RewriteEngine on

RewriteRule ^security.txt$ https://www.surf.nl/.well-known/security.txt [R=302,L]

RewriteCond %{REQUEST_URI} !\.html$
RewriteCond %{REQUEST_URI} !\.(js|css)(\.map)?$
RewriteCond %{REQUEST_URI} !\.svg$
RewriteCond %{REQUEST_URI} !\.png$
RewriteCond %{REQUEST_URI} !\.ico$
RewriteCond %{REQUEST_URI} !\.woff$
RewriteCond %{REQUEST_URI} !\.woff2$
RewriteCond %{REQUEST_URI} !\.ttf$
RewriteCond %{REQUEST_URI} !\.eot$
RewriteCond %{REQUEST_URI} !^/(asset-)?manifest.json$
RewriteCond %{REQUEST_URI} !^/config
RewriteCond %{REQUEST_URI} !^/internal
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteCond %{REQUEST_URI} !^/fonts
RewriteCond %{REQUEST_URI} !^/.well-known
RewriteRule (.*) /index.html [L]

Header always set X-Frame-Options "DENY"
Header always set Referrer-Policy "same-origin"
Header always set X-Content-Type-Options "nosniff"

