YSlow Cookie-free Domains – htaccess caching, mod_expires

Home Forums BulletProof Security Pro YSlow Cookie-free Domains – htaccess caching, mod_expires

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
  • #2003
    AITpro Admin

    Email Question:

    Hi Edward,

    How are you today? I have a question and this has not meen with the BPS but my website need to set cookies. Because some plugins used cookies.  I have read that you can set cookies mod_write in .htaccess file. I have tested with yslow under chrome browser, see the results below.  How can i resolved this? Or wich code i must use for this.  Can you help me? You are the expert about the .htaccess file  Is this the right way by the way to right code in the .htaccess file?  Greetings, Antoin  Grade F on Use cookie-free domains There are 54 components that are not cookie-free

    AITpro Admin
    Antoin Vink

    Hi, Thank you for the links, realy appreciate it.
    I saw this link: http://www.xpertdeveloper.com/2011/07/wordpress-cookie-free-domain/
    What is realy better .htaccess or wp-config.php
    But i don’t know how to apply this:

    define("WP_CONTENT_URL", "http://static.yourdomain.com");
    define("COOKIE_DOMAIN", "www.yourdomain.com");

    Note: Please make sure that you have used “bloginfo(‘template_directory’)” to load your static content in theme files.

    AITpro Admin

    Personally I use htaccess code as much as possible to accomplish whatever I need to accomplish so I would personally go the htaccess code route. The primary reason for this I can change things really quickly – add, remove and modify htaccess code as needed.  Adding a subdomain site is not as simple an issue as it seems at face value.  Creating a subdomain site will have an impact on your main site.  A subdomain site is treated as a separate domain.  Before you decide to create a subdomain site you should reseach the Pros and Cons of creating a subdomain site.

    Note:  I assume this is a typo / mistake – I believe that this will break your plugins that use this Constant because the wp-content folder is not included in URL path.  I could be wrong, but If you are considering going this route you should triple check this.

    define("WP_CONTENT_URL", "http://static.yourdomain.com");
    Antoin Vink

    Yeah, you have right. This sounds very logical!
    I will take the .htaccess route. I will read your links. Thanks for the great tips!

    Antoin Vink


    I have search about the mod_expires code, but there are many of them.
    On the first link what you give me you have three samples http://www.askapache.com/htaccess/speed-up-sites-with-htaccess-caching.html#mod_expires_Caching_EX-_1. And this one i don’t know. Which code can i better use for my website Edward? So i can put it on my .htaccess file. This is very new for me.

    AITpro Admin

    EDIT:   Additional info added for WordPress sites:  http://forum.ait-pro.com/forums/topic/yslow-cookie-free-domains-htaccess-caching-mod_expires/#post-11479

    After looking at the whole cookie-free domain thing some more it appears that the only way to implement this would be to create a subdomain site.  I have never attempted to implement this so I really don’t have any answers for you regarding this quesition.  I had misinterpreted what the cookie-free domain method is supposed to accomplish and had assumed it was tied directly to caching, but I see that it is similar, but actually something different.  So unfortunately I cannot assist you with this since I know pretty much zero about this.

    Just FYI on the askapache caching methods:
    The askapache website shows you 2 ways that you can do caching with htaccess code to speed up your website and this is different then implementing a cookie-free domain.


    You can use either or both together as you see for failsafe caching if one does not work on your particular Host.  What that means is that one mod may be ignored on your particular Host / Server while the other does work / is allowed.  Most likely both will work / are allowed since these are now very standardized mods.

    Antoin Vink

    Hi Sir,

    Thanks for your excellent explanation. Indeed, I think that domain is very different.
    Especially if you are using W3 Total Cache. Then mod_expires and mod_headers is much better for that.I can add these htaccess codes under category: B-Core———CUSTOM CODE BOTTOM: Add miscellaneous custom htaccess code hereONLY add validation code below htaccess or text commented out with a pound sign #———And add and save?Thanks for your timeGreetings!

    Antoin Vink

    This is a nice code for the Custom code: http://www.askapache.com/hacking/speed-site-caching-cache-control.html
    With both mod_expires + mod_headers
    Caching with .htaccess and Apache will take your website and your web skills to the next level. This is some technical and advanced methods condensed to simple htaccess code examples for you. But you must take the time to understand caching with cache-control and other headers and HTTP options before you implement on a production server.

