Make minor improvements

README.md

@@ -3,10 +3,11 @@
 [![Build Status](https://travis-ci.org/h5bp/server-configs-apache.svg)](https://travis-ci.org/h5bp/server-configs-apache)
 [![devDependency Status](https://david-dm.org/h5bp/server-configs-apache/dev-status.svg)](https://david-dm.org/h5bp/server-configs-apache#info=devDependencies)
 
-__Apache Server Configs__ is a collection of boilerplate configurations that
-can help your server improve the web site's performance and security, while
-also ensuring that resources are served with the correct content-type and are
-accessible, if needed, even cross-domain.
+__Apache Server Configs__ is a collection of boilerplate
+configurations that can help your server improve the web site's
+performance and security, while also ensuring that resources are
+served with the correct content-type and are accessible, if needed,
+even cross-domain.
 
 
 ## Getting Started
@@ -27,18 +28,19 @@ file](https://httpd.apache.org/docs/current/configuring.html#main)
 [`.htaccess`](https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess)
 file in, for example, a
 [`<Directory>`](https://httpd.apache.org/docs/current/mod/core.html#directory)
-section in the main configuration file. This is usually the recommended way, as
-using `.htaccess` files [slows
-down](https://httpd.apache.org/docs/current/howto/htaccess.html#when) Apache!
+section in the main configuration file. This is usually the recommended
+way, as using `.htaccess` files [slows
+down](https://httpd.apache.org/docs/current/howto/htaccess.html#when)
+Apache!
 
-If you don't have access, which is quite common with hosting services, just copy
-the [`.htaccess`](https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess)
+If you don't have access, which is quite common with hosting services,
+just copy the [`.htaccess`](https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess)
 file in the root of the website.
 
-Also note that some configurations won't have any effect if the appropriate
-modules aren't enabled. So, in order for everything to work as intended, you
-need to ensure the you have the following Apache modules
-[enabled](https://github.com/h5bp/server-configs-apache/wiki/How-to-enable-Apache-modules):
+Also note that some configurations won't have any effect if the
+appropriate modules aren't enabled. So, in order for everything
+to work as intended, you need to ensure the you have the following
+Apache modules [enabled](https://github.com/h5bp/server-configs-apache/wiki/How-to-enable-Apache-modules):
   * [`mod_autoindex.c` (autoindex_module)](https://httpd.apache.org/docs/current/mod/mod_autoindex.html)
   * [`mod_deflate.c` (deflate_module)](https://httpd.apache.org/docs/current/mod/mod_deflate.html)
   * [`mod_expires.c` (expires_module)](https://httpd.apache.org/docs/current/mod/mod_expires.html)
@@ -49,8 +51,8 @@ need to ensure the you have the following Apache modules
   * [`mod_rewrite.c` (rewrite_module)](https://httpd.apache.org/docs/current/mod/mod_rewrite.html)
   * [`mod_setenvif.c` (setenvif_module)](https://httpd.apache.org/docs/current/mod/mod_setenvif.html)
 
-For more detailed information on configuration files and how to use them, please
-check the appropriate Apache documentation:
+For more detailed information on configuration files and how to
+use them, please check the appropriate Apache documentation:
 
 * https://httpd.apache.org/docs/current/configuring.html
 * https://httpd.apache.org/docs/current/howto/htaccess.html
@@ -71,8 +73,8 @@ check the appropriate Apache documentation:
 
 ## Contributing
 
-Anyone and everyone is welcome to contribute, but before you do, please take a
-moment to review the [guidelines](CONTRIBUTING.md).
+Anyone and everyone is welcome to contribute, but before you do,
+please take a moment to review the [guidelines](CONTRIBUTING.md).
 
