diff --git a/.eslintrc.js b/.eslintrc.js
deleted file mode 100644
index 308e0a7..0000000
--- a/.eslintrc.js
+++ /dev/null
@@ -1,26 +0,0 @@
-module.exports = {
- "env": {
- "browser": true,
- "es6": true,
- "mocha": true
- },
- "plugins": ["mocha"],
- "extends": "eslint:recommended",
- "parserOptions": {
- "sourceType": "module"
- },
- "rules": {
- "indent": [
- "error",
- 2
- ],
- "quotes": [
- "error",
- "single"
- ],
- "semi": [
- "error",
- "always"
- ]
- }
-};
diff --git a/.gitignore b/.gitignore
index 1c7d971..e69de29 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +0,0 @@
-archive
-node_modules
-package-lock.json
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
deleted file mode 100644
index 03d9549..0000000
--- a/.idea/inspectionProfiles/Project_Default.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-
-
-
-
\ No newline at end of file
diff --git a/.jscsrc b/.jscsrc
deleted file mode 100644
index a83f173..0000000
--- a/.jscsrc
+++ /dev/null
@@ -1,68 +0,0 @@
-{
- "disallowEmptyBlocks": true,
- "disallowKeywords": [
- "with"
- ],
- "disallowMixedSpacesAndTabs": true,
- "disallowMultipleLineStrings": true,
- "disallowMultipleVarDecl": true,
- "disallowSpaceAfterPrefixUnaryOperators": [
- "!",
- "+",
- "++",
- "-",
- "--",
- "~"
- ],
- "disallowSpaceBeforeBinaryOperators": [
- ","
- ],
- "disallowSpaceBeforePostfixUnaryOperators": true,
- "disallowSpacesInNamedFunctionExpression": {
- "beforeOpeningRoundBrace": true
- },
- "disallowSpacesInsideArrayBrackets": true,
- "disallowSpacesInsideParentheses": true,
- "disallowTrailingComma": true,
- "disallowTrailingWhitespace": true,
- "requireCamelCaseOrUpperCaseIdentifiers": true,
- "requireCapitalizedConstructors": true,
- "requireCommaBeforeLineBreak": true,
- "requireCurlyBraces": true,
- "requireDotNotation": true,
- "requireLineFeedAtFileEnd": true,
- "requireParenthesesAroundIIFE": true,
- "requireSpaceAfterBinaryOperators": true,
- "requireSpaceAfterKeywords": [
- "catch",
- "do",
- "else",
- "for",
- "if",
- "return",
- "switch",
- "try",
- "while"
- ],
- "requireSpaceAfterLineComment": true,
- "requireSpaceBeforeBinaryOperators": true,
- "requireSpaceBeforeBlockStatements": true,
- "requireSpacesInAnonymousFunctionExpression": {
- "beforeOpeningCurlyBrace": true
- },
- "requireSpacesInConditionalExpression": true,
- "requireSpacesInFunctionDeclaration": {
- "beforeOpeningCurlyBrace": true
- },
- "requireSpacesInFunctionExpression": {
- "beforeOpeningCurlyBrace": true
- },
- "requireSpacesInNamedFunctionExpression": {
- "beforeOpeningCurlyBrace": true
- },
- "requireSpacesInsideObjectBrackets": "allButNested",
- "validateIndentation": 4,
- "validateLineBreaks": "LF",
- "validateParameterSeparator": ", ",
- "validateQuoteMarks": "'"
-}
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 1106575..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# For more information about the configurations used
-# in this file, please see the Travis CI documentation:
-# https://docs.travis-ci.com
-
-git:
- depth: 10
-
-language: node_js
-
-node_js:
- - 6
- - 8
- - 9
-
-dist: trusty
-sudo: false
diff --git a/dist/404.html b/404.html
similarity index 100%
rename from dist/404.html
rename to 404.html
diff --git a/HS.png b/HS.png
new file mode 100644
index 0000000..66d27d7
Binary files /dev/null and b/HS.png differ
diff --git a/css/main.css b/css/main.css
new file mode 100644
index 0000000..1ecea82
--- /dev/null
+++ b/css/main.css
@@ -0,0 +1,19 @@
+body {
