.htaccess Generator

Build a .htaccess for Apache. Toggle HTTPS forcing, www↔non-www redirect, trailing-slash normalization, browser caching, gzip compression, security headers, common redirect patterns, and HTTP basic auth. Download ready-to-deploy.

Redirects

Caching & Compression

Security Headers

Misc

How to use the .htaccess Generator

Toggle the rules you want. The output is a complete .htaccess ready to drop at your domain root. Test in staging before production — a typo in mod_rewrite can take a whole site down with a 500. Hostinger and most shared hosts support every directive in the output.

What an .htaccess file does

On Apache and LiteSpeed servers, .htaccess is the per-directory control file that handles jobs you would otherwise set in the main server config — forcing HTTPS, redirecting www, setting cache lifetimes, gzipping responses, adding security headers — without needing root access. That makes it the standard way to configure shared hosting, where you cannot touch the global configuration at all.

This assembles one from toggles for the rules people actually use: HTTPS and www redirects, trailing-slash and extension handling, caching, gzip, and the common security headers. It writes the Apache directives; on nginx the same jobs live in a server block, which the nginx config generator produces, and to confirm the security headers it emits behave as intended, paste them into the HTTP headers explainer.

Common use cases

  • Shared hosting setup — configure redirects and caching without server-level access.
  • Force HTTPS — redirect all HTTP traffic to the secure version in one rule.
  • Canonical host — settle on www or non-www to avoid duplicate-content splits.
  • Security baseline — add HSTS, nosniff, and frame-protection headers quickly.
  • Asset caching — set long cache lifetimes for static files to speed repeat visits.

Frequently asked questions

Does .htaccess work on nginx?

No — nginx ignores it. Use a server block instead; the nginx config generator builds one with the same rules.

Why did my site return a 500 after adding it?

Usually a directive your Apache build has no module for, or a mod_rewrite typo. Test in staging and check the error log.

Where does the file go?

At your domain's document root. The name is literally .htaccess, with the leading dot.

Can it build a full Content-Security-Policy?

It adds basic headers; for a detailed policy use the CSP policy builder and paste the result in.
Embed this tool on your site

Free to embed, no attribution required (but appreciated). Paste this where you want the tool to appear: