.htaccess
# Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.html [QSA,L]
## GZIP COMPRESSION ##
<IfModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file .(html?|txt|css|js|svg|ico|cgi|json)$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>
## GZIP COMPRESSION ##
## Cache Control
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Content-Type-Options "nosniff"
Header set Referrer-Policy "same-origin"
Header set Permissions-Policy "fullscreen=*, picture-in-picture=*, xr-spatial-tracking=*, gamepad=*, hid=*, idle-detection=*, window-placement=*"
Header add Content-Security-Policy "default-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.googletagmanager.com *.utoronto.ca *.githubusercontent.com; object-src 'self'; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline';"
<FilesMatch "\.(js|css|png|jpg|html|htm|xml|ico|json|svg|txt|webp|cgi)$">
Header set Cache-Control "max-age=604800, public"
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
## Cache Control