1- # Apache Server Configs v4.0 .0 | MIT License
1+ # Apache Server Configs v4.1 .0 | MIT License
22# https://github.com/h5bp/server-configs-apache
33
44# (!) Using `.htaccess` files slows down Apache, therefore, if you have
4343
4444<IfModule mod_setenvif.c >
4545 <IfModule mod_headers.c >
46- <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|a?png|svgz?|webp)$" >
46+ <FilesMatch "\.(avifs?| bmp|cur|gif|ico|jpe?g|a?png|svgz?|webp)$" >
4747 SetEnvIf Origin ":" IS_CORS
4848 Header set Access-Control-Allow -Origin "*" env=IS_CORS
4949 </FilesMatch >
@@ -180,6 +180,8 @@ Options -MultiViews
180180
181181 AddType audio/mp4 f4a f4b m4a
182182 AddType audio/ogg oga ogg opus
183+ AddType image/avif avif
184+ AddType image/avif-sequence avifs
183185 AddType image/bmp bmp
184186 AddType image/svg+xml svg svgz
185187 AddType image/webp webp
@@ -479,7 +481,7 @@ AddDefaultCharset utf-8
479481# Mitigate the risk of cross-site scripting and other content-injection
480482# attacks.
481483#
482- # This can be done by setting a ` Content Security Policy` which whitelists
484+ # This can be done by setting a Content Security Policy which permits
483485# trusted sources of content for your website.
484486#
485487# There is no policy that fits all websites, you will have to modify the
@@ -682,9 +684,9 @@ AddDefaultCharset utf-8
682684# web browsers.
683685#
684686# The filter is usually enabled by default, but in some cases, it may be
685- # disabled by the user. However, in Internet Explorer, for example, it can be
686- # re-enabled just by sending the `X-XSS-Protection` header with the value
687- # of `1`.
687+ # disabled by the user. However, in Internet Explorer, for example, it can
688+ # be re-enabled just by sending the `X-XSS-Protection` header with the
689+ # value of `1`.
688690#
689691# (2) Prevent web browsers from rendering the web page if a potential reflected
690692# (a.k.a non-persistent) XSS attack is detected by the filter.
@@ -903,7 +905,10 @@ ServerSignature Off
903905# (!) To make this part relevant, you need to generate encoded files by your
904906# own. Enabling this part will not auto-generate brotlied files.
905907#
906- # Note that some clients (eg. browsers) require a secure connection to request
908+ # (1) Remove default Content-Language header added for .br files.
909+ # https://httpd.apache.org/docs/current/mod/mod_mime.html#multipleext
910+ #
911+ # Note that some clients (e.g. browsers) require a secure connection to request
907912# brotli-compressed resources.
908913# https://www.chromestatus.com/feature/5420797577396224
909914#
@@ -921,6 +926,9 @@ ServerSignature Off
921926# <FilesMatch "\.br$">
922927
923928# <IfModule mod_mime.c>
929+ # # (1)
930+ # RemoveLanguage .br
931+
924932# # Serve correct content types
925933# AddType text/css css.br
926934# AddType text/calendar ics.br
@@ -1125,6 +1133,8 @@ FileETag None
11251133
11261134 ExpiresByType audio/ogg "access plus 1 month"
11271135 ExpiresByType image/apng "access plus 1 month"
1136+ ExpiresByType image/avif "access plus 1 month"
1137+ ExpiresByType image/avif-sequence "access plus 1 month"
11281138 ExpiresByType image/bmp "access plus 1 month"
11291139 ExpiresByType image/gif "access plus 1 month"
11301140 ExpiresByType image/jpeg "access plus 1 month"
@@ -1220,6 +1230,6 @@ FileETag None
12201230# <IfModule mod_rewrite.c>
12211231# RewriteEngine On
12221232# RewriteCond %{REQUEST_FILENAME} !-f
1223- # RewriteRule ^(.+)\.(\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|a?png|svgz?|webp|webmanifest)$ $1.$3 [L]
1233+ # RewriteRule ^(.+)\.(\w+)\.(avifs?| bmp|css|cur|gif|ico|jpe?g|m?js|a?png|svgz?|webp|webmanifest)$ $1.$3 [L]
12241234# </IfModule>
12251235
0 commit comments