Merge pull request #2141 from h5bp/coliff-patch-1

Add docs update PRs to CHANGELOG

.editorconfig

@@ -1,13 +1,13 @@
 # For more information about the properties used in
 # this file, please see the EditorConfig documentation:
-# http://editorconfig.org/
+# https://editorconfig.org/
 
 root = true
 
 [*]
 charset = utf-8
 end_of_line = lf
-indent_size = 4
+indent_size = 2
 indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true

.eslintrc.js

@@ -0,0 +1,26 @@
+module.exports = {
+    "env": {
+        "browser": true,
+        "es6": true,
+        "mocha": true
+    },
+    "plugins": ["mocha"],
+    "extends": "eslint:recommended",
+    "parserOptions": {
+        "sourceType": "module"
+    },
+    "rules": {
+        "indent": [
+            "error",
+            2
+        ],
+        "quotes": [
+            "error",
+            "single"
+        ],
+        "semi": [
+            "error",
+            "always"
+        ]
+    }
+};

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at h5bp@htmlcssjavascript.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [https://contributor-covenant.org/version/1/4][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

.github/CONTRIBUTING.md

@@ -130,7 +130,7 @@ included in the project:
    ```
 
 4. Commit your changes in logical chunks. Please adhere to these [git commit
-   message guidelines](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
+   message guidelines](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
    or your code is unlikely be merged into the main project. Use Git's
    [interactive rebase](https://help.github.com/articles/about-git-rebase/)
    feature to tidy up your commits before making them public.

.github/PULL_REQUEST_TEMPLATE.md

@@ -14,5 +14,6 @@
 - [ ] I have added tests to cover my changes.
 - [ ] All new and existing tests passed.
 
+Pull requests should be thought of as a conversation. There will be some back and forth when trying to get code merged into this or any other project. With all but the simplest changes you can and should expect that the maintainers of the project will request changes to your code. Please be aware of that and check in after you open your PR in order to get your code merged in cleanly. 
 
-
+Thanks!

.gitignore

@@ -1,2 +1,3 @@
 archive
 node_modules
+package-lock.json

.jshintrc

@@ -1,32 +0,0 @@
-{
-
-    // Enforcing options
-    // http://jshint.com/docs/options/#enforcing-options
-
-    "bitwise": true,
-    "eqeqeq": true,
-    "forin": true,
-    "latedef": true,
-    "noarg": true,
-    "nonbsp": true,
-    "nonew": true,
-    "undef": true,
-    "unused": true,
-
-    // - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-    // Relaxing options
-    // http://jshint.com/docs/options/#relaxing-options
-
-    "esnext": true,
-
-    // - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-    // Environments
-    // http://jshint.com/docs/options/#environments
-
-    "browser": true,
-    "jquery": true,
-    "node": true
-
-}

.travis.yml

@@ -2,31 +2,15 @@
 # in this file, please see the Travis CI documentation:
 # https://docs.travis-ci.com
 
-after_success:
-  - |
-
-      # Automatically update the content from the `dist/` directory
-
-      $(npm bin)/travis-after-all \
-        && $(npm bin)/set-up-ssh -k "$encrypted_7289798db853_key" \
-                                 -iv "$encrypted_7289798db853_iv" \
-                                 --path-encrypted-key ".travis/github_deploy_key.enc" \
-        && $(npm bin)/commit-changes --branch "master" \
-                                     --commands "npm run build" \
-                                     --commit-message "Update content from the \`dist\` directory [skip ci]"
-
-env:
-  global:
-    - secure: "uZ0R71TG9AR+kbfM9rwa8PPNr3f9E0C4OuA0s6g0Gq15bBcpVxPvus0/eJdW+O2NSzZE1GbzS//hBiP+chK/8X4DyNIRutlGk5RYdnTTFEaZo9jp0BvlvprUYlGgpprR/531zQ9ahkc0STwVvzurGzlcF4NNMiISAJJ1IdQZABc="
-
 git:
   depth: 10
 
