html5-boilerplate 0.2.6 → 0.3.0

data/README.md

@@ -31,29 +31,26 @@ Rails Installation
     app/stylesheets/partials/_base.scss
     app/stylesheets/partials/_example.scss
     app/stylesheets/partials/_page.scss
+    app/stylesheets/partials/_fonts.scss
+    app/stylesheets/partials/_media.scss
     
     public/404.html
     public/.htaccess
     public/crossdomain.xml
     public/robots.txt
+    public/humans.txt
     public/apple-touch-icon.png
     public/favicon.ico
 
     public/javascripts/dd_belatedpng.js
-    public/javascripts/jquery-1.4.4.min.js
-    public/javascripts/modernizr-1.6.min.js
+    public/javascripts/jquery.min.js
+    public/javascripts/modernizr.min.js
     public/javascripts/plugins.js
     public/javascripts/rails.js
-    public/javascripts/profiling/charts.swf
-    public/javascripts/profiling/config.js
-    public/javascripts/profiling/yahoo-profiling.css
-    public/javascripts/profiling/yahoo-profiling.min.js
     
     config/compass.rb
     config/initializers/compass.rb
     config/google.yml
-    config/nginx.conf
-    config/mime.types
 
 The Scss files above will automatically get compiled to your Sass compilation directory:
 
@@ -65,7 +62,7 @@ manually add the following line to the top:
 
     require 'html5-boilerplate'
 
-### A few more minor points to store into your brainpan...
+### A few more minor points...
 
 If you still have an application.html.erb in your layouts, you will need to loose
 it now so that Rails will use your shiny new application.html.haml layout instead.
@@ -95,6 +92,7 @@ If you omit them, be sure to edit your javascript and style tags accordingly in
     404.html
     crossdomain.xml
     robots.txt
+    humans.txt
     apple-touch-icon.png
     favicon.ico
     
@@ -103,21 +101,16 @@ If you omit them, be sure to edit your javascript and style tags accordingly in
     src/partials/_base.scss
     src/partials/_example.scss
     src/partials/_page.scss
+    src/partials/_fonts.scss
+    src/partials/_media.scss
     
     js/dd_belatedpng.js
-    js/jquery-1.4.4.min.js
-    js/modernizr-1.6.min.js
+    js/jquery.min.js
+    js/modernizr.min.js
     js/plugins.js
-    js/profiling/charts.swf
-    js/profiling/config.js
-    js/profiling/yahoo-profiling.css
-    js/profiling/yahoo-profiling.min.js
     
     .htaccess
     config.rb
-    nginx.conf
-    mime.types
-    web.config
 
 Run `compass watch my_project` and the SCSS files above will automatically
 get compiled to your Sass compilation directory whenever a change is made:

data/VERSION

@@ -1 +1 @@
-0.2.6
+0.3.0

data/stylesheets/html5-boilerplate/_fonts.scss

@@ -3,13 +3,7 @@ $base-font-size: 13px !default;
 $base-line-height: 1.231 !default;
 
 //
-// fonts.css from the YUI Library: developer.yahoo.com/yui/
-//
-// There are three custom edits:
-// * remove arial, helvetica from explicit font stack
-// * we normalize monospace styles ourselves
-// * table font-size is reset in the HTML5 reset above so there is no need to repeat
-//
+// Font normalization inspired by  from the YUI Library's fonts.css: developer.yahoo.com/yui
 // Whatever parts of this port of YUI to Sass that are copyrightable, are Copyright (c) 2008, Christopher Eppstein. All Rights Reserved.
 //
 

data/stylesheets/html5-boilerplate/_helpers.scss

@@ -41,12 +41,10 @@
   visibility: hidden;
 }
 
-// Hide only visually, but have it available for screenreaders
+// Hide only visually, but have it available for screenreaders: by Jon Neal
 // www.webaim.org/techniques/css/invisiblecontent/  &  j.mp/visuallyhidden
 @mixin visually-hidden {
-  position: absolute !important;
-  clip: rect(1px 1px 1px 1px);  // IE6, IE7
-  clip: rect(1px, 1px, 1px, 1px);
+  border: 0; clip: rect(0 0 0 0); height: 1px; margin: -1px; overflow: hidden; padding: 0; position: absolute; width: 1px;
 }
 