+ background-color: #003239;
+}
+
+.bg-image {
+ /*background-image: url("../HS.png");*/
+ background-image: url("../bg.png"), linear-gradient(to bottom, black, black, #3a3a3a, #009a9a,
+ #727272);
+ background-size: cover;
+ filter: blur(8px);
+ height: 100%;
+ position: absolute;
+ top: 0;
+ left: 0;
+ width: 100%;
+ z-index: -1;
+ margin: 0;
+ padding: 0;
+}
\ No newline at end of file
diff --git a/dist/.editorconfig b/dist/.editorconfig
deleted file mode 100644
index 125d12c..0000000
--- a/dist/.editorconfig
+++ /dev/null
@@ -1,13 +0,0 @@
-# editorconfig.org
-
-root = true
-
-[*]
-charset = utf-8
-indent_size = 2
-indent_style = space
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.md]
-trim_trailing_whitespace = false
diff --git a/dist/.gitattributes b/dist/.gitattributes
deleted file mode 100644
index c664a90..0000000
--- a/dist/.gitattributes
+++ /dev/null
@@ -1,194 +0,0 @@
-## GITATTRIBUTES FOR WEB PROJECTS
-#
-# These settings are for any web project.
-#
-# Details per file setting:
-# text These files should be normalized (i.e. convert CRLF to LF).
-# binary These files are binary and should be left untouched.
-#
-# Note that binary is a macro for -text -diff.
-######################################################################
-
-## AUTO-DETECT
-## Handle line endings automatically for files detected as
-## text and leave all files detected as binary untouched.
-## This will handle all files NOT defined below.
-* text=auto
-
-## SOURCE CODE
-*.bat text eol=crlf
-*.coffee text
-*.css text
-*.htm text
-*.html text
-*.inc text
-*.ini text
-*.js text
-*.json text
-*.jsx text
-*.less text
-*.od text
-*.onlydata text
-*.php text
-*.pl text
-*.py text
-*.rb text
-*.sass text
-*.scm text
-*.scss text
-*.sh text eol=lf
-*.sql text
-*.styl text
-*.tag text
-*.ts text
-*.tsx text
-*.xml text
-*.xhtml text
-
-## DOCKER
-*.dockerignore text
-Dockerfile text
-
-## DOCUMENTATION
-*.markdown text
-*.md text
-*.mdwn text
-*.mdown text
-*.mkd text
-*.mkdn text
-*.mdtxt text
-*.mdtext text
-*.txt text
-AUTHORS text
-CHANGELOG text
-CHANGES text
-CONTRIBUTING text
-COPYING text
-copyright text
-*COPYRIGHT* text
-INSTALL text
-license text
-LICENSE text
-NEWS text
-readme text
-*README* text
-TODO text
-
-## TEMPLATES
-*.dot text
-*.ejs text
-*.haml text
-*.handlebars text
-*.hbs text
-*.hbt text
-*.jade text
-*.latte text
-*.mustache text
-*.njk text
-*.phtml text
-*.tmpl text
-*.tpl text
-*.twig text
-
-## LINTERS
-.babelrc text
-.csslintrc text
-.eslintrc text
-.htmlhintrc text
-.jscsrc text
-.jshintrc text
-.jshintignore text
-.prettierrc text
-.stylelintrc text
-
-## CONFIGS
-*.bowerrc text
-*.cnf text
-*.conf text
-*.config text
-.browserslistrc text
-.editorconfig text
-.gitattributes text
-.gitconfig text
-.gitignore text
-.htaccess text
-*.npmignore text
-*.yaml text
-*.yml text
-browserslist text
-Makefile text
-makefile text
-
-## HEROKU
-Procfile text
-.slugignore text
-
-## GRAPHICS
-*.ai binary
-*.bmp binary
-*.eps binary
-*.gif binary
-*.ico binary
-*.jng binary
-*.jp2 binary
-*.jpg binary
-*.jpeg binary
-*.jpx binary
-*.jxr binary
-*.pdf binary
-*.png binary
-*.psb binary
-*.psd binary
-*.svg text
-*.svgz binary
-*.tif binary
-*.tiff binary
-*.wbmp binary
-*.webp binary
-
-## AUDIO
-*.kar binary
-*.m4a binary
-*.mid binary
-*.midi binary
-*.mp3 binary
-*.ogg binary
-*.ra binary
-
-## VIDEO
-*.3gpp binary
-*.3gp binary
-*.as binary
-*.asf binary
-*.asx binary
-*.fla binary
-*.flv binary
-*.m4v binary
-*.mng binary
