.htaccess

#DON'T SHOW PHP ERRORS
php_flag display_errors off

# ----------------------------------------------------------------------
# Error pages
# ----------------------------------------------------------------------

ErrorDocument 403 /errors/403.html
<If "%{REQUEST_URI} =~ /en\x2F.*/">
    ErrorDocument 403 /errors/403_en.html
</If>
ErrorDocument 404 /errors/404.html
<If "%{REQUEST_URI} =~ /en\x2F.*/">
    ErrorDocument 404 /errors/404_en.html
</If>
#DON'T SHOW DIRECTORY LISTINGS
Options -Indexes +MultiViews

#FOLLOW SYMBOLIC LINKS
Options +FollowSymLinks

RewriteEngine on

# ----------------------------------------------------------------------
# Basics
# ----------------------------------------------------------------------

#HTTPS REDIRECTION
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

#DISABLE .HTML & .PHP EXTENSIONS
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [NC,L] 
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.+)$ $1.html [NC,L]

#HOMEPAGE
DirectoryIndex index.html
#ALIASES
RewriteRule accueil /index.html [L]
RewriteRule en/home /en/index.html [L]

#Block IFrames
Header set X-Frame-Options: "DENY"

Header always set Strict-Transport-Security max-age=31536000

#SECURITY
<IfModule mod_headers.c>
  Header set X-XSS-Protection "1; mode=block"
  BrowserMatch MSIE is-msie
  Header set X-UA-Compatible IE=edge env=is-msie
</IfModule>

# ----------------------------------------------------------------------
# Webfont access
# ----------------------------------------------------------------------

#
# allow access from all domains for webfonts
# alternatively you could only whitelist
# your subdomains like "sub.domain.com"
#
<FilesMatch "\.(ttf|ttc|otf|eot|woff|font.css)$">
  <IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
  </IfModule>
</FilesMatch>

# ----------------------------------------------------------------------
# Proper MIME type for all files
#
# Copied from the HTML5 boilerplate project's .htaccess file
# https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess
# ----------------------------------------------------------------------

# JavaScript
#   Normalize to standard type (it's sniffed in IE anyways)
#   tools.ietf.org/html/rfc4329#section-7.2
AddType application/javascript                  js jsonp
AddType application/json                        json

# Audio
AddType audio/ogg                               oga ogg
AddType audio/mp4                               m4a f4a f4b

# Video
AddType video/ogg                               ogv
AddType video/mp4                               mp4 m4v f4v f4p
AddType video/webm                              webm
AddType video/x-flv                             flv

# SVG
#   Required for svg webfonts on iPad
#   twitter.com/FontSquirrel/status/14855840545
AddType         image/svg+xml                   svg svgz
AddEncoding     gzip                            svgz

# Webfonts
AddType application/vnd.ms-fontobject           eot
AddType application/x-font-ttf                  ttf ttc
AddType font/opentype                           otf
AddType application/x-font-woff                 woff

# Assorted types
AddType image/x-icon                            ico
AddType image/webp                              webp
AddType text/cache-manifest                     appcache manifest
AddType text/x-component                        htc
AddType application/xml                         rss atom xml rdf
AddType application/x-chrome-extension          crx
AddType application/x-opera-extension           oex
AddType application/x-xpinstall                 xpi
AddType application/octet-stream                safariextz
AddType application/x-web-app-manifest+json     webapp
AddType text/x-vcard                            vcf
AddType application/x-shockwave-flash           swf
AddType text/vtt                                vtt

# --------------------------------------------------------------------------------------
# Compression: http://code.google.com/speed/page-speed/docs/payload.html#GzipCompression
# --------------------------------------------------------------------------------------
<IfModule mod_deflate.c>
    # force deflate for mangled headers
    # developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
    <IfModule mod_setenvif.c>
      <IfModule mod_headers.c>
        SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
        RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
      </IfModule>
    </IfModule>

    # HTML, TXT, CSS, JavaScript, JSON, XML, HTC:
    <IfModule filter_module>
      FilterDeclare   COMPRESS
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/html'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/css'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/plain'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'text/x-component'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/javascript'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/x-javascript'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/ecmascript'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/json'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/xhtml+xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/xslt+xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/rss+xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/atom+xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/pdf'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/x-font-ttf'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'application/vnd.ms-fontobject'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/vnd.microsoft.icon'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/x-icon'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/bmp'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/tiff'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'image/svg+xml'"
      FilterProvider  COMPRESS  DEFLATE "%{Content_Type} = 'font/opentype'"
      FilterChain     COMPRESS
      FilterProtocol  COMPRESS  DEFLATE change=yes;byteranges=no
    </IfModule>

    <IfModule !mod_filter.c>
      # Legacy versions of Apache
        AddOutputFilterByType DEFLATE text/html text/css text/plain
        AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
        AddOutputFilterByType DEFLATE application/xhtml+xml application/xslt+xml application/rss+xml application/atom+xml
        AddOutputFilterByType DEFLATE image/svg+xml
        AddOutputFilterByType DEFLATE application/javascript application/json application/x-javascript text/ecmascript text/javascript
        # .ico files and other compressible images
        AddOutputFilterByType DEFLATE image/vnd.microsoft.icon image/x-icon image/bmp image/tiff
        AddOutputFilterByType DEFLATE application/pdf
        # compressible fonts (.woff is already compressed)
        AddOutputFilterByType DEFLATE font/opentype application/x-font-ttf application/vnd.ms-fontobject
    </IfModule>
</IfModule>

# -------------------------------------------------------------------------------------------------
# Browser Caching: http://code.google.com/speed/page-speed/docs/caching.html#LeverageBrowserCaching
#
# Google recommends specifying the following for all cacheable resources:
#
#    1. Expires or Cache-Control max-age
#
#       Set Expires to a minimum of one month, and preferably up to one year, in the future. (We
#       prefer Expires over Cache-Control: max-age because it is is more widely supported.) Do not
#       set it to more than one year in the future, as that violates the RFC guidelines.
#
#    2. Last-Modified or ETag
#
#       Set the Last-Modified date to the last time the resource was changed. If the Last-Modified
#       date is sufficiently far enough in the past, chances are the browser won't refetch it.
#
# Per Google: "it is redundant to specify both Expires and Cache-Control: max-age, or to specify
# both Last-Modified and ETag."
# --------------------------------------------------------------------------------------------------
<IfModule mod_expires.c>
    ExpiresActive On

    # Perhaps better to whitelist expires rules? Perhaps.
    ExpiresDefault                          "access plus 1 month"

    # cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)
    ExpiresByType text/cache-manifest       "access plus 0 seconds"

    # Your document html
    ExpiresByType text/html                 "access plus 0 seconds"

    # Data
    ExpiresByType text/xml                  "access plus 0 seconds"
    ExpiresByType application/xml           "access plus 0 seconds"
    ExpiresByType application/json          "access plus 0 seconds"

    # RSS feed
    ExpiresByType application/rss+xml       "access plus 1 hour"

    # Favicon (cannot be renamed)
    ExpiresByType image/x-icon              "access plus 1 year"
    ExpiresByType image/vnd.microsoft.icon  "access plus 1 year"
    ExpiresByType image/x-icon              "access plus 1 year"


    # Media: images, video, audio
    ExpiresByType image/gif                 "access plus 6 months"
    ExpiresByType image/png                 "access plus 6 months"
    ExpiresByType image/jpg                 "access plus 6 months"
    ExpiresByType image/jpeg                "access plus 6 months"
    ExpiresByType image/tiff                "access plus 6 months"
    ExpiresByType image/webp                "access plus 6 months"
    ExpiresByType video/ogg                 "access plus 6 months"
    ExpiresByType audio/ogg                 "access plus 6 months"
    ExpiresByType video/mp4                 "access plus 6 months"
    ExpiresByType video/webm                "access plus 6 months"
    ExpiresByType video/x-flv               "access plus 6 months"
    ExpiresByType application/pdf           "access plus 6 months"
    ExpiresByType image/svg+xml             "access plus 6 months"

    # HTC files  (css3pie)
    ExpiresByType text/x-component          "access plus 1 month"

    # Webfonts
    ExpiresByType font/truetype             "access plus 1 year"
    ExpiresByType font/opentype             "access plus 1 year"
    ExpiresByType application/x-font-woff   "access plus 1 year"
    ExpiresByType application/font-woff     "access plus 1 year"
    ExpiresByType font/woff2  "access plus 1 year"
    ExpiresByType application/font-woff2  "access plus 1 year"
    ExpiresByType application/x-font-woff2  "access plus 1 year"

    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

    # CSS and JavaScript
    ExpiresByType text/css                  "access plus 1 year"
    ExpiresByType application/javascript    "access plus 1 year"
    ExpiresByType text/javascript           "access plus 1 year"
    ExpiresByType application/x-javascript  "access plus 1 year"
    ExpiresByType text/ecmascript           "access plus 1 year"
    
    <IfModule mod_headers.c>
        Header append  Cache-Control "public"
    </IfModule>
</IfModule>

# TODO: Set Last-Modified per Google's recommendation to complete browser caching

# -------------------------------------------------------------------------
# Disabling ETags as they are most likely misconfigured and
# do not add functionalit beyond Last-Modified
# -------------------------------------------------------------------------
<IfModule mod_headers.c>
        # Try removing etag headers (if it's coming from proxy for example)
        Header unset ETag
</IfModule>

# Remove ETags
FileETag None
##### END Optimization #####