.htaccess

Options +FollowSymlinks 
Options -MultiViews
RewriteEngine On
RewriteBase /

# Don't apply rewrite rules to the .well-known directory
RewriteCond %{REQUEST_URI} !^/\.well-known/ [NC]

# Handle typos, redirect from old URLs
RewriteRule ^[b|B][i|I][t|T][c|C][o|O][i|I][n|N]\.html$ /bitcoin-information.html [R=301]
RewriteRule ^[b|B][i|I][t|T][c|C][o|O][i|I][n|N]\.?$ /bitcoin-information.html [R=301]
RewriteRule ^[l|L][i|I][g|G][h|H][t|T][n|N][i|I][n|N][g|G]$ /lightning-information.html [R=301]
RewriteRule ^[l|L][i|I][g|G][h|H][t|T][n|N][i|I][n|N][g|G]\.html$ /lightning-information.html [R=301]

# Redirect root domain to https (Cloudflare disabled, for HSTS preload)
#RewriteCond %{HTTPS} off
#RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
#RewriteCond %{HTTP:CF-Visitor} !'"scheme":"http"'
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Redirect non-www to www subdomain to enable CDN
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^ https://www.lopp.net%{REQUEST_URI} [NE,R=301,L]

# Hide file extensions
RewriteRule ^contact$ https://%{HTTP_HOST}/contact.php [R=301,L]
RewriteRule ^bitcoin-information$ /bitcoin-information.html [R=301]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1\.html [R=301,L]

#Redirect index.html to / to prevent duplicate pages being indexed
RewriteRule ^index\.html$ / [R=301]

AddType x-mapp-php5 .php
AddType image/x-icon .ico
AddType 'text/html; charset=UTF-8' html
AddDefaultCharset utf-8
AddType application/font-sfnt            otf ttf
AddType application/font-woff            woff
AddType application/font-woff2           woff2
AddType application/vnd.ms-fontobject    eot

<IfModule mod_expires.c>
	ExpiresActive On
	# Media: images, video, audio
	ExpiresByType image/jpg "access plus 1 month"
	ExpiresByType image/jpeg "access plus 1 month"
	ExpiresByType image/gif "access plus 1 month"
	ExpiresByType image/webp "access plus 1 month"
	ExpiresByType image/png "access plus 1 month"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresByType application/pdf "access plus 1 month"
	ExpiresByType audio/mp3 "access plus 1 year"

	# Webfonts
	ExpiresByType font/truetype             "access plus 1 month"
	ExpiresByType font/opentype             "access plus 1 month"
	ExpiresByType application/font-woff 	"access plus 1 month"
	ExpiresByType application/font-woff2 	"access plus 1 month"
	ExpiresByType image/svg+xml             "access plus 1 month"
	ExpiresByType application/vnd.ms-fontobject "access plus 1 month"

	# CSS and JavaScript
	ExpiresByType text/css                  "access plus 1 week"
	ExpiresByType application/javascript    "access plus 1 week"
	ExpiresByType text/javascript           "access plus 1 week"

	# Misc
	ExpiresByType text/html "access plus 1 day"
	ExpiresDefault "access plus 2 days"

	<IfModule mod_headers.c>
	Header append Cache-Control "public"
	</IfModule>
</IfModule>

<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/plain
	AddOutputFilterByType DEFLATE text/html
	AddOutputFilterByType DEFLATE text/xml
	AddOutputFilterByType DEFLATE text/shtml
	AddOutputFilterByType DEFLATE text/css
	AddOutputFilterByType DEFLATE application/xml
	AddOutputFilterByType DEFLATE application/xhtml+xml
	AddOutputFilterByType DEFLATE application/rss+xml
	AddOutputFilterByType DEFLATE application/javascript
	AddOutputFilterByType DEFLATE application/x-javascript
</IfModule> 

<IfModule mod_headers.c>
	Header set X-UA-Compatible "IE=Edge"
	Header set Content-Security-Policy "script-src 'self' https://*.google.com https://*.withgoogle.com https://*.googleadservices.com 'unsafe-inline' 'unsafe-eval'; base-uri 'self';"
	Header always set X-FRAME-OPTIONS "DENY"
	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"
</IfModule>

ErrorDocument 404 /404.html