Require all denied Require all granted RewriteEngine On # Check if .html version exists (for caching) RewriteRule ^$ index.html [QSA] RewriteRule ^([^.]+)$ $1.html [QSA] RewriteCond %{REQUEST_FILENAME} !-f # Redirect to front controller RewriteRule ^(.*)$ index.php [QSA,L] Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block"