# Dont' cache html
FileETag None
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
# Don't allow directory listing
Options -Indexes
# Prevent accessing .conf files
Deny from all
# Set request header for prerender.io account
RequestHeader set X-Prerender-Token "NO_API_KEY_DEFINED"
# Set response header for iframe security
SetEnvIfNoCase Referer "${PARENT_WHITELIST}" ALLOW_FROM_PARENT
Header set X-Frame-Options "DENY" env=!ALLOW_FROM_PARENT
Header always append Content-Security-Policy "frame-ancestors 'none'" env=!ALLOW_FROM_PARENT
RewriteEngine On
# Capture original request protocol
RewriteCond %{HTTPS}s ^(on(s)|offs)$
RewriteRule ^ - [env=proto:http%2]
# Redirect to https if https is not already on and call is not from prerender.io
RewriteCond %{HTTP_USER_AGENT} !Prerender
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# Redirect BOT request to prerender.io
# Only proxy the request to Prerender if it's a request for HTML
RewriteCond %{HTTP_USER_AGENT} baiduspider|facebookexternalhit|twitterbot|rogerbot|linkedinbot|embedly|quora\ link\ preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator [NC,OR]
RewriteCond %{QUERY_STRING} _escaped_fragment_
RewriteRule ^(?!.*?(\.ico|\.svg|\.js|\.css|\.xml|\.less|\.png|\.jpg|\.jpeg|\.gif|\.pdf|\.doc|\.txt|\.ico|\.rss|\.zip|\.mp3|\.rar|\.exe|\.wmv|\.doc|\.avi|\.ppt|\.mpg|\.mpeg|\.tif|\.wav|\.mov|\.psd|\.ai|\.xls|\.mp4|\.m4a|\.swf|\.dat|\.dmg|\.iso|\.flv|\.m4v|\.torrent|\.ttf|\.woff))(index\.php|index\.html)?(.*) https://service.prerender.io/http://%{HTTP_HOST}/$3 [P,L]
# Don't rewrite files or directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# Rewrite everything else to index.html to allow html5 state links
RewriteRule ^ index.html [L]