Fix quote page gap: wrap noscript fallback, reduce hero/form padding

2026-02-04 03:17:55 +00:00
parent b0234123a3
commit 3a0d8034c7
5 changed files with 521 additions and 762 deletions
--- a/.htaccess
+++ b/.htaccess
@@ -1,146 +1,150 @@
-# Security Rules for UK Data Services
-
-# Protect sensitive files and configs
-<FilesMatch "^\.(.*)$|\.log$|\.sql$|\.conf$|config\.php$|\.email-config\.php$|\.htaccess|\.htpasswd|\.ini|\.sh|\.inc|\.bak$">
-    Require all denied
-</FilesMatch>
-
-# Protect contact handlers from direct browser access (POST only)
-<Files "contact-handler.php">
-    <LimitExcept POST>
-        Require all denied
-    </LimitExcept>
-</Files>
-
-<Files "quote-handler.php">
-    <LimitExcept POST>
-        Require all denied
-    </LimitExcept>
-</Files>
-
-# Security headers
-<IfModule mod_headers.c>
-    Header always set X-Content-Type-Options "nosniff"
-    Header always set X-Frame-Options "SAMEORIGIN"
-    Header always set X-XSS-Protection "1; mode=block"
-    Header always set Referrer-Policy "strict-origin-when-cross-origin"
-</IfModule>
-
-# Enhanced Gzip compression
-<IfModule mod_deflate.c>
-    # Enable compression for all text-based files
-    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
-    AddOutputFilterByType DEFLATE application/javascript application/x-javascript
-    AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml
-    AddOutputFilterByType DEFLATE application/json application/ld+json
-    AddOutputFilterByType DEFLATE image/svg+xml
-    AddOutputFilterByType DEFLATE font/ttf font/otf font/eot font/woff font/woff2
-    
-    # Remove browser bugs for older browsers
-    BrowserMatch ^Mozilla/4 gzip-only-text/html
-    BrowserMatch ^Mozilla/4\.0[678] no-gzip
-    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
-    Header append Vary User-Agent
-</IfModule>
-
-# Enable Brotli compression if available
-<IfModule mod_brotli.c>
-    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript
-    AddOutputFilterByType BROTLI_COMPRESS application/javascript application/x-javascript
-    AddOutputFilterByType BROTLI_COMPRESS application/xml application/xhtml+xml application/rss+xml
-    AddOutputFilterByType BROTLI_COMPRESS application/json application/ld+json
-    AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
-    AddOutputFilterByType BROTLI_COMPRESS font/ttf font/otf font/woff font/woff2
-</IfModule>
-
-# Browser Caching Headers
-<IfModule mod_expires.c>
-    ExpiresActive On
-    
-    # Images - 1 year
-    ExpiresByType image/jpeg "access plus 1 year"
-    ExpiresByType image/jpg "access plus 1 year"
-    ExpiresByType image/gif "access plus 1 year"
-    ExpiresByType image/png "access plus 1 year"
-    ExpiresByType image/webp "access plus 1 year"
-    ExpiresByType image/svg+xml "access plus 1 year"
-    ExpiresByType image/x-icon "access plus 1 year"
-    ExpiresByType image/ico "access plus 1 year"
-    
-    # Fonts - 1 year
-    ExpiresByType font/ttf "access plus 1 year"
-    ExpiresByType font/otf "access plus 1 year"
-    ExpiresByType font/woff "access plus 1 year"
-    ExpiresByType font/woff2 "access plus 1 year"
-    ExpiresByType application/font-woff "access plus 1 year"
-    ExpiresByType application/font-woff2 "access plus 1 year"
-    
-    # CSS and JavaScript - 1 month
-    ExpiresByType text/css "access plus 1 month"
-    ExpiresByType application/javascript "access plus 1 month"
-    ExpiresByType text/javascript "access plus 1 month"
-    ExpiresByType application/x-javascript "access plus 1 month"
-    
-    # HTML and PHP - 1 hour
-    ExpiresByType text/html "access plus 1 hour"
-    ExpiresByType application/xhtml+xml "access plus 1 hour"
-    
-    # Data - no cache
-    ExpiresByType application/json "access plus 0 seconds"
-    ExpiresByType application/xml "access plus 0 seconds"
-    ExpiresByType text/xml "access plus 0 seconds"
-    
-    # Default - 1 week
