diff --git a/src/_h5ai/.htaccess b/src/_h5ai/.htaccess
index 870e9d02..d485c35a 100644
--- a/src/_h5ai/.htaccess
+++ b/src/_h5ai/.htaccess
@@ -1,10 +1,119 @@
+## details here: https://github.com/h5bp/server-configs-apache
+
+
+
+## SECURITY ###################################################################
+
+DirectoryIndex disabled
+FileETag None
+ServerSignature Off
+
+# Apache < 2.3
+
+ Order allow,deny
+ Deny from all
+ Satisfy All
+
+
+# Apache ≥ 2.3
- #Apache 2.4
Require all denied
-
- #Apache 2.2
- Satisfy all
- Order deny,allow
- Deny from all
+
+
+ Header set X-Content-Type-Options "nosniff"
+ Header unset ETag
+ Header unset X-Powered-By
+
+
+
+ Options -Indexes
+
+
+
+
+## COMPAT #####################################################################
+
+AddDefaultCharset utf-8
+
+
+ AddCharset utf-8 .css .html .js .json .php .svg
+
+ AddType application/json json map topojson
+ AddType application/javascript js
+ AddType audio/mp4 f4a f4b m4a
+ AddType audio/ogg oga ogg opus
+ AddType image/bmp bmp
+ AddType image/svg+xml svg svgz
+ AddType image/webp webp
+ AddType video/mp4 f4v f4p m4v mp4
+ AddType video/ogg ogv
+ AddType video/webm webm
+ AddType video/x-flv flv
+ AddType image/x-icon cur ico
+ AddType application/font-woff woff
+ AddType application/font-woff2 woff2
+ AddType application/vnd.ms-fontobject eot
+ AddType application/x-font-ttf ttc ttf
+ AddType font/opentype otf
+
+
+
+
+## SPEED ######################################################################
+
+
+ ExpiresActive on
+ ExpiresDefault "access plus 1 month"
+
+ ExpiresByType text/html "access plus 0 seconds"
+ ExpiresByType application/json "access plus 0 seconds"
+
+
+
+
+
+ SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
+ RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
+
+
+
+
+ AddOutputFilterByType DEFLATE "application/atom+xml" \
+ "application/javascript" \
+ "application/json" \
+ "application/ld+json" \
+ "application/manifest+json" \
+ "application/rdf+xml" \
+ "application/rss+xml" \
+ "application/schema+json" \
+ "application/vnd.geo+json" \
+ "application/vnd.ms-fontobject" \
+ "application/x-font-ttf" \
+ "application/x-javascript" \
+ "application/x-web-app-manifest+json" \
+ "application/xhtml+xml" \
+ "application/xml" \
+ "font/eot" \
+ "font/opentype" \
+ "image/bmp" \
+ "image/svg+xml" \
+ "image/vnd.microsoft.icon" \
+ "image/x-icon" \
+ "text/cache-manifest" \
+ "text/css" \
+ "text/html" \
+ "text/javascript" \
+ "text/plain" \
+ "text/vcard" \
+ "text/vnd.rim.location.xloc" \
+ "text/vtt" \
+ "text/x-component" \
+ "text/x-cross-domain-policy" \
+ "text/xml"
+
+
+
+ AddEncoding gzip svgz
+
diff --git a/src/_h5ai/public/.htaccess b/src/_h5ai/public/.htaccess
index dbbd81c7..3f149901 100644
--- a/src/_h5ai/public/.htaccess
+++ b/src/_h5ai/public/.htaccess
@@ -1,34 +1,13 @@
-
- #Apache 2.4
- Require all granted
-
+## make this folder accessible
+
+# Apache < 2.3
- #Apache 2.2
- Satisfy all
Order allow,deny
Allow from all
+ Satisfy All
-DirectoryIndex disabled
-
-
- Options -Indexes
-
-
-AddDefaultCharset utf-8
-
-
- AddCharset utf-8 .css .html .js .json .php .svg
-
-
-
- ExpiresActive on
- ExpiresDefault "access plus 1 month"
-
- ExpiresByType text/html "access plus 0 seconds"
- ExpiresByType application/json "access plus 0 seconds"
-
- ExpiresByType text/css "access plus 1 week"
- ExpiresByType application/javascript "access plus 1 week"
- ExpiresByType image/x-icon "access plus 1 week"
+# Apache ≥ 2.3
+
+ Require all granted