fix: detect security headers in audit + add aria-label to icon links

1. Extract HSTS, CSP, X-Frame-Options, X-Content-Type-Options from HTTP response headers during portal SEO audit (were always None because SEOAuditor doesn't check security headers natively) 2. Add aria-label to all social media and website icon links on landing page tiles (300 of 317 links had no text content, only SVG icons) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 16:06:08 +01:00 · 2026-02-21 16:06:08 +01:00 · 0dbf9120c0
commit 0dbf9120c0
parent c8fb079c3a
2 changed files with 16 additions and 7 deletions
--- a/blueprints/admin/routes_portal_seo.py
+++ b/blueprints/admin/routes_portal_seo.py
@ -234,6 +234,15 @@ def admin_portal_seo_run_stream():
                result['load_time_ms'] = load_ms
                result['final_url'] = final_url

+                # Extract security headers from HTTP response
+                hdrs = resp.headers
+                result['security_headers'] = {
+                    'has_hsts': 'strict-transport-security' in hdrs,
+                    'has_csp': 'content-security-policy' in hdrs,
+                    'has_x_frame_options': 'x-frame-options' in hdrs,
+                    'has_x_content_type': 'x-content-type-options' in hdrs,
+                }
+
                if resp.status_code == 200:
                    if resp.encoding and resp.encoding.lower() == 'iso-8859-1':
                        resp.encoding = resp.apparent_encoding
--- a/templates/landing.html
+++ b/templates/landing.html
@ -558,7 +558,7 @@
            <div class="public-tile-name">{{ company.name }}</div>
            <div class="public-tile-links">
                {% if company.website %}
-                <a href="{{ company.website }}" target="_blank" rel="noopener noreferrer" title="{{ company.website|replace('https://', '')|replace('http://', '')|replace('www.', '') }}">
+                <a href="{{ company.website }}" target="_blank" rel="noopener noreferrer" aria-label="Strona WWW {{ company.name }}" title="{{ company.website|replace('https://', '')|replace('http://', '')|replace('www.', '') }}">
                    <svg width="20" height="20" fill="none" stroke="currentColor" stroke-width="1.5" viewBox="0 0 24 24">
                        <circle cx="12" cy="12" r="10"/>
                        <path d="M2 12h20M12 2a15.3 15.3 0 0 1 4 10 15.3 15.3 0 0 1-4 10 15.3 15.3 0 0 1-4-10 15.3 15.3 0 0 1 4-10z"/>
@ -568,27 +568,27 @@
                {% set socials = company_social.get(company.id, []) %}
                {% for sm in socials %}
                    {% if sm.platform == 'facebook' %}
-                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-facebook" title="Facebook">
+                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-facebook" aria-label="Facebook {{ company.name }}" title="Facebook">
                        <svg width="20" height="20" fill="currentColor" viewBox="0 0 24 24"><path d="M24 12.073c0-6.627-5.373-12-12-12s-12 5.373-12 12c0 5.99 4.388 10.954 10.125 11.854v-8.385H7.078v-3.47h3.047V9.43c0-3.007 1.792-4.669 4.533-4.669 1.312 0 2.686.235 2.686.235v2.953H15.83c-1.491 0-1.956.925-1.956 1.874v2.25h3.328l-.532 3.47h-2.796v8.385C19.612 23.027 24 18.062 24 12.073z"/></svg>
                    </a>
                    {% elif sm.platform == 'linkedin' %}
-                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-linkedin" title="LinkedIn">
+                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-linkedin" aria-label="LinkedIn {{ company.name }}" title="LinkedIn">
                        <svg width="20" height="20" fill="currentColor" viewBox="0 0 24 24"><path d="M20.447 20.452h-3.554v-5.569c0-1.328-.027-3.037-1.852-3.037-1.853 0-2.136 1.445-2.136 2.939v5.667H9.351V9h3.414v1.561h.046c.477-.9 1.637-1.85 3.37-1.85 3.601 0 4.267 2.37 4.267 5.455v6.286zM5.337 7.433a2.062 2.062 0 01-2.063-2.065 2.064 2.064 0 112.063 2.065zm1.782 13.019H3.555V9h3.564v11.452zM22.225 0H1.771C.792 0 0 .774 0 1.729v20.542C0 23.227.792 24 1.771 24h20.451C23.2 24 24 23.227 24 22.271V1.729C24 .774 23.2 0 22.222 0h.003z"/></svg>