-*.mov binary
-*.mp4 binary
-*.mpeg binary
-*.mpg binary
-*.ogv binary
-*.swc binary
-*.swf binary
-*.webm binary
-
-## ARCHIVES
-*.7z binary
-*.gz binary
-*.jar binary
-*.rar binary
-*.tar binary
-*.zip binary
-
-## FONTS
-*.ttf binary
-*.eot binary
-*.otf binary
-*.woff binary
-*.woff2 binary
-
-## EXECUTABLES
-*.exe binary
-*.pyc binary
diff --git a/dist/.gitignore b/dist/.gitignore
deleted file mode 100644
index ef8f3b1..0000000
--- a/dist/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-# Include your project-specific ignores in this file
-# Read about how to use .gitignore: https://help.github.com/articles/ignoring-files
-# Useful .gitignore templates: https://github.com/github/gitignore
diff --git a/dist/.htaccess b/dist/.htaccess
deleted file mode 100644
index 2a2bacf..0000000
--- a/dist/.htaccess
+++ /dev/null
@@ -1,1218 +0,0 @@
-# Apache Server Configs v3.2.1 | MIT License
-# https://github.com/h5bp/server-configs-apache
-
-# (!) Using `.htaccess` files slows down Apache, therefore, if you have
-# access to the main server configuration file (which is usually called
-# `httpd.conf`), you should add this logic there.
-#
-# https://httpd.apache.org/docs/current/howto/htaccess.html
-
-# ######################################################################
-# # CROSS-ORIGIN #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Cross-origin requests |
-# ----------------------------------------------------------------------
-
-# Allow cross-origin requests.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
-# https://enable-cors.org/
-# https://www.w3.org/TR/cors/
-
-#
-# Header set Access-Control-Allow-Origin "*"
-#
-
-# ----------------------------------------------------------------------
-# | Cross-origin images |
-# ----------------------------------------------------------------------
-
-# Send the CORS header for images when browsers request it.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image
-# https://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
-
-
-
-
- SetEnvIf Origin ":" IS_CORS
- Header set Access-Control-Allow-Origin "*" env=IS_CORS
-
-
-
-
-# ----------------------------------------------------------------------
-# | Cross-origin web fonts |
-# ----------------------------------------------------------------------
-
-# Allow cross-origin access to web fonts.
-#
-# https://developers.google.com/fonts/docs/troubleshooting
-
-
-
- Header set Access-Control-Allow-Origin "*"
-
-
-
-# ----------------------------------------------------------------------
-# | Cross-origin resource timing |
-# ----------------------------------------------------------------------
-
-# Allow cross-origin access to the timing information for all resources.
-#
-# If a resource isn't served with a `Timing-Allow-Origin` header that
-# would allow its timing information to be shared with the document,
-# some of the attributes of the `PerformanceResourceTiming` object will
-# be set to zero.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin
-# https://www.w3.org/TR/resource-timing/
-# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/
-
-#
-# Header set Timing-Allow-Origin: "*"
-#
-
-# ######################################################################
-# # ERRORS #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Custom error messages/pages |
-# ----------------------------------------------------------------------
-
-# Customize what Apache returns to the client in case of an error.
