.htaccess Generator

Build Apache .htaccess rules — redirects, security headers, caching, and more.

Select rules to include

# Generated .htaccess

# Force HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Enable Gzip
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css
    AddOutputFilterByType DEFLATE application/javascript application/json
    AddOutputFilterByType DEFLATE application/xml text/xml
    AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>

# Browser Caching
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/html "access plus 1 hour"
</IfModule>

.htaccess Generator — What It Does

Common .htaccess Rule Categories

Essential .htaccess Snippets

Common Mistakes

Frequently Asked Questions

What is an .htaccess file and where does it go?
.htaccess is an Apache web server configuration file that controls directory-level settings without requiring access to the main server config. Place it in the root of your website (same directory as index.php or index.html). Rules apply to that directory and all subdirectories unless overridden.
How do I force HTTPS with .htaccess?
Add a RewriteRule that redirects all HTTP traffic to HTTPS: RewriteEngine On, RewriteCond %{HTTPS} off, RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]. The 301 status code tells browsers and search engines this is a permanent redirect, transferring SEO link equity.
How do I redirect www to non-www (or vice versa) with .htaccess?
To redirect www to non-www: RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC], RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]. For non-www to www: RewriteCond %{HTTP_HOST} !^www\. [NC], RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]. Pick one canonical form and use it consistently for SEO.
How do I enable gzip compression in .htaccess?
Use mod_deflate: AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript application/json. Gzip typically reduces HTML/CSS/JS file sizes by 60–80%, significantly improving Time to First Byte and page load speed for visitors on slow connections.
What security headers can I set in .htaccess?
Key security headers include: X-Content-Type-Options: nosniff (prevents MIME sniffing), X-Frame-Options: SAMEORIGIN (prevents clickjacking), X-XSS-Protection: 1; mode=block (legacy XSS filter), and Referrer-Policy: strict-origin-when-cross-origin. For modern sites, also add Content-Security-Policy to restrict resource loading.