    Caching with both mod_expires + mod_headers
    # Turn on Expires and set default to 0
    ExpiresActive On
    ExpiresDefault A0
    # Set up caching on media files for 1 year (forever?)
    <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav)$">
    ExpiresDefault A29030400
    Header append Cache-Control "public"
    # Set up caching on media files for 1 week
    <FilesMatch "\.(gif|jpg|jpeg|png|swf)$">
    ExpiresDefault A604800
    Header append Cache-Control "public"
    # Set up 2 Hour caching on commonly updated files
    <FilesMatch "\.(xml|txt|html|js|css)$">
    ExpiresDefault A7200
    Header append Cache-Control "proxy-revalidate"
    # Force no caching for dynamic files
    <FilesMatch "\.(php|cgi|pl|htm)$">
    ExpiresActive Off
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
    AITpro Admin

    Hmm if you are already using W3TC then what you would want to combine your custom .htaccess code into the W3TC htaccess code and what you would need to do then is take all of the combined .htaccess code and add it to the CUSTOM CODE TOP: Add php.ini handler code and / or miscellaneous custom code heretext box.  If your site is using a php/php.ini handler then you would need to also add that php/php.ini handler code into the Custom Code Top text box above your combined caching .htaccess code.

    The disadvantage of doing this is if you redeploy W3TC then it will write new .htaccess code to your root .htaccess file and overwrite you combined custom code.  Since your custom code is saved permanently to BPS Pro Custom Code then you would need to add it back again by activating Root BulletProof Mode again.

    Antoin Vink

    I will try, thank you!If I can not get the custom code to add, can i ask you to help me?
    Like before to login.But I will try first.I will come back, and will reply in this topic again.

    AITpro Admin

    Sure after you have combined all your custom .htaccess code then so done some testing by using any one of the sites out there that allow you to check caching.  This site is a very good one below for checking everything related to caching and other stuff too.  It will tell you what is working and not working.  After you have done all this and if you are running into a problem then email me your code and I will see what might be wrong with it.


    AITpro Admin

    Since this post is ranking very high for no good reason I thought it would be nice to add some actual content that could be useful to someone.  This is specific to WordPress so if you do not have a WordPress site then the general concept applies, but of course the implementation is going to be different.  The only thing that concerns me about doing something like this is:  if you are using affiliate software that tracks cookies does this impact or negate that cookie tracking?  My assumption is this would be used for only image based stuff, but if you are using some sort of affiliate software/plugin on your site you should do extensive sandbox testing before implementing something like this.



    The domain set in the cookies for WordPress can be specified for those with unusual domain setups. One reason is if subdomains are used to serve static content  . To prevent WordPress cookies from being sent with each request to static content on your subdomain you can set the cookie domain to your non-static domain only.

    Using a Static Subdomain site to serve/handle Cookies and image files (logically if you make the effort to do the Cookie Domain thing then you might as well go all the way and serve all your image files from this domain/subdomain site).

    Important Note: If you choose to have all your image files stored and loaded from a subdomain website then if you are using WordPress that would mean that you would need to install another WordPress subdomain website and all of your image files would need to be on/uploaded/stored on that WordPress subdomain website. All of your other WordPress websites that are currently getting their image files from the /uploads folder on each of those other WordPress sites would need to have all image links changed to point to your new WordPress subdomain site’s image file folder: /uploads or of course you could do something custom, but that would make image file management a royal pain.

    Technical Structure|Architecture|Settings (using “static” as the example subdomain website name):
    Create a hosting account folder named: /static/ and put a test file in that folder: /static/test.php (echo ‘DNS is working’;) so you know when DNS is working.
    Create a DNS A or CNAME record in your web host control panel for the static subdomain.
    When your test.php file displays “DNS is working” by browsing to that URL (static.example.com) you can then install WordPress in the /static/ folder.
    WordPress Settings > General > WordPress Address (URL): http://static.example.com and Site Address (URL): http://static.example.com

    The Cookie Domain stuff is self-explanatory in the above reference links so I will just cover the image file stuff.
    Download all of your image files from all of your websites and upload them to the new static subdomain site. If you have a massive amount of image files then it would probably be quicker to clone 1 of your websites that contains the majority/most image files out of all of your sites instead of installing a new WordPress installation and then you would manually upload the image files for/from any other sites. You can then reverse engineer that subdomain site (ie delete all Posts and Pages, delete anything else that is not needed since this subdomain site would just be a media/image file “server” of sorts).
    Finally point all of your site’s image file links to the new subdomain site where you have uploaded the image files. I believe it would be much better for performance to go to the WordPress Media Library and manually change all image file URL’s individually for each of your images and point them to your new subdomain site’s image folder. This could also be done by rewriting image file URI’s|URL’s with htaccess code, but I think it would cause a performance hit and would probably negate the benefit of doing the whole static subdomain image “server” thing.

Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.