 // Hide visually and from screenreaders, but maintain layout

data/stylesheets/html5-boilerplate/_media.scss

@@ -21,13 +21,14 @@
 // inlined to avoid required HTTP connection www.phpied.com/delay-loading-your-print-css/
 
 @mixin media-print {
-  * { background: transparent !important; color: black !important; text-shadow: none !important; } /* Black prints faster: sanbeiji.com/archives/953 */
+  * { background: transparent !important; color: black !important; text-shadow: none !important; filter:none !important;
+  -ms-filter: none !important; } // black prints faster: sanbeiji.com/archives/953
   a, a:visited { color: #444 !important; text-decoration: underline; }
   a[href]:after { content: " (" attr(href) ")"; }
   abbr[title]:after { content: " (" attr(title) ")"; }
-  .ir a:after { content: ""; }  /* Don't show links for images */
+  .ir a:after, a[href^="javascript:"]:after, a[href^="#"]:after { content: ""; }  // don't show links for images, or javascript/internal links
   pre, blockquote { border: 1px solid #999; page-break-inside: avoid; }
-  thead { display: table-header-group; } /* css-discuss.incutio.com/wiki/Printing_Tables */ 
+  thead { display: table-header-group; } // css-discuss.incutio.com/wiki/Printing_Tables
   tr, img { page-break-inside: avoid; }
   @page { margin: 0.5cm; }
   p, h2, h3 { orphans: 3; widows: 3; }
@@ -36,8 +37,8 @@
 
 
 //
-// Media queries for responsive design
-// These follow after primary styles so they will successfully override.
+// media queries for responsive design
+// these follow after primary styles so they will successfully override.
 //
 
 @mixin media-orientation-portrait {
@@ -48,8 +49,8 @@
   // Style adjustments for landscape mode goes here
 }
 
-// Grade-A Mobile Browsers (Opera Mobile, iPhone Safari, Android Chrome)  
-// Consider this: www.cloudfour.com/css-media-query-for-mobile-is-fools-gold/
+// Grade-A Mobile Browsers (Opera Mobile, Mobile Safari, Android Chrome)
+// consider this: www.cloudfour.com/css-media-query-for-mobile-is-fools-gold
 @mixin media-mobile($optimize: true) {
   // j.mp/textsizeadjust
   @if not $optimize {

data/stylesheets/html5-boilerplate/_reset.scss

@@ -15,39 +15,31 @@
 @mixin html5-boilerplate-reset {
   html, body, div, span, object, iframe,
   h1, h2, h3, h4, h5, h6, p, blockquote, pre,
-  abbr, address, cite, code,
-  del, dfn, em, img, ins, kbd, q, samp,
-  small, strong, sub, sup, var,
-  b, i,
-  dl, dt, dd, ol, ul, li,
+  abbr, address, cite, code, del, dfn, em, img, ins, kbd, q, samp,
+  small, strong, sub, sup, var, b, i, dl, dt, dd, ol, ul, li,
   fieldset, form, label, legend,
   table, caption, tbody, tfoot, thead, tr, th, td,
-  article, aside, canvas, details, figcaption, figure, 
+  article, aside, canvas, details, figcaption, figure,
   footer, header, hgroup, menu, nav, section, summary,
   time, mark, audio, video {
     margin:0;
     padding:0;
     border:0;
-    outline:0;
     font-size:100%;
+    font: inherit;
     vertical-align:baseline;
-    background:transparent;
-  }                  
+  }
 
   article, aside, details, figcaption, figure,
   footer, header, hgroup, menu, nav, section { 
-      display:block;
+    display: block;
   }
 
-  nav ul { list-style:none; }
-
-  blockquote, q { quotes:none; }
+  blockquote, q { quotes: none; }
 
   blockquote:before, blockquote:after,
   q:before, q:after { content:''; content:none; }
 
-  a { margin:0; padding:0; border:0; font-size:100%; vertical-align:baseline; background:transparent; }
-
   ins { background-color: #ff9; color: #000; text-decoration:none; }
 
   mark { background-color: #ff9; color: #000; font-style:italic; font-weight:bold; }
@@ -56,8 +48,6 @@
 
   abbr[title], dfn[title] { border-bottom:1px dotted; cursor:help; }
 
-  //
-  // tables still need cellspacing="0" in the markup
   table { border-collapse:collapse; border-spacing:0; }
 
   hr { display: block; height:1px; border:0; border-top:1px solid #ccc; margin:1em 0; padding:0; }

data/stylesheets/html5-boilerplate/_styles.scss

@@ -28,7 +28,7 @@ $list-left-margin: 1.8em !default;
 
   sup { @include sup; }
 
-  textarea { overflow: auto; }  // thnx ivannikolic! www.sitepoint.com/blogs/2010/08/20/ie-remove-textarea-scrollbars
+  textarea { overflow: auto; }  // www.sitepoint.com/blogs/2010/08/20/ie-remove-textarea-scrollbars
 
