# Extra Security Headers
<IfModule mod_headers.c>
    Header set X-XSS-Protection "1; mode=block"
    Header always append X-Frame-Options SAMEORIGIN
    Header set X-Content-Type-Options nosniff
    # DISABLE CACHING
    # Header set Cache-Control "no-cache, no-store, must-revalidate"
    # Header set Pragma "no-cache"
    # Header set Expires 0
</IfModule>

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]

    # Rewrite HTTP to HTTPS
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>

ErrorDocument 404 /404.html

# BEGIN EXPIRES
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/plain "access plus 1 minute"
    ExpiresByType text/vtt "access plus 1 year"
    ExpiresByType text/css "access plus 1 year"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/html "access plus 600 seconds"
    ExpiresDefault "access plus 1 year"
</IfModule>
# END EXPIRES