diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3f2e1b11..b4e06599 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,7 +3,7 @@ image: python:3.7-alpine
 variables:
   HUGO_VERSION: '0.53'  # https://github.com/gohugoio/hugo/releases
   HUGO_SHA: '0e4424c90ce5c7a0c0f7ad24a558dd0c2f1500256023f6e3c0004f57a20ee119'  # xxx_Linux-64bit.tar.gz
-  AWSCLI_VERSION: '1.16.21'  # https://github.com/aws/aws-cli/blob/master/CHANGELOG.rst
+  AWSCLI_VERSION: '1.16.220'  # https://github.com/aws/aws-cli/blob/master/CHANGELOG.rst
 
 before_script:
   # update alpine
@@ -26,25 +26,6 @@ deploy:
     # upload all files
     - aws s3 sync ./public s3://$S3_BUCKET_NAME --delete --region us-east-1 --cache-control "max-age=3600, public" --metadata-directive "REPLACE"
 
-    # set cache-control and certain content-types manually because S3 sucks at guessing
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.ico"   --content-type="image/x-icon"    --cache-control "max-age=604800, public"   --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.svg"   --content-type="image/svg+xml"   --cache-control "max-age=2628000, public"  --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.ttf"   --content-type="font/ttf"        --cache-control "max-age=2628000, public"  --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.otf"   --content-type="font/otf"        --cache-control "max-age=2628000, public"  --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.eot"   --content-type="application/vnd.ms-fontobject" --cache-control "max-age=2628000, public" --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.woff"  --content-type="font/woff"       --cache-control "max-age=2628000, public"  --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.woff2" --content-type="font/woff2"      --cache-control "max-age=2628000, public"  --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.xml"   --content-type="text/xml"        --cache-control "max-age=3600, public"     --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.mp4"   --content-type="video/mp4"       --cache-control "max-age=604800, public"   --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.webm"  --content-type="video/webm"      --cache-control "max-age=604800, public"   --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.vtt"   --content-type="text/vtt"        --cache-control "max-age=604800, public"   --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.docx"  --content-type="application/vnd.openxmlformats-officedocument.wordprocessingml.document" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.pdf"   --content-type="application/pdf" --cache-control "max-age=604800, public"   --metadata-directive="REPLACE" --recursive
-
-    # a few more caching improvements
-    - aws s3 cp s3://$S3_BUCKET_NAME s3://$S3_BUCKET_NAME --exclude "*" --include "*.css" --include "*.js" --include "*.jpg" --include "*.png" --include "*.gif" --cache-control "max-age=604800, public" --metadata-directive="REPLACE" --recursive
-    - aws s3 cp s3://$S3_BUCKET_NAME/jarvis.asc s3://$S3_BUCKET_NAME/jarvis.asc --content-type="text/plain; charset=utf-8" --cache-control "max-age=0, no-store, no-cache, must-revalidate" --content-disposition "inline; filename=\"jarvis.asc\"" --metadata-directive="REPLACE"
-
     # purge CloudFlare cache
     - >-
         curl -X POST "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE}/purge_cache" -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" -H "X-Auth-Key: ${CLOUDFLARE_KEY}" -H "Content-Type: application/json" --data '{"purge_everything":true}'
diff --git a/worker.js b/worker.js
index 0fd91e0d..6ec06b40 100644
--- a/worker.js
+++ b/worker.js
@@ -51,6 +51,55 @@ async function fetchAndApply(request) {
   // Make response headers mutable
   response = new Response(response.body, response)
 
+  // Content-Type and Cache-Control headers based on file extension...
+  // ...because S3 sucks at guessing.
+  if(response.status === 200) {
+    let url = new URL(request.url)
+
+    // Content-Type
+    if (new RegExp(`\\.ico$`).test(url.pathname))
+      response.headers.set("Content-Type", "image/x-icon")
+    else if (new RegExp(`\\.svg$`).test(url.pathname))
+      response.headers.set("Content-Type", "image/svg+xml")
+    else if (new RegExp(`\\.ttf$`).test(url.pathname))
+      response.headers.set("Content-Type", "font/ttf")
+    else if (new RegExp(`\\.otf$`).test(url.pathname))
+      response.headers.set("Content-Type", "font/otf")
+    else if (new RegExp(`\\.eot$`).test(url.pathname))
+      response.headers.set("Content-Type", "application/vnd.ms-fontobject")
+    else if (new RegExp(`\\.woff$`).test(url.pathname))
+      response.headers.set("Content-Type", "font/woff")
+    else if (new RegExp(`\\.woff2$`).test(url.pathname))
+      response.headers.set("Content-Type", "font/woff2")
+    else if (new RegExp(`\\.xml$`).test(url.pathname))
+      response.headers.set("Content-Type", "text/xml")
+    else if (new RegExp(`\\.mp4$`).test(url.pathname))
+      response.headers.set("Content-Type", "video/mp4")
+    else if (new RegExp(`\\.webm$`).test(url.pathname))
+      response.headers.set("Content-Type", "video/webm")
+    else if (new RegExp(`\\.vtt$`).test(url.pathname))
+      response.headers.set("Content-Type", "text/vtt")
+    else if (new RegExp(`\\.docx$`).test(url.pathname))
+      response.headers.set("Content-Type", "application/vnd.openxmlformats-officedocument.wordprocessingml.document")
+    else if (new RegExp(`\\.pdf$`).test(url.pathname))
+      response.headers.set("Content-Type", "application/pdf")
+
+    // Cache-Control
+    if (new RegExp(`\\.(css|js|jpg|png|gif|svg|ico|mp4|webm|vtt|pdf)$`).test(url.pathname))
+      response.headers.set("Cache-Control", "max-age=604800, public")
+    else if (new RegExp(`\\.(ttf|otf|eot|woff|woff2)$`).test(url.pathname))
+      response.headers.set("Cache-Control", "max-age=2628000, public")
+    else
+      response.headers.set("Cache-Control", "max-age=3600, public")
+
+    // .asc exception
+    if (new RegExp(`\\.asc$`).test(url.pathname)) {
+      response.headers.set("Content-Type", "text/plain; charset=utf-8")
+      response.headers.set("Cache-Control", "max-age=0, no-store, no-cache, must-revalidate")
+      response.headers.set("Content-Disposition", "inline; filename=\"jarvis.asc\"")
+    }
+  }
+
   // Set each header in addHeaders
   Object.keys(addHeaders).map(function(name, index) {
     response.headers.set(name, addHeaders[name])