   @include accessible-focus;
 
@@ -49,27 +49,24 @@ $list-left-margin: 1.8em !default;
   @include no-nav-margins;
 }
 
+// set sub, sup without affecting line-height: gist.github.com/413930
 @mixin sub{ 
-  vertical-align: sub; font-size: smaller;
+  font-size: 75%; line-height: 0; position: relative; bottom: -0.25em;
 }
-
 @mixin sup{ 
-  vertical-align: super; font-size: smaller;
+  font-size: 75%; line-height: 0; position: relative; top: -0.5em;
 }
 
-// Accessible focus treatment: people.opera.com/patrickl/experiments/keyboard/test
+// accessible focus treatment: people.opera.com/patrickl/experiments/keyboard/test
 @mixin accessible-focus {
   a:hover, a:active { outline: none; }
 }
 
-// www.pathf.com/blogs/2008/05/formatting-quoted-code-in-blog-posts-css21-white-space-pre-wrap/
+// www.pathf.com/blogs/2008/05/formatting-quoted-code-in-blog-posts-css21-white-space-pre-wrap
 @mixin quoted-pre {
   pre {
+    white-space: pre; white-space: pre-wrap; white-space: pre-line; word-wrap: break-word;
     padding: 15px;
-    white-space: pre;       // CSS2
-    white-space: pre-wrap;  // CSS 2.1
-    white-space: pre-line;  // CSS 3 (and 2.1 as well, actually)
-    word-wrap: break-word;  // IE
   }
 }
 
@@ -123,6 +120,6 @@ $list-left-margin: 1.8em !default;
 }
 
 @mixin no-nav-margins {
-  // Remove margins for navigation lists
-  nav ul, nav li { margin: 0; }
+  // remove margins for navigation lists
+  nav ul, nav li { margin: 0; list-style:none; list-style-image: none; }
 }

data/templates/project/_head.html.haml

@@ -1,19 +1,14 @@
 %head
   %meta{ :charset => "utf-8" }/
   
-  -# 
+  -#
     Always force latest IE rendering engine (even in intranet) & Chrome Frame
     Remove this if you use the .htaccess
   %meta{ :content => "IE=edge,chrome=1", "http-equiv" => "X-UA-Compatible" }/
   
-  -# encoding must be specified within the first 512 bytes www.whatwg.org/specs/web-apps/current-work/multipage/semantics.html#charset
-  
-  -# meta element for compatibility mode needs to be before all elements except title & meta msdn.microsoft.com/en-us/library/cc288325(VS.85).aspx
-  -# Chrome Frame is only invoked if meta element for compatibility mode is within the first 1K bytes code.google.com/p/chromium/issues/detail?id=23003
-  
   %title
     == #{ controller.controller_name.titleize } - #{ controller.action_name.titleize }
-  
+    
   %meta{ :content => "", :name => "description" }/
   %meta{ :content => "", :name => "author" }/
   
@@ -27,6 +22,6 @@
   = render :partial => 'layouts/stylesheets'
   
   -# All JavaScript at the bottom, except for Modernizr which enables HTML5 elements & feature detects
-  = javascript_include_tag 'modernizr-1.6.min'
+  = javascript_include_tag 'modernizr.min'
   
   = csrf_meta_tag

data/templates/project/_javascripts.html.haml

@@ -9,30 +9,27 @@
 
 -# fall back to local jQuery if necessary
 :javascript
-  !window.jQuery && document.write(unescape('%3Cscript src="/javascripts/jquery-1.4.4.min.js"%3E%3C/script%3E'))
+  !window.jQuery && document.write(unescape('%3Cscript src="/javascripts/jquery.min.js"%3E%3C/script%3E'))
   
 = javascript_include_tag 'rails', 'plugins', 'application'
 