 * [Bug reports](CONTRIBUTING.md#bugs)
 * [Feature requests](CONTRIBUTING.md#features)
@@ -88,5 +90,4 @@ only possible thanks to all the awesome
 
 ## License
 
-[Apache Server Configs](https://github.com/h5bp/server-configs-apache/) is
-available under the [MIT](LICENSE.md) license.
+The code is available under the [MIT license](LICENSE.md).

src/internet_explorer/iframes_cookies.conf

@@ -4,7 +4,7 @@
 
 # Allow cookies to be set from iframes in Internet Explorer.
 #
-# http://msdn.microsoft.com/en-us/library/ms537343.aspx
+# https://msdn.microsoft.com/en-us/library/ms537343.aspx
 # http://www.w3.org/TR/2000/CR-P3P-20001215/
 
 <IfModule mod_headers.c>

src/internet_explorer/x-ua-compatible.conf

@@ -12,15 +12,19 @@
 # designed for older versions of Internet Explorer, you might want to
 # consider enabling `Enterprise Mode` throughout your company.
 #
-# http://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
+# https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
 # http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
 
 <IfModule mod_headers.c>
+
     Header set X-UA-Compatible "IE=edge"
+
     # `mod_headers` cannot match based on the content-type, however,
     # the `X-UA-Compatible` response header should be send only for
     # HTML documents and not for the other resources.
+
     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
         Header unset X-UA-Compatible
     </FilesMatch>
+
 </IfModule>

src/rewrites/rewrite_engine.conf

@@ -20,7 +20,7 @@
 #
 # (4) Some cloud hosting services will require you set `RewriteBase`.
 #
-#     http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site
+#     https://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-modrewrite-not-working-on-my-site
 #     https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
 #
 # (5) Depending on how your server is set up, you may also need to

src/security/content-security-policy.conf

@@ -8,22 +8,27 @@
 # This can be done by setting a `Content Security Policy` which
 # whitelists trusted sources of content for your website.
 #
-# The example header below allows ONLY scripts that are loaded from the
-# current website's origin (no inline scripts, no CDN, etc). That almost
-# certainly won't work as-is for your website!
+# The example header below allows ONLY scripts that are loaded from
+# the current website's origin (no inline scripts, no CDN, etc).
+# That almost certainly won't work as-is for your website!
 #
-# For more details on how to craft a reasonable policy for your website,
-# read: http://www.html5rocks.com/en/tutorials/security/content-security-policy/
-# (or the specification: http://www.w3.org/TR/CSP11/). Also, to make
-# things easier, you can use an online CSP header generator such as:
-# http://cspisawesome.com/.
+# To make things easier, you can use an online CSP header generator
+# such as: http://cspisawesome.com/.
+#
+# http://content-security-policy.com/
+# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
+# http://www.w3.org/TR/CSP11/).
 
 <IfModule mod_headers.c>
+
     Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
+
     # `mod_headers` cannot match based on the content-type, however,
     # the `Content-Security-Policy` response header should be send
     # only for HTML documents and not for the other resources.
+
     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
         Header unset Content-Security-Policy
     </FilesMatch>
+
 </IfModule>

src/security/x-content-type-option.conf

@@ -11,7 +11,7 @@
 #
 # http://www.slideshare.net/hasegawayosuke/owasp-hasegawa
 # http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
-# http://msdn.microsoft.com/en-us/library/ie/gg622941.aspx
+# https://msdn.microsoft.com/en-us/library/ie/gg622941.aspx
 # https://mimesniff.spec.whatwg.org/
 
 <IfModule mod_headers.c>

src/security/x-frame-option.conf

@@ -33,11 +33,15 @@
 # https://www.owasp.org/index.php/Clickjacking
 
 <IfModule mod_headers.c>
+
     Header set X-Frame-Options "DENY"
+
     # `mod_headers` cannot match based on the content-type, however,
     # the `X-Frame-Options` response header should be send only for
     # HTML documents and not for the other resources.
+
     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
         Header unset X-Frame-Options
     </FilesMatch>
+
 </IfModule>

src/security/x-xss-protection.conf

@@ -24,7 +24,7 @@
 #     thereby, it's better to inform browsers to prevent the rendering
 #     of the page altogether, instead of attempting to modify it.
 #
-#     http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
+#     https://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities
 #
 # (!) Do not rely on the XSS filter to prevent XSS attacks! Ensure that
 #     you are taking all possible measures to prevent XSS attacks, the
@@ -35,12 +35,16 @@
 # https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
 
 <IfModule mod_headers.c>
+
     #                           (1)    (2)
     Header set X-XSS-Protection "1; mode=block"
+
     # `mod_headers` cannot match based on the content-type, however,
     # the `X-XSS-Protection` response header should be send only for
     # HTML documents and not for the other resources.
+
     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|woff2?|xloc|xml|xpi)$">
         Header unset X-XSS-Protection
     </FilesMatch>
+
 </IfModule>