfModule>
 
-<IfModule mod_gzip.c>
-    # Enable gzip compression for resources
-    mod_gzip_on Yes
-    mod_gzip_dechunk Yes
-    mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
-    mod_gzip_item_include handler ^application/x-httpd-php
-    mod_gzip_item_include mime ^application/javascript$
-    mod_gzip_item_include mime ^application/x-javascript$
-    mod_gzip_item_include mime ^text/.*
-    mod_gzip_item_exclude mime ^image/.*
-    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
+    # Images, video and fonts: 1 year
+    ExpiresByType image/* "access plus 1 year"
+    ExpiresByType font/* "access plus 1 year"
+    ExpiresByType video/* "access plus 1 year"
+    
+    # CSS & JS: 1 month
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
 </IfModule>
 
-<IfModule pagespeed_module>
-    # Page Speed
-    ModPagespeed on
-    ModPagespeedEnableFilters rewrite_css,combine_css
-    ModPagespeedEnableFilters recompress_images
-    ModPagespeedEnableFilters convert_png_to_jpeg,convert_jpeg_to_webp
-    ModPagespeedEnableFilters collapse_whitespace,remove_comments
-</IfModule>
+# Lightweight security headers
+<IfModule mod_headers.c>
+    Header set X-Content-Type-Options "nosniff"
+    Header set X-Frame-Options "SAMEORIGIN"
+    Header set Referrer-Policy "strict-origin-when-cross-origin"
+    Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
+</IfModule>