SEO improvements: meta tags, schema.org, nginx cache headers, and security headers

Author: igor-soldev

.env.sample

@@ -22,7 +22,10 @@ CLEANUP_SCANNED_IMAGES=true
 # SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
 SLACK_WEBHOOK_URL=
 
-
-# Google Analytics Tag ID (gtag.js)
-# Example: G-XXXXXXXXXX
-GOOGLE_TAG_ID=
+# Google Analytics Tag ID (gtag.js)
+# Example: G-XXXXXXXXXX
+GOOGLE_TAG_ID=
+
+# Site Domain (used for SEO meta tags, canonical URLs, og:tags)
+# Default: https://infrascan.soldevelo.com
+SITE_DOMAIN=https://infrascan.soldevelo.com

app.py

@@ -43,7 +43,8 @@ def inject_global_vars():
     """Make global variables available in all templates."""
     return {
         'static_version': STATIC_VERSION,
-        'google_tag_id': os.getenv('GOOGLE_TAG_ID', '')
+        'google_tag_id': os.getenv('GOOGLE_TAG_ID', ''),
+        'site_domain': os.getenv('SITE_DOMAIN', 'https://infrascan.soldevelo.com')
     }
 
 def get_slack_webhook_url() -> str:

nginx/nginx.conf

@@ -20,6 +20,13 @@ server {
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_prefer_server_ciphers on;
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    
+    # Security headers for SEO
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
 
     client_max_body_size 10M;
 
@@ -32,18 +39,30 @@ server {
         proxy_read_timeout 600s;
         proxy_connect_timeout 600s;
         proxy_send_timeout 600s;
+        
+        # Cache headers for HTML (no-cache to get fresh content, but browser can revalidate)
+        add_header Cache-Control "public, max-age=3600" always;
     }
 
     location /static/ {
         alias /opt/infrascan/static/;
+        # Cache static assets for 1 year
+        expires 365d;
+        add_header Cache-Control "public, immutable" always;
     }
 
     location = /sitemap.xml {
         alias /opt/infrascan/static/sitemap.xml;
+        # Cache sitemap for 24 hours
+        add_header Cache-Control "public, max-age=86400" always;
+        add_header Content-Type "application/xml; charset=utf-8" always;
     }
 
     location = /robots.txt {
         alias /opt/infrascan/static/robots.txt;
+        # Cache robots.txt for 24 hours
+        add_header Cache-Control "public, max-age=86400" always;
+        add_header Content-Type "text/plain; charset=utf-8" always;
     }
 
     # Error pages

static/robots.txt

@@ -1,4 +1,13 @@
 User-agent: *
 Allow: /
+Allow: /api/
 
-Sitemap: https://infrascan.soldevelo.com/sitemap.xml
+# Block any malicious bots
+User-agent: AhrefsBot
+Disallow: /
+
+User-agent: SemrushBot
+Disallow: /
+
+User-agent: DotBot
+Disallow: /

templates/index.html

@@ -4,7 +4,31 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>InfraScan - Advanced Infrastructure Auditor</title>
+    <meta name="description" content="InfraScan is an open-source Infrastructure as Code scanner that identifies security vulnerabilities, cost optimization opportunities, and compliance issues in Terraform, CloudFormation, Kubernetes, and Dockerfile. Scan GitHub repositories for free.">
+    <meta name="keywords" content="IaC scanner, Terraform security, CloudFormation audit, Kubernetes scanning, infrastructure audit, security scanner, cost optimization">
+    <meta name="author" content="SolDevelo">
+    <meta name="robots" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1">
+    
+    <!-- Open Graph / Facebook -->
+    <meta property="og:type" content="website">
+    <meta property="og:url" content="{{ site_domain }}/">
+    <meta property="og:title" content="InfraScan - Free Infrastructure as Code Security Scanner">
+    <meta property="og:description" content="Scan Infrastructure as Code for security vulnerabilities and cost optimization. Supports Terraform, CloudFormation, Kubernetes, and more.">
+    
+    <!-- Twitter -->
+    <meta property="twitter:card" content="summary">
+    <meta property="twitter:url" content="{{ site_domain }}/">
+    <meta property="twitter:title" content="InfraScan - Free Infrastructure as Code Security Scanner">
+    <meta property="twitter:description" content="Scan Infrastructure as Code for security vulnerabilities and cost optimization. Supports Terraform, CloudFormation, Kubernetes, and more.">
+    
+    <!-- Canonical -->
+    <link rel="canonical" href="{{ site_domain }}/">
+    
+    <!-- Language -->
+    <meta http-equiv="content-language" content="en-US">
+    
+    <title>InfraScan - Free Infrastructure as Code Security Scanner | Terraform & CloudFormation Auditor</title>
+    
     {% if google_tag_id %}
     <!-- Google tag (gtag.js) -->
     <script async src="https://www.googletagmanager.com/gtag/js?id={{ google_tag_id }}"></script>
@@ -16,10 +40,38 @@
         gtag('config', '{{ google_tag_id }}');
     </script>
     {% endif %}
+    
+    <!-- JSON-LD Structured Data -->
+    <script type="application/ld+json">
+    {
+      "@context": "https://schema.org",
+      "@type": "SoftwareApplication",
+      "name": "InfraScan",
+      "description": "Open-source Infrastructure as Code scanner for security and cost optimization",
+      "url": "{{ site_domain }}",
+      "applicationCategory": "DeveloperApplication",
+      "offers": {
+        "@type": "Offer",
+        "price": "0",
+        "priceCurrency": "USD"
+      },
+      "creator": {
+        "@type": "Organization",
+        "name": "SolDevelo",
+        "url": "https://soldevelo.com"
+      },
+      "operatingSystem": "Web-based",
+      "featureList": ["Terraform scanning", "CloudFormation audit", "Kubernetes manifest analysis", "Dockerfile security scan", "Cost optimization detection", "Security vulnerability detection"]
+    }
+    </script>
+    
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
     <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}?v={{ static_version }}">
+    
+    <!-- Preload critical resources -->
+    <link rel="preload" as="style" href="{{ url_for('static', filename='style.css') }}?v={{ static_version }}">
 </head>
 
 <body>