From a6533bfb3d61cc255fb777610847ab681ae2321a Mon Sep 17 00:00:00 2001
From: Oliver G <oliver@giertz.biz>
Date: Tue, 24 Feb 2026 12:02:04 +0100
Subject: [PATCH] Security fixes: Add CSP, referrer policy, fix invalid HTML
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Add Content Security Policy header
- Add strict referrer policy
- Fix missing rel="noopener noreferrer" on external link
- Replace invalid </br> tags with proper div spacing
- Improve overall security posture

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 index.html | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/index.html b/index.html
index 6f08541..9b4f597 100644
--- a/index.html
+++ b/index.html
@@ -3,6 +3,8 @@
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width,initial-scale=1" />
+  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'none'; frame-src 'none'; object-src 'none';" />
+  <meta name="referrer" content="strict-origin-when-cross-origin" />
   <meta name="description" content="Vanity on Tour: Vanlife trifft Technik – Apps, Tools, Blog & Projekte." />
   <title>Vanity on Tour – Go</title>
 
@@ -105,7 +107,7 @@
             </div>
             <div class="card-actions">
               <a class="btn primary" href="https://staysense.vanityontour.de" target="_blank" rel="noopener">StaySense öffnen</a>
-              <a class="btn ghost" href="https://landing.staysense.vanityontour.de" target="_blank">Was kann das?</a>
+              <a class="btn ghost" href="https://landing.staysense.vanityontour.de" target="_blank" rel="noopener noreferrer">Was kann das?</a>
             </div>
           </article>
 
@@ -142,7 +144,7 @@
 
         </div>
 
-      </br></br></br>
+      <div style="height: 3rem;"></div>
     </section>
 
     <section id="support" class="section alt">
@@ -183,7 +185,7 @@
             <br />
             <a href="mailto:kontakt@vanityontour.de">kontakt@vanityontour.de</a>
           </p>
-        </br></br>
+        <div style="height: 2rem;"></div>
         </div>
       </div>
     </section>