SEO improvements: meta tags, schema.org, nginx cache headers, and security headers (#48)

* SEO improvements: meta tags, schema.org, nginx cache headers, and security headers

* feat: replace text header with logo image and update brand layout styling

* feat: implement centralized security headers and optimize SEO metadata and caching configuration

Author: igor-soldev

.env.sample

@@ -22,7 +22,10 @@ CLEANUP_SCANNED_IMAGES=true
 # SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
 SLACK_WEBHOOK_URL=
 
-
-# Google Analytics Tag ID (gtag.js)
-# Example: G-XXXXXXXXXX
-GOOGLE_TAG_ID=
+# Google Analytics Tag ID (gtag.js)
+# Example: G-XXXXXXXXXX
+GOOGLE_TAG_ID=
+
+# Site Domain (used for SEO meta tags, canonical URLs, og:tags)
+# Default: https://infrascan.soldevelo.com
+SITE_DOMAIN=https://infrascan.soldevelo.com

app.py

@@ -43,7 +43,8 @@ def inject_global_vars():
     """Make global variables available in all templates."""
     return {
         'static_version': STATIC_VERSION,
-        'google_tag_id': os.getenv('GOOGLE_TAG_ID', '')
+        'google_tag_id': os.getenv('GOOGLE_TAG_ID', ''),
+        'site_domain': os.getenv('SITE_DOMAIN', 'https://infrascan.soldevelo.com')
     }
 
 def get_slack_webhook_url() -> str:

docker-compose.yml

@@ -33,6 +33,7 @@ services:
       - "443:443"
     volumes:
       - ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
+      - ./nginx/security_headers.inc:/etc/nginx/security_headers.inc:ro
       - ./static:/opt/infrascan/static:ro
       - ./certbot/conf:/etc/letsencrypt:ro
       - ./certbot/www:/var/www/certbot:ro

nginx/nginx.conf

@@ -20,6 +20,9 @@ server {
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    
+    # Security headers for SEO
+    include /etc/nginx/security_headers.inc;
 
     client_max_body_size 10M;
 
@@ -32,18 +35,34 @@ server {
         proxy_read_timeout 600s;
         proxy_connect_timeout 600s;
         proxy_send_timeout 600s;
+        
+        # Cache headers for HTML (no-cache to get fresh content, but browser can revalidate)
+        add_header Cache-Control "no-cache" always;
+        include /etc/nginx/security_headers.inc;
     }
 
     location /static/ {
         alias /opt/infrascan/static/;
+        # Cache static assets for 1 year
+        expires 365d;
+        add_header Cache-Control "public, max-age=31536000, immutable" always;
+        include /etc/nginx/security_headers.inc;
     }
 
     location = /sitemap.xml {
         alias /opt/infrascan/static/sitemap.xml;
+        # Cache sitemap for 24 hours
+        add_header Cache-Control "public, max-age=86400" always;
+        add_header Content-Type "application/xml; charset=utf-8" always;
+        include /etc/nginx/security_headers.inc;
     }
 
     location = /robots.txt {
         alias /opt/infrascan/static/robots.txt;
+        # Cache robots.txt for 24 hours
+        add_header Cache-Control "public, max-age=86400" always;
+        add_header Content-Type "text/plain; charset=utf-8" always;
+        include /etc/nginx/security_headers.inc;
     }
 
     # Error pages

nginx/security_headers.inc

@@ -0,0 +1,6 @@
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://img.shields.io https://www.googletagmanager.com https://www.google-analytics.com; connect-src 'self' https://www.google-analytics.com; frame-ancestors 'self'; object-src 'none';" always;
+add_header Referrer-Policy "strict-origin-when-cross-origin" always;

static/images/logo_transparent.png

@@ -1,4 +1,6 @@
 User-agent: *
 Allow: /
+Allow: /api/
 
 Sitemap: https://infrascan.soldevelo.com/sitemap.xml
+

static/robots.txt

@@ -53,18 +53,34 @@ header {
 
 .logo {
     display: flex;
+    flex-direction: column;
     align-items: center;
-    /* Back to center for better overall feel */
     justify-content: center;
     gap: 0.75rem;
-    margin-bottom: 1.25rem;
+    margin-bottom: 2rem;
+}
+
+.main-brand-row {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    gap: 0;
+}
+
+.main-logo {
+    width: auto;
+    height: 110px; /* Slightly refined size for better symmetry */
+    max-width: 100%;
+    display: block;
+    transition: transform 0.3s cubic-bezier(0.4, 0, 0.2, 1), filter 0.3s ease;
+    filter: drop-shadow(0 8px 16px rgba(0, 0, 0, 0.4));
 }
 
 .github-stars-badge {
     display: flex;
     align-items: center;
     transition: transform 0.2s ease;
-    margin-left: 0.5rem;
+    opacity: 0.9;
 }
 
 .github-stars-badge:hover {
@@ -87,10 +103,10 @@ header {
 }
 
 .brand-divider {
-    height: 18px;
+    height: 40px; /* Taller divider for the larger logo */
     width: 1px;
     background: var(--border);
-    margin: 0 0.75rem 0 0;
+    margin: 0 1.5rem; /* Symmetric horizontal spacing */
 }
 
 .logo-link {
@@ -99,20 +115,21 @@ header {
     display: inline-block;
 }
 
-h1 {
-    font-size: 1.75rem;
-    font-weight: 800;
-    line-height: 1.1;
-    background: linear-gradient(to right, #818cf8, #c084fc);
-    -webkit-background-clip: text;
-    background-clip: text;
-    -webkit-text-fill-color: transparent;
-    letter-spacing: -0.025em;
-    transition: all 0.3s ease;
+.logo-link:hover .main-logo {
+    transform: scale(1.02) translateY(-4px);
+    filter: drop-shadow(0 12px 24px rgba(99, 102, 241, 0.5)) brightness(1.1);
 }
 