-    ExpiresDefault "access plus 1 week"
-</IfModule>
-
-# Cache-Control Headers
-<IfModule mod_headers.c>
-    # Static assets - 1 year
-    <FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico|woff|woff2|ttf|otf|eot)$">
-        Header set Cache-Control "max-age=31536000, public, immutable"
-    </FilesMatch>
-    
-    # CSS and JS - 1 month
-    <FilesMatch "\.(css|js)$">
-        Header set Cache-Control "max-age=2592000, public"
-    </FilesMatch>
-    
-    # HTML/PHP - 1 hour
-    <FilesMatch "\.(html|php)$">
-        Header set Cache-Control "max-age=3600, public, must-revalidate"
-    </FilesMatch>
-    
-    # Keep-alive
-    Header set Connection keep-alive
-</IfModule>
-
-# HTTP/2 Server Push
-<IfModule mod_http2.c>
-    # Push critical resources
-    <FilesMatch "index\.php">
-        Header add Link "</assets/css/main.min.css>; rel=preload; as=style"
-        Header add Link "</assets/images/ukds-main-logo.webp>; rel=preload; as=image"
-        Header add Link "</assets/js/main.min.js>; rel=preload; as=script"
-    </FilesMatch>
-</IfModule>
-
-# ETags
-FileETag None
-Header unset ETag
-
-# Disable directory browsing
-Options -Indexes
-
-# Prevent access to logs and database directories
-<IfModule mod_rewrite.c>
-    RewriteEngine On
-
+# Security Rules for UK Data Services
+
+# Protect sensitive files and configs
+<FilesMatch "^\.(.*)$|\.log$|\.sql$|\.conf$|config\.php$|\.email-config\.php$|\.htaccess|\.htpasswd|\.ini|\.sh|\.inc|\.bak$">
+    Require all denied
+</FilesMatch>
+
+# Protect contact handlers from direct browser access (POST only)
+<Files "contact-handler.php">
+    <LimitExcept POST>
+        Require all denied
+    </LimitExcept>
+</Files>
+
+<Files "quote-handler.php">
+    <LimitExcept POST>
+        Require all denied
+    </LimitExcept>
+</Files>
+
+# Security headers
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    
+    # CRITICAL: No caching for form pages (contain session-specific CSRF tokens)
+    <FilesMatch "(quote|contact)\.php$">
+        Header set Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
+        Header set Pragma "no-cache"
+        Header set Expires "Sat, 01 Jan 2000 00:00:00 GMT"
+    </FilesMatch>
+</IfModule>
+
+# Enhanced Gzip compression
+<IfModule mod_deflate.c>
+    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
+    AddOutputFilterByType DEFLATE application/javascript application/x-javascript
+    AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml
+    AddOutputFilterByType DEFLATE application/json application/ld+json
+    AddOutputFilterByType DEFLATE image/svg+xml
+    AddOutputFilterByType DEFLATE font/ttf font/otf font/eot font/woff font/woff2
+    
+    BrowserMatch ^Mozilla/4 gzip-only-text/html
+    BrowserMatch ^Mozilla/4\.0[678] no-gzip
+    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+    Header append Vary User-Agent
+</IfModule>
+
+# Enable Brotli compression if available
+<IfModule mod_brotli.c>
+    AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css text/javascript
+    AddOutputFilterByType BROTLI_COMPRESS application/javascript application/x-javascript
+    AddOutputFilterByType BROTLI_COMPRESS application/xml application/xhtml+xml application/rss+xml
+    AddOutputFilterByType BROTLI_COMPRESS application/json application/ld+json
+    AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
+    AddOutputFilterByType BROTLI_COMPRESS font/ttf font/otf font/woff font/woff2
+</IfModule>
+
+# Browser Caching Headers
+<IfModule mod_expires.c>
+    ExpiresActive On
+    
+    # Images - 1 year
+    ExpiresByType image/jpeg "access plus 1 year"
+    ExpiresByType image/jpg "access plus 1 year"
+    ExpiresByType image/gif "access plus 1 year"
+    ExpiresByType image/png "access plus 1 year"
+    ExpiresByType image/webp "access plus 1 year"
+    ExpiresByType image/svg+xml "access plus 1 year"
+    ExpiresByType image/x-icon "access plus 1 year"
