RewriteEngine On RewriteBase / # DO NOT rewrite URLs starting with /frontend to Laravel RewriteCond %{REQUEST_URI} ^/frontend/ RewriteRule ^ - [L] # If the request is NOT a real file or directory RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Route all other requests to Laravel index.php RewriteRule ^ index.php [L] # your other headers and Options here Header set Strict-Transport-Security "max-age=31536000" env=HTTPS Header always set X-Frame-Options "deny" Header setifempty Referrer-Policy: same-origin Header set X-XSS-Protection "1; mode=block" Header set X-Permitted-Cross-Domain-Policies "none" Header set Referrer-Policy "no-referrer" Header set X-Content-Type-Options: nosniff Options -Indexes