Skip to content

AEO audit fixes: JSON-LD, OG/Twitter, security headers, expanded pages#130

Merged
ralyodio merged 4 commits into
masterfrom
worktree-aeo-fixes
Jul 1, 2026
Merged

AEO audit fixes: JSON-LD, OG/Twitter, security headers, expanded pages#130
ralyodio merged 4 commits into
masterfrom
worktree-aeo-fixes

Conversation

@ralyodio

@ralyodio ralyodio commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Applies the union of findings from the 13-engine AEO audit (P1→P3), grouped into 4 commits.

Structured data / metadata

  • Organization + WebSite JSON-LD site-wide; SoftwareApplication JSON-LD on homepage; enriched BlogPosting schema.
  • metadataBase, OpenGraph + Twitter Card (/banner.png), keywords, title template.
  • Per-page canonical + OG URL (home, about, security, premium, contact, faq, privacy, terms, warrant-canary). Homepage split into server wrapper + client component so it can carry metadata.

Security headers (next.config.js)

  • HSTS, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, CSP frame-ancestors 'self', Referrer-Policy, Permissions-Policy.
  • No restrictive script/style CSP (would break inline styles, Next bootstrap, crawlproof + Supabase); camera/mic left unrestricted for encrypted calls.

Content

  • Expanded thin /about, /security, /premium (free-vs-Premium pricing table).
  • New /faq page with FAQPage JSON-LD.
  • Homepage "How it works" list + audience statement.

Crawl hygiene

  • Descriptive alt text on hero + blog images; sitemap lastModified + added /faq and /encryption-test.
  • Unified contact emails to @qrypt.chat; FAQ in footer; llms.txt updated + new llms-full.txt.

Deliberately skipped

  • Copyright "2026" (already dynamic getFullYear()), security.txt (already present), DNS SPF/DMARC/DKIM/CAA (registrar-level, not code), broken .onion/Bluesky links (Tor unreachable from crawlers / data value to verify).

Notes

  • Build compiles + type-checks clean. Pre-existing build error in /api/auth/key-backup (needs real supabaseUrl at build; supplied by Railway) is unrelated to these changes.

🤖 Generated with Claude Code

ralyodio and others added 4 commits July 1, 2026 09:10
Add Organization + WebSite JSON-LD to the root layout and
SoftwareApplication JSON-LD to the homepage. Add metadataBase,
OpenGraph, Twitter Card, keywords and title template. Split the
homepage into a server wrapper (page.jsx, exports metadata) and a
client component (home-content.jsx) so it can carry a canonical URL,
and add a "How it works" list + audience statement.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Set HSTS, X-Content-Type-Options, X-Frame-Options, CSP frame-ancestors,
Referrer-Policy and Permissions-Policy on all responses via next.config
headers(). Intentionally no restrictive script/style CSP (would break
inline styles, Next bootstrap, crawlproof + Supabase) and camera/mic are
left unrestricted since the app has encrypted calls.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Expand /about (mission, differentiators, team), /security (algorithms,
zero-knowledge architecture, why post-quantum, responsible disclosure)
and /premium (free-vs-Premium pricing table). Add a /faq page with
FAQPage JSON-LD. Unify contact emails to @qrypt.chat, add per-page
title/canonical metadata to legal pages, and link FAQ from the footer.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Enrich BlogPosting JSON-LD (publisher, description, dateModified) and
give blog images descriptive alt text. Add lastModified to all static
sitemap routes and include /faq and /encryption-test. Link FAQ +
pricing from llms.txt and add llms-full.txt for RAG ingestion.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

vu1nz Security Review

0 finding(s) in PR #?

No security issues found.

@ralyodio ralyodio merged commit 9445722 into master Jul 1, 2026
8 checks passed
@ralyodio ralyodio deleted the worktree-aeo-fixes branch July 1, 2026 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant