kosmala007/.htaccess

## .htaccess
<IfModule mod_expires.c>
    ExpiresActive On

    # Data
    ExpiresByType text/xml "access plus 1 year"
    ExpiresByType text/html "access plus 1 year"
    ExpiresByType text/plain "access plus 1 year"
    ExpiresByType application/xml "access plus 1 year"
    ExpiresByType application/json "access plus 1 year"
    ExpiresByType application/rss+xml "access plus 1 year"
    ExpiresByType application/atom+xml "access plus 1 year"
    ExpiresByType text/x-component "access plus 1 year"

    # Images
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"

    # Video
    ExpiresByType video/mp4 "access plus 1 year"
    ExpiresByType video/mpeg "access plus 1 year"

    # CSS, JavaScript
    ExpiresByType text/css "access plus 1 year"
    ExpiresByType text/javascript "access plus 1 year"
    ExpiresByType application/javascript "access plus 1 year"

    # Others
    ExpiresByType application/pdf "access plus 1 year"
    ExpiresByType application/x-shockwave-flash "access plus 1 year"

    # Add correct content-type for fonts
    AddType application/vnd.ms-fontobject .eot
    AddType font/ttf .ttf
    AddType font/otf .otf
    AddType font/woff .woff
    AddType font/woff2 .woff2
    AddType image/svg+xml .svg

    # Compress compressible fonts
    AddOutputFilterByType DEFLATE font/ttf font/otf image/svg+xml

    # Add a far future Expires header for fonts
    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
    ExpiresByType font/ttf "access plus 1 year"
    ExpiresByType font/otf "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType font/collection "access plus 1 year"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
    ExpiresByType font/eot "access plus 1 year"
    ExpiresByType font/opentype "access plus 1 year"
    ExpiresByType application/font-woff "access plus 1 year"
    ExpiresByType application/x-font-woff "access plus 1 year"
    ExpiresByType application/font-woff2 "access plus 1 year"
</IfModule>

<ifModule mod_headers.c>
    Header set Accept-Language: pl;q=0.5
    Header set Connection keep-alive
    Header set X-XSS-Protection "1; mode=block"
    Header append X-Frame-Options SAMEORIGIN
    Header set X-Content-Type-Options nosniff
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header set X-Content-Type-Options nosniff
    Header set Vary "Accept-Encoding, Cookie"
    Header unset X-Powered-By
    Header unset Server
    Header set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"
    Header set Referrer-Policy strict-origin-when-cross-origin
    Header set Content-Security-Policy "default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src *; font-src *;"

    Header set Set-Cookie HttpOnly;Secure;SameSite=Strict
</ifModule>

<IfModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>

<IfModule mod_deflate.c>
    # Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml

    # Remove browser bugs (only needed for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary User-Agent
</IfModule>
	<IfModule mod_expires.c>
	ExpiresActive On

	# Data
	ExpiresByType text/xml "access plus 1 year"
	ExpiresByType text/html "access plus 1 year"
	ExpiresByType text/plain "access plus 1 year"
	ExpiresByType application/xml "access plus 1 year"
	ExpiresByType application/json "access plus 1 year"
	ExpiresByType application/rss+xml "access plus 1 year"
	ExpiresByType application/atom+xml "access plus 1 year"
	ExpiresByType text/x-component "access plus 1 year"

	# Images
	ExpiresByType image/jpeg "access plus 1 year"
	ExpiresByType image/gif "access plus 1 year"
	ExpiresByType image/png "access plus 1 year"
	ExpiresByType image/webp "access plus 1 year"
	ExpiresByType image/svg+xml "access plus 1 year"
	ExpiresByType image/x-icon "access plus 1 year"

	# Video
	ExpiresByType video/mp4 "access plus 1 year"
	ExpiresByType video/mpeg "access plus 1 year"

	# CSS, JavaScript
	ExpiresByType text/css "access plus 1 year"
	ExpiresByType text/javascript "access plus 1 year"
	ExpiresByType application/javascript "access plus 1 year"

	# Others
	ExpiresByType application/pdf "access plus 1 year"
	ExpiresByType application/x-shockwave-flash "access plus 1 year"

	# Add correct content-type for fonts
	AddType application/vnd.ms-fontobject .eot
	AddType font/ttf .ttf
	AddType font/otf .otf
	AddType font/woff .woff
	AddType font/woff2 .woff2
	AddType image/svg+xml .svg

	# Compress compressible fonts
	AddOutputFilterByType DEFLATE font/ttf font/otf image/svg+xml

	# Add a far future Expires header for fonts
	ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
	ExpiresByType font/ttf "access plus 1 year"
	ExpiresByType font/otf "access plus 1 year"
	ExpiresByType font/woff "access plus 1 year"
	ExpiresByType font/woff2 "access plus 1 year"
	ExpiresByType image/svg+xml "access plus 1 year"
	ExpiresByType font/collection "access plus 1 year"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
	ExpiresByType font/eot "access plus 1 year"
	ExpiresByType font/opentype "access plus 1 year"
	ExpiresByType application/font-woff "access plus 1 year"
	ExpiresByType application/x-font-woff "access plus 1 year"
	ExpiresByType application/font-woff2 "access plus 1 year"
	</IfModule>

	<ifModule mod_headers.c>
	Header set Accept-Language: pl;q=0.5
	Header set Connection keep-alive
	Header set X-XSS-Protection "1; mode=block"
	Header append X-Frame-Options SAMEORIGIN
	Header set X-Content-Type-Options nosniff
	Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	Header set X-Content-Type-Options nosniff
	Header set Vary "Accept-Encoding, Cookie"
	Header unset X-Powered-By
	Header unset Server
	Header set Feature-Policy "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"
	Header set Referrer-Policy strict-origin-when-cross-origin
	Header set Content-Security-Policy "default-src ; script-src 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; connect-src ; font-src ;"

	Header set Set-Cookie HttpOnly;Secure;SameSite=Strict
	</ifModule>

	<IfModule mod_gzip.c>
	mod_gzip_on Yes
	mod_gzip_dechunk Yes
	mod_gzip_item_include file \.(html?\|txt\|css\|js\|php\|pl)$
	mod_gzip_item_include handler ^cgi-script$
	mod_gzip_item_include mime ^text/.*
	mod_gzip_item_include mime ^application/x-javascript.*
	mod_gzip_item_exclude mime ^image/.*
	mod_gzip_item_exclude rspheader ^Content-Encoding:.gzip.
	</IfModule>

	<IfModule mod_deflate.c>
	# Compress HTML, CSS, JavaScript, Text, XML and fonts
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/rss+xml
	AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
	AddOutputFilterByType DEFLATE application/x-font
	AddOutputFilterByType DEFLATE application/x-font-opentype
	AddOutputFilterByType DEFLATE application/x-font-otf
	AddOutputFilterByType DEFLATE application/x-font-truetype
	AddOutputFilterByType DEFLATE application/x-font-ttf
	AddOutputFilterByType DEFLATE application/x-javascript
	AddOutputFilterByType DEFLATE application/xhtml+xml
	AddOutputFilterByType DEFLATE application/xml
	AddOutputFilterByType DEFLATE font/opentype
	AddOutputFilterByType DEFLATE font/otf
	AddOutputFilterByType DEFLATE font/ttf
	AddOutputFilterByType DEFLATE image/svg+xml
	AddOutputFilterByType DEFLATE image/x-icon
	AddOutputFilterByType DEFLATE text/css
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/javascript
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/xml

	# Remove browser bugs (only needed for really old browsers)
	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
	Header append Vary User-Agent
	</IfModule>