diff --git a/h5bp/internet_explorer/x-ua-compatible.conf b/h5bp/internet_explorer/x-ua-compatible.conf index 0d42e58..b109bad 100644 --- a/h5bp/internet_explorer/x-ua-compatible.conf +++ b/h5bp/internet_explorer/x-ua-compatible.conf @@ -8,9 +8,9 @@ # https://hsivonen.fi/doctype/#ie8 # # (!) Starting with Internet Explorer 11, document modes are deprecated. -# If your business still relies on older web apps and services that were -# designed for older versions of Internet Explorer, you might want to consider -# enabling `Enterprise Mode` throughout your company. +# If your business still relies on older web apps and services that were +# designed for older versions of Internet Explorer, you might want to +# consider enabling `Enterprise Mode` throughout your company. # # https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode # https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/ diff --git a/h5bp/location/security_file_access.conf b/h5bp/location/security_file_access.conf index dad8ecb..80c1d4b 100644 --- a/h5bp/location/security_file_access.conf +++ b/h5bp/location/security_file_access.conf @@ -31,10 +31,10 @@ location ~* /\.(?!well-known\/) { # https://feross.org/cmsploit/ # # (!) Update the `location` regular expression from below to include any files -# that might end up on your production server and can expose sensitive -# information about your website. These files may include: configuration files, -# files that contain metadata about the project (e.g.: project dependencies), -# build scripts, etc.. +# that might end up on your production server and can expose sensitive +# information about your website. These files may include: configuration +# files, files that contain metadata about the project (e.g.: project +# dependencies, build scripts, etc.). location ~* (?:#.*#|\.(?:bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$ { deny all; diff --git a/h5bp/security/strict-transport-security.conf b/h5bp/security/strict-transport-security.conf index 4d13137..d6f49f1 100644 --- a/h5bp/security/strict-transport-security.conf +++ b/h5bp/security/strict-transport-security.conf @@ -13,13 +13,13 @@ # via HTTPS, regardless of what the users type in the browser's address bar. # # (!) Be aware that this, once published, is not revokable and you must ensure -# being able to serve the site via SSL for the duration you've specified -# in max-age. When you don't have a valid SSL connection (anymore) your -# visitors will see a nasty error message even when attempting to connect -# via simple HTTP. +# being able to serve the site via SSL for the duration you've specified +# in max-age. When you don't have a valid SSL connection (anymore) your +# visitors will see a nasty error message even when attempting to connect +# via simple HTTP. # # (!) Remove the `includeSubDomains` optional directive if the website's -# subdomains are not using HTTPS. +# subdomains are not using HTTPS. # # (1) If you want to submit your site for HSTS preload (2) you must # * ensure the `includeSubDomains` directive to be present diff --git a/h5bp/security/x-xss-protection.conf b/h5bp/security/x-xss-protection.conf index d49d660..471345e 100644 --- a/h5bp/security/x-xss-protection.conf +++ b/h5bp/security/x-xss-protection.conf @@ -1,5 +1,5 @@ # ---------------------------------------------------------------------- -# | Reflected Cross-Site Scripting (XSS) attacks | +# | Cross-Site Scripting (XSS) Protection | # ---------------------------------------------------------------------- # Protect website reflected Cross-Site Scripting (XSS) attacks.