# All explanations you could find in .htaccess.sample file
DirectoryIndex index.php
<IfModule mod_php5.c>
    php_value memory_limit 768M
    php_value max_execution_time 18000
    php_flag session.auto_start off
    php_flag suhosin.session.cryptua off
</IfModule>
<IfModule mod_php7.c>
    php_value memory_limit 768M
    php_value max_execution_time 18000
    php_flag session.auto_start off
    php_flag suhosin.session.cryptua off
</IfModule>
<IfModule mod_security.c>
    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>
<IfModule mod_ssl.c>
    SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
    Options +FollowSymLinks
    RewriteEngine on
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
    RewriteRule .* - [L,R=405]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule .* index.php [L]
</IfModule>
    AddDefaultCharset Off
    AddType 'text/html; charset=UTF-8' html
<IfModule mod_expires.c>
    ExpiresDefault "access plus 1 year"
    ExpiresByType text/html A0
    ExpiresByType text/plain A0
</IfModule>
    RedirectMatch 403 /\.git
    <Files composer.json>
        order allow,deny
        deny from all
    </Files>
    <Files composer.lock>
        order allow,deny
        deny from all
    </Files>
    <Files auth.json>
        order allow,deny
        deny from all
    </Files>
    <Files .gitignore>
        order allow,deny
        deny from all
    </Files>
    <Files .htaccess>
        order allow,deny
        deny from all
    </Files>
    <Files .htaccess.sample>
        order allow,deny
        deny from all
    </Files>
    <Files .php_cs>
        order allow,deny
        deny from all
    </Files>
    <Files .travis.yml>
        order allow,deny
        deny from all
    </Files>
    <Files CHANGELOG.md>
        order allow,deny
        deny from all
    </Files>
    <Files CONTRIBUTING.md>
        order allow,deny
        deny from all
    </Files>
    <Files COPYING.txt>
        order allow,deny
        deny from all
    </Files>
    <Files Gruntfile.js>
        order allow,deny
        deny from all
    </Files>
    <Files LICENSE.txt>
        order allow,deny
        deny from all
    </Files>
    <Files LICENSE_AFL.txt>
        order allow,deny
        deny from all
    </Files>
    <Files nginx.conf.sample>
        order allow,deny
        deny from all
    </Files>
    <Files package.json>
        order allow,deny
        deny from all
    </Files>
    <Files php.ini.sample>
        order allow,deny
        deny from all
    </Files>
    <Files README.md>
        order allow,deny
        deny from all
    </Files>
    <Files magento_umask>
        order allow,deny
        deny from all
    </Files>
ErrorDocument 404 /pub/errors/404.php
ErrorDocument 403 /pub/errors/404.php
<IfModule mod_headers.c>
    Header set X-UA-Compatible "IE=edge"
    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
        Header unset X-UA-Compatible
    </FilesMatch>
</IfModule>