# No directory listings, please. We're British.
IndexIgnore *

AddDefaultCharset utf-8

Options +FollowSymLinks
RewriteEngine On

# If the request is not for a valid directory
RewriteCond %{REQUEST_FILENAME} !-d
# If the request is not for a valid file
RewriteCond %{REQUEST_FILENAME} !-f
# If the request is not for a valid link
RewriteCond %{REQUEST_FILENAME} !-l
# 410 gone for a long string of lowercase letters 
# and/or numbers followed by an optional long extension
# to handle spam URLs like /spstyaaliti4csf6ne.desiringly
RewriteRule ^/?[a-z0-9]{12,30}(\.[a-z0-9]{8,30})?$ - [G,L]

# Set the cache-control max-age
# 1 year
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|webp|avif)$">
Header set Cache-Control "max-age=31449600, public"
</FilesMatch>
# 1 DAY
<FilesMatch ".(xml|txt)$">
Header set Cache-Control "max-age=86400, public, must-revalidate"
</FilesMatch>
# 4 HOURS
<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=14400, public, must-revalidate"
</FilesMatch>

# Turn off the ETags
Header unset ETag
FileETag None

# BEGIN compression
<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript image/svg+xml
</ifmodule>
# END compression

# BEGIN custom headers
<IfModule mod_headers.c>
  Header set Server "MYOB"
  Header set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  Header set X-Content-Type-Options "nosniff"
  Header set X-XSS-Protection "1; mode=block"
  Header set X-Frame-Options "DENY"
  Header set Referrer-Policy: "origin"
  Header set Expect-CT "max-age=86400, enforce"
  Header always set Permissions-Policy "accelerometer=(); ambient-light-sensor=(); autoplay=(); battery=(); camera=(); display-capture=(); document-domain=(); encrypted-media=(); execution-while-not-rendered=(); execution-while-out-of-viewport=(); fullscreen=(); geolocation=(); gyroscope=(); layout-animations=(); legacy-image-formats=(); magnetometer=(); microphone=(); midi=(); navigation-override=(); oversized-images=(); payment=(); picture-in-picture=(); publickey-credentials-get=(); sync-xhr=(); vr=(); wake-lock=(); screen-wake-lock=(); web-share=(self); xr-spatial-tracking=();"
  Header set X-Spaceballs "If you can read this, you don't need glasses."
  Header set X-Chromosomes: "Women have 'em, but so does every man. Get over it, guys."
  Header set X-Hacker-News: "Please don't link this site there."
  Header set X-Guru-Meditation: "0x141E"

  <FilesMatch "\.(js|css|pdf|xml|xsl|gz|eot|svg|ttf|woff|woff2|svg|webmanifest|txt)$">
	Header append Vary: Accept-Encoding
  </FilesMatch>
</IfModule>

<IfModule mod_mime.c>
  AddCharset UTF-8 .html .htm .txt .md .markdown .org .atom .css .js .json .rss .opml .xml .xsl
</IfModule>

# END custom headers
