diff --git a/source/.htaccess.apache.erb b/source/.htaccess.apache.erb
index f0f0258..12a1ee3 100644
--- a/source/.htaccess.apache.erb
+++ b/source/.htaccess.apache.erb
@@ -2,16 +2,42 @@
noindex: true
layout: false
---
-# Compress files on the fly
-AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript text/javascript
-
# Aggressively cache assets
ExpiresActive On
ExpiresDefault "access plus 1 year"
-# Cache only very shortly on non cache-busted files
-ExpiresByType text/html "access plus 1 hour"
-ExpiresByType text/xml "access"
+# Shorter cache for HTML and XML
+# Also force revalidation
+
+ ExpiresDefault "access plus 1 day"
+ Header append Cache-Control "must-revalidate"
+
+
+# Set correct headers for pre-gziped content
+
+ ForceType text/css
+ Header set Content-Encoding gzip
+
+
+ ForceType text/javascript
+ Header set Content-Encoding gzip
+
+
+ ForceType text/html
+ Header set Content-Encoding gzip
+
+
+# Unset the Vary: Host header inserted by global Uberspace config
+# Append Vary: Accept-Encoding due to optionsl gziped content
+Header set Vary Accept-Encoding
+
+# Add security related headers
+Header set X-Frame-Options "DENY"
+Header set X-Content-Type-Options "nosniff"
+Header set X-XSS-Protection "1; mode=block"
+Header set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+# Have some fun :)
+Header set Made-With-Love "In Berlin"
RewriteEngine On
@@ -23,3 +49,8 @@ RewriteRule .* https://<%= URI.parse(casper[:blog][:url]).host %>%{REQUEST_URI}
# Ensure we only use the canonical hostname
RewriteCond %{HTTP_HOST} !=<%= URI.parse(casper[:blog][:url]).host %> [NC]
RewriteRule .* https://<%= URI.parse(casper[:blog][:url]).host %>%{REQUEST_URI} [R=301,L,QSA]
+
+# Use gziped content if possible
+RewriteCond %{HTTP:Accept-Encoding} \b(x-)?gzip\b
+RewriteCond %{REQUEST_FILENAME}\.gz -s
+RewriteRule ^(.+) /$1\.gz [QSA]