• 🎉 Significant improvement on Cache-Control definition and usage
  • Cache-Control boilerplate with extensive control by @LeoColomb in #325
  • Valuable feedbacks by @Malvoz in #148
• ⚠️ Breaking: End of support for Apache httpd version 2.4.16 and below in #338
• Reorder and improve cache expiration ExpiresByType map by @LeoColomb in #326
• Add a notice for directory index with pre-compressed content by @vatonbero in #311
• Drop image/avif-sequence MIME type by @LeoColomb and @mathiasbynens in #316
• Improve inline comments.

Full Changelog: 5.1.0...6.0.0

• Extend default, media and font cache TTL to 1 year [5df6946]
• Support ETags at server level [7956cbc]
• Add image/x-icon compression support [69ddeda]
• Improve httpd-modules availability checks [cb8ef1b]
• Improve inline comments

Thanks to @jamieburchell @tomkyle @LeoColomb

• ⚠️ Breaking: End of support for Internet Explorer (X-UA-Compatible and X-XSS-Protection headers) [d1fb502] [22014cb]
• 🎉 Security first! Modernize TLS configuration [55c364d]
• 🎉 Security first! Refresh policies-related headers usage
  • Add Cross Origin Policies headers (COOP/COEP/CORP) [9d2cb74]
  • Add Permissions-Policy header [86494cc]
  • Make Content-Security-Policy disallow 'object-src' by default [f993710]
• Add mime-type image/jxl [da3ce54]
• Fix SSLSessionCache directive usage [64e33e8]
• Improve inline comments.

• Add mime-type image/avif and image/avifs [4ca46af]
• Fix unexpected Content-Language in pre-compressed Brotli [1f5641d]
• Added systemd module to support CentOS [5d060b0]
• Improve inline comments.

• 🎉 Server-level config! Support httpd configuration at main server level.
  Add httpd.conf file, vhost management, secure HTTP tweaking, etc. See the README. [b50205a...c302596]
• ⚠️ Breaking: End of support for Apache httpd version 2.4.9 and below [baa9cdd]
• ⚠️ Breaking: File paths changes for the .htaccess build system [478ceab][9cb2763]
• Rewrite, improve and update a large part of the documentation [5dc823c][5748d26][d8553ee][6862ac1][ade3659]
• Default to HSTS only over secure connections [5bbc0a1]
• Stricter default for Referrer Policy strict-origin-when-cross-origin [43bcb83]
• Add APNG (.apng) MIME type [ad25d31]
• Ensure the presence of security headings where expected [d656422][43bcb83][d84d94c]
• Make disabling TRACE method usable in a .htaccess file [9ae931c]
• Improve inline comments.

• Fix npm releasing [4b0ee86]

• Enhance CSP policy [f48934b]
• Common headers addition based on MIME-types instead of file extensions [a880772...64cb33d]
• Always unset X-Powered-By header [1470258]
• Support hashed asset names in cache-busting [33f8006]
• Switch application/vnd.geo+json to application/geo+json [35cbd63]
• New test system using server-configs-test [3ae257c]
• Improve inline comments.

• Remove P3P iframe cookies directives [ccce7b8]
• Add TraceEnable Off directive [0a2f70e]
• Support hashed asset names in cache-busting [33f8006]
• Allow SSL certificate set up over HTTP [54b6176...993127d]
• Rename cache expiration rules file to cache_expiration.conf to make it more generic [11690c6]
• Improve inline comments.

• ⚠️ Breaking: End of support for Apache httpd version 2.3 and below [7d296c3]
• 🎉 New build system! Configurable build and customizable generation. See the README [5896349]
• Add Referrer-Policy header template [591083e]
• Switch back .js-files and .mjs-files media-type to text/javascript [690f4ad]
• Add pre-compressed content handling template [52639ab]
• Add WebAssembly module (.wasm) MIME type [a2e7d7b]
• Improve inline comments.

• Serve .md and .markdown files as text/markdown [bfcafd3]
• Add font MIME types per RFC 8081 [20b446e]
• Mark .mjs files as JavaScript [c00975c]
• Add calendar filetype (.ics) [002a110]
• Block Mercurial .orig files [4c13648]
• Fix enforcing www/no-www with HTTPS [fc747bb]
• Drop Bower support [ee6cd75]
• Fix HTTPS enforcement rule [11e523d]
• Improve inline comments.