-#
-# https://httpd.apache.org/docs/current/mod/core.html#errordocument
-
-ErrorDocument 404 /404.html
-
-# ----------------------------------------------------------------------
-# | Error prevention |
-# ----------------------------------------------------------------------
-
-# Disable the pattern matching based on filenames.
-#
-# This setting prevents Apache from returning a 404 error as the result
-# of a rewrite when the directory with the same name does not exist.
-#
-# https://httpd.apache.org/docs/current/content-negotiation.html#multiviews
-
-Options -MultiViews
-
-# ######################################################################
-# # INTERNET EXPLORER #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Document modes |
-# ----------------------------------------------------------------------
-
-# Force Internet Explorer 8/9/10 to render pages in the highest mode
-# available in the various cases when it may not.
-#
-# https://hsivonen.fi/doctype/#ie8
-#
-# (!) Starting with Internet Explorer 11, document modes are deprecated.
-# If your business still relies on older web apps and services that were
-# designed for older versions of Internet Explorer, you might want to
-# consider enabling `Enterprise Mode` throughout your company.
-#
-# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
-# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
-# https://msdn.microsoft.com/en-us/library/ff955275.aspx
-
-
- Header set X-UA-Compatible "IE=edge" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
-
-
-# ######################################################################
-# # MEDIA TYPES AND CHARACTER ENCODINGS #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Media types |
-# ----------------------------------------------------------------------
-
-# Serve resources with the proper media types (f.k.a. MIME types).
-#
-# https://www.iana.org/assignments/media-types/media-types.xhtml
-# https://httpd.apache.org/docs/current/mod/mod_mime.html#addtype
-
-
-
- # Data interchange
-
- AddType application/atom+xml atom
- AddType application/json json map topojson
- AddType application/ld+json jsonld
- AddType application/rss+xml rss
- AddType application/geo+json geojson
- AddType application/rdf+xml rdf
- AddType application/xml xml
-
-
- # JavaScript
-
- # Servers should use text/javascript for JavaScript resources.
- # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
-
- AddType text/javascript js mjs
-
-
- # Manifest files
-
- AddType application/manifest+json webmanifest
- AddType application/x-web-app-manifest+json webapp
- AddType text/cache-manifest appcache
-
-
- # Media files
-
- AddType audio/mp4 f4a f4b m4a
- AddType audio/ogg oga ogg opus
- AddType image/bmp bmp
- AddType image/svg+xml svg svgz
- AddType image/webp webp
- AddType video/mp4 f4v f4p m4v mp4
- AddType video/ogg ogv
- AddType video/webm webm
- AddType video/x-flv flv
-
- # Serving `.ico` image files with a different media type
- # prevents Internet Explorer from displaying them as images:
- # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
-
- AddType image/x-icon cur ico
-
-
- # WebAssembly
-
- AddType application/wasm wasm
-
-
- # Web fonts
-
- AddType font/woff woff
- AddType font/woff2 woff2
- AddType application/vnd.ms-fontobject eot
- AddType font/ttf ttf
- AddType font/collection ttc
- AddType font/otf otf
-
-
- # Other
-
- AddType application/octet-stream safariextz
- AddType application/x-bb-appworld bbaw
- AddType application/x-chrome-extension crx
- AddType application/x-opera-extension oex
- AddType application/x-xpinstall xpi
- AddType text/calendar ics
- AddType text/markdown markdown md
- AddType text/vcard vcard vcf
- AddType text/vnd.rim.location.xloc xloc
- AddType text/vtt vtt
- AddType text/x-component htc
-
-
-
-# ----------------------------------------------------------------------
-# | Character encodings |
-# ----------------------------------------------------------------------
-
-# Serve all resources labeled as `text/html` or `text/plain`
-# with the media type `charset` parameter set to `UTF-8`.