+-# Fix any <img> or .png_bg bg-images. Also, please read goo.gl/mZiyb
 /[if lt IE 7 ]
   :javascript
-    $.getScript("/javascripts/dd_belatedpng.js",function(){ DD_belatedPNG.fix('img, .png_bg'); });
+    //DD_belatedPNG.fix('img, .png_bg');
     
 -#  Append your own using content_for :javascripts
 = yield :javascripts
 
--# yui profiler and profileviewer
-- if Rails.env == 'development'
-  = javascript_include_tag 'profiling/yahoo-profiling.min', 'profiling/config'
-
 -# asynchronous google analytics: mathiasbynens.be/notes/async-analytics-snippet
 -# Looks for google_account_id first in ENV['GOOGLE_ACCOUNT_ID'] then in config/google.yml
 - if !google_account_id.blank?
   :javascript
     var _gaq = [['_setAccount', '#{google_account_id}'], ['_trackPageview']];
     (function(d, t) {
-     var g = d.createElement(t),
-         s = d.getElementsByTagName(t)[0];
-     g.async = true;
-     g.src = ('https:' == location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
-     s.parentNode.insertBefore(g, s);
+      var g = d.createElement(t),
+          s = d.getElementsByTagName(t)[0];
+      g.async = true;
+      g.src = ('https:' == location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
+      s.parentNode.insertBefore(g, s);
     })(document, 'script');

data/templates/project/application.html.haml

@@ -1,12 +1,12 @@
 !!! 5
 -# http://paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither
--ie_html :lang => 'en', :class => 'no-js' do
+-ie_html :class => 'no-js' do
   = render :partial => 'layouts/head'
-  %body{ :class => "#{controller.controller_name}" }
+  %body{ :lang => 'en', :class => "#{controller.controller_name}" }
     #container
       %header#header
         = render :partial => 'layouts/header'
-      #main
+      #main{ :role => 'main' }
         = render :partial => 'layouts/flashes'
         = yield
       %footer#footer

data/templates/project/files/htaccess

@@ -7,11 +7,24 @@
 # Techniques in here adapted from all over, including:
 #   Kroc Camen: camendesign.com/.htaccess
 #   perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
+#   Sample .htaccess file of CMS MODx: modxcms.com
 
 
+###
+### If you run a webserver other than apache, consider:
+### github.com/paulirish/html5-boilerplate-server-configs
+###
+
+
+
+# ----------------------------------------------------------------------
+# Better website experience for IE users
+# ----------------------------------------------------------------------
+
 # Force the latest IE version, in various cases when it may fall back to IE7 mode
 #  github.com/rails/rails/commit/123eb25#commitcomment-118920
 # Use ChromeFrame if it's installed for a better experience for the poor IE folk
+
 <IfModule mod_setenvif.c>
   <IfModule mod_headers.c>
     BrowserMatch MSIE ie
@@ -26,15 +39,24 @@
 # Cache control is set only if mod_headers is enabled, so that's unncessary to declare
 </IfModule>
 
+
+# ----------------------------------------------------------------------
+# Cross-domain AJAX requests
+# ----------------------------------------------------------------------
+
 # Serve cross-domain ajax requests, disabled.   
 # enable-cors.org
 # code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
+
 #  <IfModule mod_headers.c>
 #    Header set Access-Control-Allow-Origin "*"
 #  </IfModule>
 
 
 
+# ----------------------------------------------------------------------
+# Webfont access
+# ----------------------------------------------------------------------
 
 # allow access from all domains for webfonts
 # alternatively you could only whitelist
@@ -47,6 +69,11 @@
 </FilesMatch>
 
 
+
+# ----------------------------------------------------------------------
+# Proper MIME type for all files
+# ----------------------------------------------------------------------
+
 # audio
 AddType audio/ogg                      oga ogg
 
@@ -64,10 +91,11 @@ AddEncoding gzip                       svgz
 AddType application/vnd.ms-fontobject  eot
 AddType font/truetype                  ttf
 AddType font/opentype                  otf
-AddType font/woff                      woff
+AddType font/opentype                  woff
+        # ^ hack to avoid chrome console warning: crbug.com/70283
 
 # assorted types                                      
-AddType image/vnd.microsoft.icon       ico
+AddType image/x-icon                   ico
 AddType image/webp                     webp
 AddType text/cache-manifest            manifest
 AddType text/x-component               htc
@@ -77,10 +105,12 @@ AddType application/octet-stream       safariextz
 
 
 
