Security fixes: Add CSP, referrer policy, fix invalid HTML

- Add Content Security Policy header - Add strict referrer policy - Fix missing rel="noopener noreferrer" on external link - Replace invalid </br> tags with proper div spacing - Improve overall security posture 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-24 12:02:04 +01:00 · 2026-02-24 12:02:04 +01:00 · a6533bfb3d
commit a6533bfb3d
parent 27d7869636
1 changed files with 5 additions and 3 deletions
--- a/index.html
+++ b/index.html
@ -3,6 +3,8 @@
 <head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width,initial-scale=1" />
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'none'; frame-src 'none'; object-src 'none';" />
+  <meta name="referrer" content="strict-origin-when-cross-origin" />
  <meta name="description" content="Vanity on Tour: Vanlife trifft Technik – Apps, Tools, Blog & Projekte." />
  <title>Vanity on Tour – Go</title>

@ -105,7 +107,7 @@
            </div>
            <div class="card-actions">
              <a class="btn primary" href="https://staysense.vanityontour.de" target="_blank" rel="noopener">StaySense öffnen</a>
-              <a class="btn ghost" href="https://landing.staysense.vanityontour.de" target="_blank">Was kann das?</a>
+              <a class="btn ghost" href="https://landing.staysense.vanityontour.de" target="_blank" rel="noopener noreferrer">Was kann das?</a>
            </div>
          </article>

@ -142,7 +144,7 @@

        </div>

-      </br></br></br>
+      <div style="height: 3rem;"></div>
    </section>

    <section id="support" class="section alt">
@ -183,7 +185,7 @@
            <br />
            <a href="mailto:kontakt@vanityontour.de">kontakt@vanityontour.de</a>
          </p>
-        </br></br>
+        <div style="height: 2rem;"></div>
        </div>
      </div>
    </section>