deploy: Produktions-Update 2026-01-16 - Accessibility & Bug Fixes

dist/includes/functions.php

@@ -3,34 +3,6 @@
  * Helper functions for HexaHost.de
  */
 
-// Security Headers setzen (nur wenn noch nicht gesendet)
-if (!headers_sent()) {
-    // Schutz vor Clickjacking
-    header('X-Frame-Options: DENY');
-    
-    // Schutz vor MIME-Type-Sniffing
-    header('X-Content-Type-Options: nosniff');
-    
-    // XSS-Schutz für ältere Browser
-    header('X-XSS-Protection: 1; mode=block');
-    
-    // Referrer-Policy für Privatsphäre
-    header('Referrer-Policy: strict-origin-when-cross-origin');
-    
-    // Permissions-Policy (ehemals Feature-Policy)
-    header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
-    
-    // Content-Security-Policy (angepasst für die verwendeten Ressourcen)
-    $csp = "default-src 'self'; ";
-    $csp .= "script-src 'self' 'unsafe-inline'; ";
-    $csp .= "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; ";
-    $csp .= "font-src 'self' https://fonts.gstatic.com; ";
-    $csp .= "img-src 'self' https://cdn.hexahost.de data:; ";
-    $csp .= "connect-src 'self'; ";
-    $csp .= "frame-ancestors 'none';";
-    header("Content-Security-Policy: " . $csp);
-}
-
 // Sichere Session-Konfiguration
 if (session_status() === PHP_SESSION_NONE) {
     // Session-Cookie-Sicherheit