-# allow concatenation from within specific js and css files 
+# ----------------------------------------------------------------------
+# Allow concatenation from within specific js and css files 
+# ----------------------------------------------------------------------
 
 # e.g. Inside of script.combined.js you could have
-#   <!--#include file="jquery-1.4.4.js" -->
+#   <!--#include file="jquery.js" -->
 #   <!--#include file="jquery.idletimer.js" -->
 # and they would be included into this single file
 
@@ -96,11 +126,20 @@ AddType application/octet-stream       safariextz
 
 
 
+# ----------------------------------------------------------------------
+# gzip compression
+# ----------------------------------------------------------------------
 
-
-# gzip compression.
 <IfModule mod_deflate.c>
 
+
+# force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/
+<IfModule mod_setenvif.c>
+  <IfModule mod_headers.c>
+    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s,?\s(gzip|deflate)?|X{4,13}|~{4,13}|-{4,13})$ HAVE_Accept-Encoding
+    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
+  </IfModule>
+</IfModule>
 # html, txt, css, js, json, xml, htc:
 <IfModule filter_module>
   FilterDeclare   COMPRESS
@@ -125,6 +164,10 @@ AddType application/octet-stream       safariextz
 
 
 
+# ----------------------------------------------------------------------
+# Expires headers (for better cache control)
+# ----------------------------------------------------------------------
+
 # these are pretty far-future expires headers
 # they assume you control versioning with cachebusting query params like
 #   <script src="application.js?20100608">
@@ -151,12 +194,11 @@ AddType application/octet-stream       safariextz
   ExpiresByType application/xml           "access plus 0 seconds"
   ExpiresByType application/json          "access plus 0 seconds"
 
-
 # rss feed
   ExpiresByType application/rss+xml       "access plus 1 hour"
 
 # favicon (cannot be renamed)
-  ExpiresByType image/vnd.microsoft.icon  "access plus 1 week" 
+  ExpiresByType image/x-icon              "access plus 1 week" 
 
 # media: images, video, audio
   ExpiresByType image/gif                 "access plus 1 month"
@@ -176,15 +218,19 @@ AddType application/octet-stream       safariextz
   ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
     
 # css and javascript
-  ExpiresByType text/css                  "access plus 1 month"
-  ExpiresByType application/javascript    "access plus 1 month"
-  ExpiresByType text/javascript           "access plus 1 month"
-
-  Header append Cache-Control "public"
+  ExpiresByType text/css                  "access plus 2 months"
+  ExpiresByType application/javascript    "access plus 2 months"
+  ExpiresByType text/javascript           "access plus 2 months"
+  <IfModule mod_headers.c>
+    Header append Cache-Control "public"
+  </IfModule>
 </IfModule>
 
 
 
+# ----------------------------------------------------------------------
+# ETag removal
+# ----------------------------------------------------------------------
 
 # Since we're sending far-future expires, we don't need ETags for
 # static content.
@@ -193,6 +239,24 @@ FileETag None
 
 
 
+# ----------------------------------------------------------------------
+# Stop screen flicker in IE on CSS rollovers
+# ----------------------------------------------------------------------
+
+# The following directives stop screen flicker in IE on CSS rollovers - in
+# combination with the "ExpiresByType" rules for images (see above). If
+# needed, un-comment the following rules.
+
+# BrowserMatch "MSIE" brokenvary=1
+# BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
+# BrowserMatch "Opera" !brokenvary
+# SetEnvIf brokenvary 1 force-no-vary
+
+
+
+# ----------------------------------------------------------------------
+# Cookie setting from iframes
+# ----------------------------------------------------------------------
 
 # Allow cookies to be set from iframes (for IE only)
 # If needed, uncomment and specify a path or regex in the Location directive
@@ -204,37 +268,148 @@ FileETag None
 # </IfModule>
 