-.logo-link:hover h1 {
-    filter: brightness(1.2);
+.sr-only {
+    position: absolute;
+    width: 1px;
+    height: 1px;
+    padding: 0;
+    margin: -1px;
+    overflow: hidden;
+    clip: rect(0, 0, 0, 0);
+    white-space: nowrap;
+    border-width: 0;
 }
 
 .subtitle {

static/style.css

@@ -4,7 +4,37 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>InfraScan - Advanced Infrastructure Auditor</title>
+    <meta name="description"
+        content="InfraScan is an open-source Infrastructure as Code scanner that identifies security vulnerabilities, cost optimization opportunities, and compliance issues in Terraform, CloudFormation, Kubernetes, and Dockerfile. Scan GitHub repositories for free.">
+    <meta name="keywords"
+        content="IaC scanner, Terraform security, CloudFormation audit, Kubernetes scanning, infrastructure audit, security scanner, cost optimization">
+    <meta name="author" content="SolDevelo">
+    <meta name="robots" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1">
+
+    <!-- Open Graph / Facebook -->
+    <meta property="og:type" content="website">
+    <meta property="og:url" content="{{ site_domain }}/">
+    <meta property="og:title" content="InfraScan - Free Infrastructure as Code Security Scanner">
+    <meta property="og:description"
+        content="Scan Infrastructure as Code for security vulnerabilities and cost optimization. Supports Terraform, CloudFormation, Kubernetes, and more.">
+    <meta property="og:image" content="{{ site_domain }}{{ url_for('static', filename='images/logo_transparent.png') }}">
+
+    <!-- Twitter -->
+    <meta property="twitter:card" content="summary">
+    <meta property="twitter:url" content="{{ site_domain }}/">
+    <meta property="twitter:title" content="InfraScan - Free Infrastructure as Code Security Scanner">
+    <meta property="twitter:description"
+        content="Scan Infrastructure as Code for security vulnerabilities and cost optimization. Supports Terraform, CloudFormation, Kubernetes, and more.">
+    <meta property="twitter:image" content="{{ site_domain }}{{ url_for('static', filename='images/logo_transparent.png') }}">
+
+    <!-- Canonical -->
+    <link rel="canonical" href="{{ site_domain }}/">
+
+    <!-- Language -->
+    <meta http-equiv="content-language" content="en-US">
+
+    <title>InfraScan - Free Infrastructure as Code Security Scanner | Terraform & CloudFormation Auditor</title>
+
     {% if google_tag_id %}
     <!-- Google tag (gtag.js) -->
     <script async src="https://www.googletagmanager.com/gtag/js?id={{ google_tag_id }}"></script>
@@ -16,30 +46,61 @@
         gtag('config', '{{ google_tag_id }}');
     </script>
     {% endif %}
+
+    <!-- JSON-LD Structured Data -->
+    <script type="application/ld+json">
+    {
+      "@context": "https://schema.org",
+      "@type": "SoftwareApplication",
+      "name": "InfraScan",
+      "description": "Open-source Infrastructure as Code scanner for security and cost optimization",
+      "url": "{{ site_domain }}",
+      "applicationCategory": "DeveloperApplication",
+      "offers": {
+        "@type": "Offer",
+        "price": "0",
+        "priceCurrency": "USD"
+      },
+      "creator": {
+        "@type": "Organization",
+        "name": "SolDevelo",
+        "url": "https://soldevelo.com"
+      },
+      "operatingSystem": "Web-based",
+      "featureList": ["Terraform scanning", "CloudFormation audit", "Kubernetes manifest analysis", "Dockerfile security scan", "Cost optimization detection", "Security vulnerability detection"]
+    }
+    </script>
+
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
+    <!-- Preload critical resources -->
+    <link rel="preload" as="style" href="{{ url_for('static', filename='style.css') }}?v={{ static_version }}">
     <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}?v={{ static_version }}">
 </head>
 
 <body>
     <div class="container">
         <header>
             <div class="logo">
-                <a href="{{ url_for('index') }}" class="logo-link">
-                    <h1>InfraScan</h1>
-                </a>
+                <div class="main-brand-row">
+                    <a href="{{ url_for('index') }}" class="logo-link">
+                        <img src="{{ url_for('static', filename='images/logo_transparent.png') }}" alt="InfraScan"
+                            class="main-logo" loading="eager" decoding="async">
+                        <h1 class="sr-only">InfraScan</h1>
+                    </a>
+                    <div class="soldevelo-brand">
+                        <span class="brand-divider"></span>
+                        <a href="https://soldevelo.com?utm_source=infrascan&utm_medium=referral&utm_campaign=app_transition&utm_content=header-logo"
+                            target="_blank">
+                            <img src="{{ url_for('static', filename='images/soldevelo.png') }}" alt="SolDevelo"
+                                class="header-logo">
+                        </a>
+                    </div>
+                </div>
                 <a href="https://github.com/SolDevelo/InfraScan" target="_blank" class="github-stars-badge">
                     <img src="https://img.shields.io/github/stars/SolDevelo/InfraScan?style=social" alt="GitHub stars">
                 </a>
-                <div class="soldevelo-brand">
-                    <span class="brand-divider"></span>
-                    <a href="https://soldevelo.com?utm_source=infrascan&utm_medium=referral&utm_campaign=app_transition&utm_content=header-logo"
-                        target="_blank">
-                        <img src="{{ url_for('static', filename='images/soldevelo.png') }}" alt="SolDevelo"
-                            class="header-logo">
-                    </a>
-                </div>
             </div>
             <p class="subtitle">Open Source Infrastructure Auditor by <strong>SolDevelo</strong></p>