feat: Enhance security and SEO with new headers and metadata

- Added security headers to prevent clickjacking, MIME-type sniffing, and XSS attacks. - Implemented Content Security Policy for resource management. - Included Open Graph and Twitter Card metadata for improved social media sharing. - Added structured data (JSON-LD) for better search engine visibility. - Improved accessibility with a skip link for main content navigation.
2026-01-16 23:52:43 +01:00
parent 4e0d64999e
commit aad6c3ea8a
3 changed files with 71 additions and 4 deletions
--- a/dist/includes/functions.php
+++ b/dist/includes/functions.php
@@ -3,6 +3,34 @@
 * Helper functions for HexaHost.de
 */

+// Security Headers setzen (nur wenn noch nicht gesendet)
+if (!headers_sent()) {
+    // Schutz vor Clickjacking
+    header('X-Frame-Options: DENY');
+    
+    // Schutz vor MIME-Type-Sniffing
+    header('X-Content-Type-Options: nosniff');
+    
+    // XSS-Schutz für ältere Browser
+    header('X-XSS-Protection: 1; mode=block');
+    
+    // Referrer-Policy für Privatsphäre
+    header('Referrer-Policy: strict-origin-when-cross-origin');
+    
+    // Permissions-Policy (ehemals Feature-Policy)
+    header("Permissions-Policy: geolocation=(), microphone=(), camera=()");
+    
+    // Content-Security-Policy (angepasst für die verwendeten Ressourcen)
+    $csp = "default-src 'self'; ";
+    $csp .= "script-src 'self' 'unsafe-inline'; ";
+    $csp .= "style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; ";
+    $csp .= "font-src 'self' https://fonts.gstatic.com; ";
+    $csp .= "img-src 'self' https://cdn.hexahost.de data:; ";
+    $csp .= "connect-src 'self'; ";
+    $csp .= "frame-ancestors 'none';";
+    header("Content-Security-Policy: " . $csp);
+}
+
 // Sichere Session-Konfiguration
 if (session_status() === PHP_SESSION_NONE) {
    // Session-Cookie-Sicherheit
--- a/dist/includes/header.php
+++ b/dist/includes/header.php
@@ -45,8 +45,47 @@
    <?php if (isset($canonical_url)): ?>
    <link rel="canonical" href="<?php echo htmlspecialchars($canonical_url); ?>">
    <?php endif; ?>
+    
+    <!-- Open Graph Bild -->
+    <meta property="og:image" content="https://cdn.hexahost.de/assets/img/og-image.jpg">
+    <meta property="og:image:width" content="1200">
+    <meta property="og:image:height" content="630">
+    <meta property="og:image:alt" content="HexaHost.de - Zuverlässiges Hosting aus Niederbayern">
+    
+    <!-- Twitter Card -->
+    <meta name="twitter:card" content="summary_large_image">
+    <meta name="twitter:title" content="<?php echo isset($page_title) ? htmlspecialchars($page_title) : 'HexaHost.de'; ?>">
+    <meta name="twitter:description" content="<?php echo isset($page_description) ? htmlspecialchars($page_description) : 'Zuverlässiges Hosting aus Niederbayern'; ?>">
+    <meta name="twitter:image" content="https://cdn.hexahost.de/assets/img/og-image.jpg">
+    
+    <!-- Structured Data (JSON-LD) -->
+    <script type="application/ld+json">
+    {
+        "@context": "https://schema.org",
+        "@type": "Organization",
+        "name": "HexaHost.de",
+        "url": "https://hexahost.de",
+        "logo": "https://cdn.hexahost.de/assets/img/logo/8iFs123BynHQWHI5.png",
+        "description": "Zuverlässiges und preiswertes Hosting aus Niederbayern - VPS, VPC, Mail Gateway und Webhosting",
+        "address": {
+            "@type": "PostalAddress",
+            "addressRegion": "Bayern",
+            "addressCountry": "DE"
+        },
+        "contactPoint": {
+            "@type": "ContactPoint",
+            "contactType": "customer service",
+            "availableLanguage": ["German"],
+            "areaServed": "DE"
+        },
+        "sameAs": []
+    }
+    </script>
 </head>
 <body>
+    <!-- Skip to main content (Accessibility) -->
+    <a href="#main-content" class="skip-link">Zum Hauptinhalt springen</a>
+    
    <header class="header">
        <nav class="nav">
            <div class="nav-container">
@@ -55,7 +94,7 @@
                        <img src="https://cdn.hexahost.de/assets/img/logo/8iFs123BynHQWHI5.png" alt="HexaHost.de Logo" class="logo-image">
                    </a>
                </div>
-                <ul class="nav-menu">
+                <ul class="nav-menu" id="nav-menu" role="menubar">
                    <li><a href="/" class="nav-link <?php echo ($current_page === 'home') ? 'active' : ''; ?>">Home</a></li>
                    <li class="nav-dropdown">
                        <a href="#" class="nav-link <?php echo (in_array($current_page, ['vpc', 'vps', 'mail-gateway', 'webhosting'])) ? 'active' : ''; ?>">Produkte</a>
@@ -69,11 +108,11 @@
                    <li><a href="/about" class="nav-link <?php echo ($current_page === 'about') ? 'active' : ''; ?>">Über uns</a></li>
                    <li><a href="/contact" class="nav-link <?php echo ($current_page === 'contact') ? 'active' : ''; ?>">Kontakt</a></li>
                </ul>
-                <div class="nav-toggle">
+                <button class="nav-toggle" aria-label="Menü öffnen" aria-expanded="false" aria-controls="nav-menu">
                    <span></span>
                    <span></span>
                    <span></span>
-                </div>
+                </button>
            </div>
        </nav>
    </header>