 language: node_js
 
 node_js:
-  - 4
   - 6
-  - 7
+  - 8
+  - 9
 
+dist: trusty
 sudo: false

CHANGELOG.md

@@ -1,3 +1,56 @@
+### 7.2.0 (June 4, 2019)
+
+* Remove `defer` from Google Analytics snippet ([#2132](https://github.com/h5bp/html5-boilerplate/pull/2132))
+* Update jQuery to v3.4.1 ([#2126](https://github.com/h5bp/html5-boilerplate/pull/2126))
+* Update Apache Server Configs to 3.2.1 ([#2128](https://github.com/h5bp/html5-boilerplate/pull/2128))
+* Update main.css to v2.0.0 ([#2135](https://github.com/h5bp/html5-boilerplate/pull/2135))
+* Docs updates ([#2122](https://github.com/h5bp/html5-boilerplate/pull/2122)), ([#2125](https://github.com/h5bp/html5-boilerplate/pull/2125)), ([#2134](https://github.com/h5bp/html5-boilerplate/pull/2134)), ([#2137](https://github.com/h5bp/html5-boilerplate/pull/2137)), ([#2138](https://github.com/h5bp/html5-boilerplate/pull/2138))
+
+### 7.1.0 (March 18, 2019)
+
+* Update Modernizr to 3.7.1 ([#2121](https://github.com/h5bp/html5-boilerplate/pull/2121))
+* Update Analytics docs and snippet ([#2118](https://github.com/h5bp/html5-boilerplate/pull/2118))
+* Minor docs updates ([#2115](https://github.com/h5bp/html5-boilerplate/pull/2115))
+* Minor devdeps updates ([#2114](https://github.com/h5bp/html5-boilerplate/pull/2114))
+* More succinct way of writing the IE conditional statement ([#2113](https://github.com/h5bp/html5-boilerplate/pull/2113))
+
+### 7.0.1 (February 11, 2019)
+
+* Bumps main.css to current version ([#2112](https://github.com/h5bp/html5-boilerplate/pull/2112))
+
+### 7.0.0 (February 8, 2019)
+
+* Drop support for IE9/IE10 (usage of these versions is tiny and Microsoft officially ended support back in 2016. ([#2074](https://github.com/h5bp/html5-boilerplate/pull/2074))
+* Move the CSS to a separate repo ([#2066](https://github.com/h5bp/html5-boilerplate/pull/2066))
+* Add theme-color meta tag to index.html ([#2074](https://github.com/h5bp/html5-boilerplate/pull/2074))
+* Add 'install with yarn' steps to README ([#2063](https://github.com/h5bp/html5-boilerplate/pull/2063))
+* Improved Webmanifest ([#2060](https://github.com/h5bp/html5-boilerplate/pull/2060))
+* Upgrade Normalize to 8.0.1 ([#2104](https://github.com/h5bp/html5-boilerplate/pull/2104))
+* Update .htaccess ([#2110](https://github.com/h5bp/html5-boilerplate/pull/2110))
+* Remove instances of `shrink-to-fit=no` ([#2103](https://github.com/h5bp/html5-boilerplate/pull/2103))
+* Removes "display": "standalone" from manifest ([#2096](https://github.com/h5bp/html5-boilerplate/pull/2096))
+* Big Docs update - Fixed links, removed IE9/IE10 specific info, made touch icons section more concise, add details on security.txt and more tidying up ([#2074](https://github.com/h5bp/html5-boilerplate/pull/2031), [#2065](https://github.com/h5bp/html5-boilerplate/pull/2065), [#2062](https://github.com/h5bp/html5-boilerplate/pull/2062))
+
+### 6.1.0 (May 1, 2018)
+
+* [Update Apache Server Configs to `v3.0.0`.](https://github.com/h5bp/html5-boilerplate/pull/2042)
+* Migrate to eslint ([#2037](https://github.com/h5bp/html5-boilerplate/pull/2037))
+* Update to jQuery 3.3.1 ([#2018](https://github.com/h5bp/html5-boilerplate/pull/2018))
+* Update to Modernizr v3.6 and Normalize v8 ([#2028](https://github.com/h5bp/html5-boilerplate/pull/2028)) 
+* Update Dev Dependencies ([#2032](https://github.com/h5bp/html5-boilerplate/pull/2032)) ([#2017](https://github.com/h5bp/html5-boilerplate/pull/2017)) ([#2010](https://github.com/h5bp/html5-boilerplate/pull/2010)) ([#2009](https://github.com/h5bp/html5-boilerplate/pull/2009))
+* Replace 'node-sri' with 'ssri' ([#2031](https://github.com/h5bp/html5-boilerplate/pull/2031))
+* Add .babelrc and .prettierrc to .gitattributes ([#2030](https://github.com/h5bp/html5-boilerplate/pull/2030))
+* Update .htaccess ([#2003](https://github.com/h5bp/html5-boilerplate/pull/2003))
+* Fixed JSHint errors  ([#1994](https://github.com/h5bp/html5-boilerplate/pull/1994))
+* Add CODE_OF_CONDUCT.md ([#2011](https://github.com/h5bp/html5-boilerplate/pull/2011))
+* Update Documentation ([#2029](https://github.com/h5bp/html5-boilerplate/pull/2029)) ([#2015](https://github.com/h5bp/html5-boilerplate/pull/2015)) ([#2007](https://github.com/h5bp/html5-boilerplate/pull/2007)) ([#2006](https://github.com/h5bp/html5-boilerplate/pull/2006)) ([#1996](https://github.com/h5bp/html5-boilerplate/pull/1996))
+
+
+### 6.0.1 (August 20, 2017)
+
+* Reverts .visuallyhidden (see [#1985](https://github.com/h5bp/html5-boilerplate/issues/1985))
+
+
 ### 6.0.0 (August 17, 2017)
 