-#
-# https://httpd.apache.org/docs/current/mod/core.html#adddefaultcharset
-
-AddDefaultCharset utf-8
-
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-# Serve the following file types with the media type `charset`
-# parameter set to `UTF-8`.
-#
-# https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset
-
-
- AddCharset utf-8 .appcache \
- .bbaw \
- .css \
- .htc \
- .ics \
- .js \
- .json \
- .manifest \
- .map \
- .markdown \
- .md \
- .mjs \
- .topojson \
- .vtt \
- .vcard \
- .vcf \
- .webmanifest \
- .xloc
-
-
-# ######################################################################
-# # REWRITES #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Rewrite engine |
-# ----------------------------------------------------------------------
-
-# (1) Turn on the rewrite engine (this is necessary in order for
-# the `RewriteRule` directives to work).
-#
-# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#RewriteEngine
-#
-# (2) Enable the `FollowSymLinks` option if it isn't already.
-#
-# https://httpd.apache.org/docs/current/mod/core.html#options
-#
-# (3) If your web host doesn't allow the `FollowSymlinks` option,
-# you need to comment it out or remove it, and then uncomment
-# the `Options +SymLinksIfOwnerMatch` line (4), but be aware
-# of the performance impact.
-#
-# https://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks
-#
-# (4) Some cloud hosting services will require you set `RewriteBase`.
-#
-# https://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site
-# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
-#
-# (5) Depending on how your server is set up, you may also need to
-# use the `RewriteOptions` directive to enable some options for
-# the rewrite engine.
-#
-# https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriteoptions
-#
-# (6) Set %{ENV:PROTO} variable, to allow rewrites to redirect with the
-# appropriate schema automatically (http or https).
-
-
-
- # (1)
- RewriteEngine On
-
- # (2)
- Options +FollowSymlinks
-
- # (3)
- # Options +SymLinksIfOwnerMatch
-
- # (4)
- # RewriteBase /
-
- # (5)
- # RewriteOptions
-
- # (6)
- RewriteCond %{HTTPS} =on
- RewriteRule ^ - [env=proto:https]
- RewriteCond %{HTTPS} !=on
- RewriteRule ^ - [env=proto:http]
-
-
-
-# ----------------------------------------------------------------------
-# | Forcing `https://` |
-# ----------------------------------------------------------------------
-
-# Redirect from the `http://` to the `https://` version of the URL.
-#
-# https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
-
-# (1) If you're using cPanel AutoSSL or the Let's Encrypt webroot
-# method it will fail to validate the certificate if validation
-# requests are redirected to HTTPS. Turn on the condition(s)
-# you need.
-#
-# https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
-# https://tools.ietf.org/html/draft-ietf-acme-acme-12
-
-#
-# RewriteEngine On
-# RewriteCond %{HTTPS} !=on
-# # (1)
-# # RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
-# # RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$
-# # RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
-# RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-#
-
-# ----------------------------------------------------------------------
-# | Suppressing the `www.` at the beginning of URLs |
-# ----------------------------------------------------------------------
-
-# Rewrite www.example.com → example.com
-
-# The same content should never be available under two different
-# URLs, especially not with and without `www.` at the beginning.
-# This can cause SEO problems (duplicate content), and therefore,
-# you should choose one of the alternatives and redirect the other
-# one.
-#
-# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME!
-
-# (1) The rule assumes by default that both HTTP and HTTPS
-# environments are available for redirection.
-# If your SSL certificate could not handle one of the domains
-# used during redirection, you should turn the condition on.
-#
-# https://github.com/h5bp/server-configs-apache/issues/52
-
-
- RewriteEngine On
- # (1)
- # RewriteCond %{HTTPS} !=on
- RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
- RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]
-
-
-# ----------------------------------------------------------------------
-# | Forcing the `www.` at the beginning of URLs |
-# ----------------------------------------------------------------------
-
-# Rewrite example.com → www.example.com
-
-# The same content should never be available under two different
-# URLs, especially not with and without `www.` at the beginning.
