# SwipeAnime — .htaccess # Force HTTPS + Security + Performance + SEO Options -Indexes # ────────────────────────────────────────── # FORCE HTTPS # ────────────────────────────────────────── RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # ────────────────────────────────────────── # FORCE NON-WWW (scegli uno solo) # Se vuoi www, commenta questo e decommenta il blocco www sotto # ────────────────────────────────────────── RewriteCond %{HTTP_HOST} ^www\.swipeanime\.com [NC] RewriteRule ^(.*)$ https://swipeanime.com/$1 [L,R=301] # Forza www (alternativa — commenta il blocco sopra se usi questo) # RewriteCond %{HTTP_HOST} !^www\. [NC] # RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # ────────────────────────────────────────── # CUSTOM ERROR PAGES # ────────────────────────────────────────── ErrorDocument 404 /index.html ErrorDocument 403 /index.html # ────────────────────────────────────────── # SECURITY HEADERS # ────────────────────────────────────────── # Blocca MIME sniffing Header always set X-Content-Type-Options "nosniff" # Blocca clickjacking Header always set X-Frame-Options "SAMEORIGIN" # Referrer sicuro Header always set Referrer-Policy "strict-origin-when-cross-origin" # Disabilita feature non usate Header always set Permissions-Policy "geolocation=(), microphone=(), camera=(), payment=()" # Forza HTTPS per 1 anno (attiva solo dopo che SSL funziona bene) Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" # Content Security Policy — permette AniList API e Google Fonts Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://s4.anilist.co https://img.anili.st; connect-src 'self' https://graphql.anilist.co; frame-ancestors 'none';" # Rimuovi header che espongono tecnologia server Header unset X-Powered-By Header always unset Server # ────────────────────────────────────────── # CACHE STATICA (performance) # ────────────────────────────────────────── ExpiresActive On ExpiresByType text/html "access plus 1 hour" ExpiresByType text/css "access plus 1 month" ExpiresByType application/javascript "access plus 1 month" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType image/x-icon "access plus 1 year" ExpiresByType application/xml "access plus 1 week" ExpiresByType text/xml "access plus 1 week" # Cache-Control header espliciti Header set Cache-Control "public, max-age=2592000, immutable" Header set Cache-Control "public, max-age=3600, must-revalidate" Header set Cache-Control "public, max-age=86400" # ────────────────────────────────────────── # GZIP COMPRESSION (performance) # ────────────────────────────────────────── AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE image/svg+xml # ────────────────────────────────────────── # BLOCCA FILE SENSIBILI # ────────────────────────────────────────── Order Allow,Deny Deny from all # ────────────────────────────────────────── # BLOCCA BAD BOTS / SCRAPERS comuni # ────────────────────────────────────────── RewriteCond %{HTTP_USER_AGENT} (AhrefsBot|MJ12bot|DotBot|SemrushBot|BLEXBot) [NC] RewriteRule .* - [F,L] # ────────────────────────────────────────── # MIME TYPES # ────────────────────────────────────────── AddType application/javascript .js AddType text/css .css AddType image/webp .webp AddType image/svg+xml .svg