diff --git a/public/.htaccess b/public/.htaccess
new file mode 100644
index 0000000..c393585
--- /dev/null
+++ b/public/.htaccess
@@ -0,0 +1,59 @@
+<IfModule mod_rewrite.c>
+    <IfModule mod_negotiation.c>
+        Options -MultiViews -Indexes
+    </IfModule>
+
+    RewriteEngine On
+
+    # 環境判定判定
+    SetEnvIf HOST "^.*easyreceipt.jp$" isProduction=yes
+    SetEnvIf HOST "15.152.238.14" isStaging=yes
+    SetEnvIf HOST "^localhost.*$" isLocal=yes
+    
+
+    # SSL強制
+    RewriteCond %{ENV:isProduction} yes
+    RewriteCond %{HTTPS} off
+    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+    
+    # SSL強制のキャッシュ
+    Header set "Strict-Transport-Security" "max-age=86400" env=isProduction
+    
+    Header unset X-Powered-By
+
+    Header set "Content-Security-Policy" "default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: api.iconify.design;font-src 'self' fonts.gstatic.com;frame-ancestors 'none';form-action 'self';connect-src 'self' https:" env=isProduction
+    Header set "Content-Security-Policy" "default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: api.iconify.design;font-src 'self' fonts.gstatic.com;frame-ancestors 'none';form-action 'self';connect-src 'self' https:" env=isStaging
+
+    Header set "X-Frame-Options" "deny" env=isProduction
+    Header set "X-Frame-Options" "deny" env=isStaging
+
+    Header set "Cache-Control" "no-cache, no-store, must-revalidate"
+    
+    # Handle Authorization Header
+    RewriteCond %{HTTP:Authorization} .
+    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
+
+    # Redirect Trailing Slashes If Not A Folder...
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteCond %{REQUEST_URI} (.+)/$
+    RewriteRule ^ %1 [L,R=301]
+
+    # Send Requests To Front Controller...
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteRule ^ index.php [L]
+
+    # 以下、ファイルアクセス
+    # リソース判定
+    SetEnvIf Request_URI "^\/static\/js\/.+\.js$" isJsFile=yes
+    SetEnvIf Request_URI "^\/static\/css\/.+\.css$" isCssFile=yes
+    SetEnvIf Request_URI "^\/fonts\/.+$" isFontFile=yes
+
+    Header set "Cache-Control" "private, no-cache" env=isJsFile
+    Header set "Cache-Control" "private, no-cache" env=isCssFile
+    Header set "Cache-Control" "private, no-cache" env=isFontFile
+
+    Header set "X-Content-Type-Options" "nosniff" env=isProduction
+    Header set "X-Content-Type-Options" "nosniff" env=isStaging
+
+</IfModule>