-# This can cause SEO problems (duplicate content), and therefore,
-# you should choose one of the alternatives and redirect the other
-# one.
-#
-# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME!
-
-# (1) The rule assumes by default that both HTTP and HTTPS
-# environments are available for redirection.
-# If your SSL certificate could not handle one of the domains
-# used during redirection, you should turn the condition on.
-#
-# https://github.com/h5bp/server-configs-apache/issues/52
-
-# Be aware that the following might not be a good idea if you use "real"
-# subdomains for certain parts of your website.
-
-#
-# RewriteEngine On
-# # (1)
-# # RewriteCond %{HTTPS} !=on
-# RewriteCond %{HTTP_HOST} !^www\. [NC]
-# RewriteCond %{SERVER_ADDR} !=127.0.0.1
-# RewriteCond %{SERVER_ADDR} !=::1
-# RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-#
-
-# ######################################################################
-# # SECURITY #
-# ######################################################################
-
-# ----------------------------------------------------------------------
-# | Clickjacking |
-# ----------------------------------------------------------------------
-
-# Protect website against clickjacking.
-#
-# The example below sends the `X-Frame-Options` response header with
-# the value `DENY`, informing browsers not to display the content of
-# the web page in any frame.
-#
-# This might not be the best setting for everyone. You should read
-# about the other two possible values the `X-Frame-Options` header
-# field can have: `SAMEORIGIN` and `ALLOW-FROM`.
-# https://tools.ietf.org/html/rfc7034#section-2.1.
-#
-# Keep in mind that while you could send the `X-Frame-Options` header
-# for all of your website’s pages, this has the potential downside that
-# it forbids even non-malicious framing of your content (e.g.: when
-# users visit your website using a Google Image Search results page).
-#
-# Nonetheless, you should ensure that you send the `X-Frame-Options`
-# header for all pages that allow a user to make a state changing
-# operation (e.g: pages that contain one-click purchase links, checkout
-# or bank-transfer confirmation pages, pages that make permanent
-# configuration changes, etc.).
-#
-# Sending the `X-Frame-Options` header can also protect your website
-# against more than just clickjacking attacks:
-# https://cure53.de/xfo-clickjacking.pdf.
-#
-# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
-# https://tools.ietf.org/html/rfc7034
-# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
-# https://www.owasp.org/index.php/Clickjacking
-
-#
-# Header set X-Frame-Options "DENY" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
-#
-
-# ----------------------------------------------------------------------
-# | Content Security Policy (CSP) |
-# ----------------------------------------------------------------------
-
-# Mitigate the risk of cross-site scripting and other content-injection
-# attacks.
-#
-# This can be done by setting a `Content Security Policy` which
-# whitelists trusted sources of content for your website.
-#
-# There is no policy that fits all websites, you will have to modify
-# the `Content-Security-Policy` directives in the example below depending
-# on your needs.
-#
-# The example policy below aims to:
-#
-# (1) Restrict all fetches by default to the origin of the current website
-# by setting the `default-src` directive to `'self'` - which acts as a
-# fallback to all "Fetch directives" (https://developer.mozilla.org/en-US/docs/Glossary/Fetch_directive).
-#
-# This is convenient as you do not have to specify all Fetch directives
-# that apply to your site, for example:
-# `connect-src 'self'; font-src 'self'; script-src 'self'; style-src 'self'`, etc.
-#
-# This restriction also means that you must explicitly define from
-# which site(s) your website is allowed to load resources from.
-#
-# (2) The `` element is not allowed on the website. This is to
-# prevent attackers from changing the locations of resources loaded
-# from relative URLs.
-#
-# If you want to use the `` element, then `base-uri 'self'`
-# can be used instead.
-#
-# (3) Form submissions are only allowed from the current website by
-# setting: `form-action 'self'`.
-#
-# (4) Prevents all websites (including your own) from embedding your
-# webpages within e.g. the `