Deny from all
Allow from all
RewriteEngine On
# we check if the .html version is here (caching)
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
# security
Header set X-Content-Type-Options nosniff
Header set X-XSS-Protection "1; mode=block"