 
-# you probably want www.example.com to forward to example.com -- shorter URLs are sexier.
-#   no-www.org/faq.php?q=class_b
+
+# ----------------------------------------------------------------------
+# Start rewrite engine
+# ----------------------------------------------------------------------
+
+# Turning on the rewrite engine is necessary for the following rules and features.
+
 <IfModule mod_rewrite.c>
   RewriteEngine On
+</IfModule>
+
+
+
+# ----------------------------------------------------------------------
+# Suppress or force the "www." at the beginning of URLs
+# ----------------------------------------------------------------------
+
+# The same content should never be available under two different URLs - especially not with and
+# without "www." at the beginning, since this can cause SEO problems (duplicate content).
+# That's why you should choose one of the alternatives and redirect the other one.
+
+# By default option 1 (no "www.") is activated. Remember: Shorter URLs are sexier.
+# no-www.org/faq.php?q=class_b
+
+# If you rather want to use option 2, just comment out all option 1 lines
+# and uncomment option 2.
+# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME!
+
+# ----------------------------------------------------------------------
+
+# Option 1:
+# Rewrite "www.domain.com -> domain.com" 
+
+<IfModule mod_rewrite.c>
   RewriteCond %{HTTPS} !=on
   RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
   RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
 </IfModule>
 
+# ----------------------------------------------------------------------
+
+# Option 2:
+# To rewrite "domain.com -> www.domain.com" uncomment the following lines.
+# Be aware that the following rule might not be a good idea if you
+# use "real" subdomains for certain parts of your website.
+
+# <IfModule mod_rewrite.c>
+#   RewriteCond %{HTTPS} !=on
+#   RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
+#   RewriteCond %{HTTP_HOST} (.+)$ [NC]
+#   RewriteRule ^(.*)$ http://www.%1/$1 [R=301,L]
+# </IfModule>
+
+
+
+# ----------------------------------------------------------------------
+# Prevent SSL cert warnings
+# ----------------------------------------------------------------------
+
+# Rewrite secure requests properly to prevent SSL cert warnings, e.g. prevent 
+# https://www.domain.com when your cert only allows https://secure.domain.com
+# Uncomment the following lines to use this feature.
+
+# <IfModule mod_rewrite.c>
+#   RewriteCond %{SERVER_PORT} !^443
+#   RewriteRule (.*) https://example-domain-please-change.com.com/$1 [R=301,L]
+# </IfModule>
+
+
+
+# ----------------------------------------------------------------------
+# Prevent 404 errors for non-existing redirected folders
+# ----------------------------------------------------------------------
+
 # without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist 
 #   e.g. /blog/hello : webmasterworld.com/apache/3808792.htm
+
 Options -MultiViews 
-# -Indexes will have Apache block users from browsing folders without a default document
-# Options -Indexes
 
 
 
+# ----------------------------------------------------------------------
 # custom 404 page
+# ----------------------------------------------------------------------
+
 ErrorDocument 404 /404.html
 
 
 
+# ----------------------------------------------------------------------
+# UTF-8 encoding
+# ----------------------------------------------------------------------
+
 # use utf-8 encoding for anything served text/plain or text/html
 AddDefaultCharset utf-8
+
 # force utf-8 for a number of file formats
 AddCharset utf-8 .html .css .js .xml .json .rss
 
 
 
-# We don't need to tell everyone we're apache.
-ServerSignature Off
+# ----------------------------------------------------------------------
+# A little more security
+# ----------------------------------------------------------------------
+
+
+# Do we want to advertise the exact version number of Apache we're running?
+# Probably not.
+## This can only be enabled if used in httpd.conf - It will not work in .htaccess
+# ServerTokens Prod
+
+
+# "-Indexes" will have Apache block users from browsing folders without a default document
+# Usually you should leave this activated, because you shouldn't allow everybody to surf through
+# every folder on your server (which includes rather private places like CMS system folders).
+# Options -Indexes
+
+
+# Block access to "hidden" directories whose names begin with a period. This
+# includes directories used by version control systems such as Subversion or Git.
+<IfModule mod_rewrite.c>
+  RewriteRule "(^|/)\." - [F]
+</IfModule>
+
+
+# If your server is not already configured as such, the following directive
+# should be uncommented in order to set PHP's register_globals option to OFF.
+# This closes a major security hole that is abused by most XSS (cross-site
+# scripting) attacks. For more information: http://php.net/register_globals
+#
+# IF REGISTER_GLOBALS DIRECTIVE CAUSES 500 INTERNAL SERVER ERRORS :
+#
+# Your server does not allow PHP directives to be set via .htaccess. In that
+# case you must make this change in your php.ini file instead. If you are
+# using a commercial web host, contact the administrators for assistance in
+# doing this. Not all servers allow local php.ini files, and they should
+# include all PHP configurations (not just this one), or you will effectively
+# reset everything to PHP defaults. Consult www.php.net for more detailed
+# information about setting PHP directives.
+
+# php_flag register_globals Off
+