                    </a>
                    {% elif sm.platform == 'instagram' %}
-                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-instagram" title="Instagram">
+                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-instagram" aria-label="Instagram {{ company.name }}" title="Instagram">
                        <svg width="20" height="20" fill="currentColor" viewBox="0 0 24 24"><path d="M12 2.163c3.204 0 3.584.012 4.85.07 3.252.148 4.771 1.691 4.919 4.919.058 1.265.069 1.645.069 4.849 0 3.205-.012 3.584-.069 4.849-.149 3.225-1.664 4.771-4.919 4.919-1.266.058-1.644.07-4.85.07-3.204 0-3.584-.012-4.849-.07-3.26-.149-4.771-1.699-4.919-4.92-.058-1.265-.07-1.644-.07-4.849 0-3.204.013-3.583.07-4.849.149-3.227 1.664-4.771 4.919-4.919 1.266-.057 1.645-.069 4.849-.069zM12 0C8.741 0 8.333.014 7.053.072 2.695.272.273 2.69.073 7.052.014 8.333 0 8.741 0 12c0 3.259.014 3.668.072 4.948.2 4.358 2.618 6.78 6.98 6.98C8.333 23.986 8.741 24 12 24c3.259 0 3.668-.014 4.948-.072 4.354-.2 6.782-2.618 6.979-6.98.059-1.28.073-1.689.073-4.948 0-3.259-.014-3.667-.072-4.947-.196-4.354-2.617-6.78-6.979-6.98C15.668.014 15.259 0 12 0zm0 5.838a6.162 6.162 0 100 12.324 6.162 6.162 0 000-12.324zM12 16a4 4 0 110-8 4 4 0 010 8zm6.406-11.845a1.44 1.44 0 100 2.881 1.44 1.44 0 000-2.881z"/></svg>
                    </a>
                    {% elif sm.platform == 'youtube' %}
-                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-youtube" title="YouTube">
+                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-youtube" aria-label="YouTube {{ company.name }}" title="YouTube">
                        <svg width="20" height="20" fill="currentColor" viewBox="0 0 24 24"><path d="M23.498 6.186a3.016 3.016 0 00-2.122-2.136C19.505 3.545 12 3.545 12 3.545s-7.505 0-9.377.505A3.017 3.017 0 00.502 6.186C0 8.07 0 12 0 12s0 3.93.502 5.814a3.016 3.016 0 002.122 2.136c1.871.505 9.376.505 9.376.505s7.505 0 9.377-.505a3.015 3.015 0 002.122-2.136C24 15.93 24 12 24 12s0-3.93-.502-5.814zM9.545 15.568V8.432L15.818 12l-6.273 3.568z"/></svg>
                    </a>
                    {% elif sm.platform == 'twitter' %}
-                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-twitter" title="X (Twitter)">
+                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-twitter" aria-label="X Twitter {{ company.name }}" title="X (Twitter)">
                        <svg width="20" height="20" fill="currentColor" viewBox="0 0 24 24"><path d="M18.244 2.25h3.308l-7.227 8.26 8.502 11.24H16.17l-5.214-6.817L4.99 21.75H1.68l7.73-8.835L1.254 2.25H8.08l4.713 6.231zm-1.161 17.52h1.833L7.084 4.126H5.117z"/></svg>
                    </a>
                    {% elif sm.platform == 'tiktok' %}
-                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-tiktok" title="TikTok">
+                    <a href="{{ sm.url }}" target="_blank" rel="noopener noreferrer" class="sm-tiktok" aria-label="TikTok {{ company.name }}" title="TikTok">
                        <svg width="20" height="20" fill="currentColor" viewBox="0 0 24 24"><path d="M12.525.02c1.31-.02 2.61-.01 3.91-.02.08 1.53.63 3.09 1.75 4.17 1.12 1.11 2.7 1.62 4.24 1.79v4.03c-1.44-.05-2.89-.35-4.2-.97-.57-.26-1.1-.59-1.62-.93-.01 2.92.01 5.84-.02 8.75-.08 1.4-.54 2.79-1.35 3.94-1.31 1.92-3.58 3.17-5.91 3.21-1.43.08-2.86-.31-4.08-1.03-2.02-1.19-3.44-3.37-3.65-5.71-.02-.5-.03-1-.01-1.49.18-1.9 1.12-3.72 2.58-4.96 1.66-1.44 3.98-2.13 6.15-1.72.02 1.48-.04 2.96-.04 4.44-.99-.32-2.15-.23-3.02.37-.63.41-1.11 1.04-1.36 1.75-.21.51-.15 1.07-.14 1.61.24 1.64 1.82 3.02 3.5 2.87 1.12-.01 2.19-.66 2.77-1.61.19-.33.4-.67.41-1.06.1-1.79.06-3.57.07-5.36.01-4.03-.01-8.05.02-12.07z"/></svg>
                    </a>
                    {% endif %}