Server Configs Apache Versions Save

• 🎉 Significant improvement on Cache-Control definition and usage
  • Cache-Control boilerplate with extensive control by @LeoColomb in https://github.com/h5bp/server-configs-apache/pull/325
  • Valuable feedbacks by @Malvoz in https://github.com/h5bp/server-configs-apache/issues/148
• ⚠️ Breaking: End of support for Apache httpd version 2.4.16 and below in https://github.com/h5bp/server-configs-apache/pull/338
• Reorder and improve cache expiration ExpiresByType map by @LeoColomb in https://github.com/h5bp/server-configs-apache/pull/326
• Add a notice for directory index with pre-compressed content by @vatonbero in https://github.com/h5bp/server-configs-apache/pull/311
• Drop image/avif-sequence MIME type by @LeoColomb and @mathiasbynens in https://github.com/h5bp/server-configs-apache/pull/316
• Improve inline comments.

Full Changelog: https://github.com/h5bp/server-configs-apache/compare/5.1.0...6.0.0

• Extend default, media and font cache TTL to 1 year [5df69464885605ded1f4b0ef04cb84f1b8bd8010]
• Support ETags at server level [7956cbcecd33c20f13357284f3f355c658755115]
• Add image/x-icon compression support [69ddeda3781762eb2aba8b5152f2e9d2fa56c90a]
• Improve httpd-modules availability checks [cb8ef1be06a93d43db6dc525005e2638b8ef687b]
• Improve inline comments

Thanks to @jamieburchell @tomkyle @LeoColomb

• ⚠️ Breaking: End of support for Internet Explorer (X-UA-Compatible and X-XSS-Protection headers) [d1fb502] [22014cb]
• 🎉 Security first! Modernize TLS configuration [55c364d]
• 🎉 Security first! Refresh policies-related headers usage
  • Add Cross Origin Policies headers (COOP/COEP/CORP) [9d2cb74]
  • Add Permissions-Policy header [86494cc]
  • Make Content-Security-Policy disallow 'object-src' by default [f993710]
• Add mime-type image/jxl [da3ce54]
• Fix SSLSessionCache directive usage [64e33e8]
• Improve inline comments.

• Add mime-type image/avif and image/avifs [4ca46af]
• Fix unexpected Content-Language in pre-compressed Brotli [1f5641d]
• Added systemd module to support CentOS [5d060b0]
• Improve inline comments.

• 🎉 Server-level config! Support httpd configuration at main server level. Add httpd.conf file, vhost management, secure HTTP tweaking, etc. See the README. [b50205a...c302596]
• ⚠️ Breaking: End of support for Apache httpd version 2.4.9 and below [baa9cdd5567b25d9434b06937a436ceccadb6b4c]
• ⚠️ Breaking: File paths changes for the .htaccess build system [478ceab3a28786856a1ffcdf6a943ee43907caf0][9cb2763d7f5e3fce984bfdea903e9df61cdf4bcd]
• Rewrite, improve and update a large part of the documentation [5dc823c18e4a0ee163c2ee3b772060bce7d782e6][5748d26258394005b4d6dbb2f8474b58ed276e95][d8553ee58f307419d9ec39ab8c60fc6a6e1135cb][6862ac17ed60042c4eb47b56c8da055e99ad4dac][ade3659f49b5e23c93695b6888f92bfda3b3f2ed]
• Default to HSTS only over secure connections [5bbc0a1ded8b306ca900338136a50d17eb304b94]
• Stricter default for Referrer Policy strict-origin-when-cross-origin [43bcb833eb0539800e0d3e8a19ad3ef1d6944592]
• Add APNG (.apng) MIME type [ad25d3185fb28971a83e8c721567d7ce08b76f38]
• Ensure the presence of security headings where expected [d65642225cf080c15ace94816bed9f15080471b1][43bcb833eb0539800e0d3e8a19ad3ef1d6944592][d84d94c7e1e3e647a6ff3b0d29a780481a0638d8]
• Make disabling TRACE method usable in a .htaccess file [9ae931cfe5bc4fe8af0fca21094ad93d4437cfaa]
• Improve inline comments.

• Fix npm releasing [4b0ee8643c2c4f7dafafca82be67dc3309c0b479]

• Enhance CSP policy [f48934b6a1fe0f7de356f57911844bc006bdd9ec]
• Common headers addition based on MIME-types instead of file extensions [a880772...64cb33d]
• Always unset X-Powered-By header [14702588b130451f45cb2c1ae18a42fe70e4a922]
• Support hashed asset names in cache-busting [33f800642a65b6f209243d3c2e266b82dbf7982f]
• Switch application/vnd.geo+json to application/geo+json [35cbd63662c491b8025e35cc6362dbfba5aeae82]
• New test system using server-configs-test [3ae257ce57e9458c3a335fe65ff61498d1b0eb45]
• Improve inline comments.

• Remove P3P iframe cookies directives [ccce7b85ab9f2c81c7aa66f94c31e2accfc7b22d]
• Add TraceEnable Off directive [0a2f70e5270f96d08ab94bb5f7a9091bcdc03909]
• Support hashed asset names in cache-busting [33f800642a65b6f209243d3c2e266b82dbf7982f]
• Allow SSL certificate set up over HTTP [54b6176...993127d]
• Rename cache expiration rules file to cache_expiration.conf to make it more generic [11690c60880682973854e17117bd5c3f17cd175a]
• Improve inline comments.

• ⚠️ Breaking: End of support for Apache httpd version 2.3 and below [7d296c35c7337ca183bd31326e10e15d54ca187b]
• 🎉 New build system! Configurable build and customizable generation. See the README [589634974291a4a9ee1fd2a99c23794036e9aace]
• Add Referrer-Policy header template [591083eedc654837c051ca1aff4282444dc06471]
• Switch back .js-files and .mjs-files media-type to text/javascript [690f4ad6add3a3c2185641474e05378000a19d84]
• Add pre-compressed content handling template [52639ab1fa97d666f3b262e04f70ab3ce020d0d0]
• Add WebAssembly module (.wasm) MIME type [a2e7d7b38cf96b804a7323362ee72950e51810f5]
• Improve inline comments.

• Serve .md and .markdown files as text/markdown [bfcafd36b42f8118306ce3f9c17d6463692b4be0]
• Add font MIME types per RFC 8081 [20b446e2ad6e1eec68b50277a894876e41395403]
• Mark .mjs files as JavaScript [c00975c74bde80175684314c883c09ab04b5bccc]
• Add calendar filetype (.ics) [002a110bf35c25af66ab09ef1bd724ece5fd8266]
• Block Mercurial .orig files [4c1364885477e836fec24a6d8330cba69cf3d3a0]
• Fix enforcing www/no-www with HTTPS [fc747bbdf0a0c224ec08d8b925f33671e4d5046d]
• Drop Bower support [ee6cd751f0b907239a032ec5477ee3bfbc2bc570]
• Fix HTTPS enforcement rule [11e523d10ad8bb604fe692ec8d1fd40adc0010fa]
• Improve inline comments.