+    ExpiresByType image/ico "access plus 1 year"
+    
+    # Fonts - 1 year
+    ExpiresByType font/ttf "access plus 1 year"
+    ExpiresByType font/otf "access plus 1 year"
+    ExpiresByType font/woff "access plus 1 year"
+    ExpiresByType font/woff2 "access plus 1 year"
+    ExpiresByType application/font-woff "access plus 1 year"
+    ExpiresByType application/font-woff2 "access plus 1 year"
+    
+    # CSS and JavaScript - 1 month
+    ExpiresByType text/css "access plus 1 month"
+    ExpiresByType application/javascript "access plus 1 month"
+    ExpiresByType text/javascript "access plus 1 month"
+    ExpiresByType application/x-javascript "access plus 1 month"
+    
+    # HTML and PHP - 1 hour
+    ExpiresByType text/html "access plus 1 hour"
+    ExpiresByType application/xhtml+xml "access plus 1 hour"
+    
+    # Data - no cache
+    ExpiresByType application/json "access plus 0 seconds"
+    ExpiresByType application/xml "access plus 0 seconds"
+    ExpiresByType text/xml "access plus 0 seconds"
+    
+    # Default - 1 week
+    ExpiresDefault "access plus 1 week"
+</IfModule>
+
+# Cache-Control Headers
+<IfModule mod_headers.c>
+    # Static assets - 1 year
+    <FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|ico|woff|woff2|ttf|otf|eot)$">
+        Header set Cache-Control "max-age=31536000, public, immutable"
+    </FilesMatch>
+    
+    # CSS and JS - 1 month
+    <FilesMatch "\.(css|js)$">
+        Header set Cache-Control "max-age=2592000, public"
+    </FilesMatch>
+    
+    # Regular HTML/PHP - 1 hour (but form pages are excluded above)
+    <FilesMatch "\.(html)$">
+        Header set Cache-Control "max-age=3600, public, must-revalidate"
+    </FilesMatch>
+    
+    # Keep-alive
+    Header set Connection keep-alive
+</IfModule>
+
+# HTTP/2 Server Push
+<IfModule mod_http2.c>
+    <FilesMatch "index\.php">
+        Header add Link "</assets/css/main.min.css>; rel=preload; as=style"
+        Header add Link "</assets/images/ukds-main-logo.webp>; rel=preload; as=image"
+        Header add Link "</assets/js/main.min.js>; rel=preload; as=script"
+    </FilesMatch>
+</IfModule>
+
+# ETags
+FileETag None
+Header unset ETag
+
+# Disable directory browsing
+Options -Indexes
+
+# Prevent access to logs and database directories
+<IfModule mod_rewrite.c>
+    RewriteEngine On
+
    # Skip already processed .php files
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule ^services/.*\.php$ - [L]

-    # Explicitly allow existing service pages (skip redirects)
+    # Explicitly allow existing service pages
    RewriteRule ^services/competitive-intelligence/?$ /services/competitive-intelligence.php [L]
    RewriteRule ^services/data-cleaning/?$ /services/data-cleaning.php [L]
    RewriteRule ^services/financial-data-services/?$ /services/financial-data-services.php [L]
@@ -153,19 +157,19 @@ Options -Indexes

    # Redirect unknown service pages to project-types
    RewriteRule ^services/(.+)$ /project-types [R=301,L]
-
-    # Clean URL rewriting - remove .php extension
-    RewriteCond %{REQUEST_FILENAME} !-d
-    RewriteCond %{REQUEST_FILENAME} !-f
-    RewriteCond %{REQUEST_FILENAME}.php -f
-    RewriteRule ^(.+?)/?$ $1.php [L]
-    
-    # Security rules
-    RewriteRule ^logs(/.*)?$ - [F,L]
-    RewriteRule ^database(/.*)?$ - [F,L]
-    RewriteRule ^\.git(/.*)?$ - [F,L]
-    RewriteRule ^docker(/.*)?$ - [F,L]
-</IfModule>
-
-# Disable server signature
-ServerSignature Off
+
+    # Clean URL rewriting - remove .php extension
+    RewriteCond %{REQUEST_FILENAME} !-d
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteCond %{REQUEST_FILENAME}.php -f
+    RewriteRule ^(.+?)/?$ $1.php [L]
+    
+    # Security rules
+    RewriteRule ^logs(/.*)?$ - [F,L]
+    RewriteRule ^database(/.*)?$ - [F,L]
+    RewriteRule ^\.git(/.*)?$ - [F,L]
+    RewriteRule ^docker(/.*)?$ - [F,L]
+</IfModule>
+
+# Disable server signature
+ServerSignature Off