 * Fix Bug: .visuallyhidden on macOS VO fixes #1985 ([#1989](https://github.com/h5bp/html5-boilerplate/pull/1989))
@@ -12,9 +65,9 @@
 * Update .gitattributes for Web Projects ([#1935](https://github.com/h5bp/html5-boilerplate/pull/1935))
 * Add the link for useful .gitignore templates ([#1936](https://github.com/h5bp/html5-boilerplate/pull/1936))
 * Node plumbing updated ([#1925](https://github.com/h5bp/html5-boilerplate/pull/1925)) ([#1928](https://github.com/h5bp/html5-boilerplate/pull/1928)) ([#1931](https://github.com/h5bp/html5-boilerplate/pull/1931))
-* Use es2015 syntax in mocha tests ([#1788](https://github.com/h5bp/html5-boilerplate/pull/1788)) 
+* Use es2015 syntax in mocha tests ([#1788](https://github.com/h5bp/html5-boilerplate/pull/1788))
 * Scope :first-letter selector for print styles ([#1904](https://github.com/h5bp/html5-boilerplate/pull/1904))
-* Add SRI Hash for jQuery ([#1904](https://github.com/h5bp/html5-boilerplate/pull/1904)) 
+* Add SRI Hash for jQuery ([#1904](https://github.com/h5bp/html5-boilerplate/pull/1904))
 * Update .jshintrc ([#1903](https://github.com/h5bp/html5-boilerplate/pull/1903))
 * Improve accessibility with visuallyhidden content ([#1900](https://github.com/h5bp/html5-boilerplate/pull/1900))
 * Tell users that IE 8 and 9 are outdated
@@ -214,7 +267,7 @@
 
 * Update to Modernizr 2.5.3.
 
-### 3.0.1 (February 08, 2012).
+### 3.0.1 (February 08, 2012)
 
 * Update to Modernizr 2.5.2 (includes html5shiv 3.3).
 
@@ -275,7 +328,7 @@
 * Remove `handheld.css` as it has very poor device support.
 * Remove touch-icon `link` elements from the HTML and include improved
   touch-icon support.
-* Remove the cache-busting query paramaters from files references in
+* Remove the cache-busting query parameters from files references in
   the HTML.
 * Remove IE6 PNGFix.
 

README.md

@@ -1,7 +1,10 @@
 # [HTML5 Boilerplate](https://html5boilerplate.com/)
 
+[![LICENSE](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://github.com/h5bp/html5-boilerplate/blob/master/LICENSE.txt)
 [![Build Status](https://travis-ci.org/h5bp/html5-boilerplate.svg)](https://travis-ci.org/h5bp/html5-boilerplate)
 [![devDependency Status](https://david-dm.org/h5bp/html5-boilerplate/dev-status.svg)](https://david-dm.org/h5bp/html5-boilerplate#info=devDependencies)
+[![NPM Downloads](https://img.shields.io/npm/dt/html5-boilerplate.svg)](https://www.npmjs.com/package/html5-boilerplate)
+[![github-stars-image](https://img.shields.io/github/stars/h5bp/html5-boilerplate.svg?label=github%20stars)](https://github.com/h5bp/html5-boilerplate)
 
 HTML5 Boilerplate is a professional front-end template for building
 fast, robust, and adaptable web apps or sites.
@@ -20,12 +23,14 @@ way that you want.
 
 Choose one of the following options:
 
-1. Download the latest stable release from
-   [html5boilerplate.com](https://html5boilerplate.com/).
-2. Clone the git repo — `git clone
-   https://github.com/h5bp/html5-boilerplate.git` - and checkout the
-   [tagged release](https://github.com/h5bp/html5-boilerplate/releases)
-   you'd like to use.
+- Download the latest stable release from
+  [html5boilerplate.com](https://html5boilerplate.com/).
+- Clone the git repo — `git clone
+  https://github.com/h5bp/html5-boilerplate.git` - and checkout the
+  [tagged release](https://github.com/h5bp/html5-boilerplate/releases)
+  you'd like to use.
+- Install with [npm](https://www.npmjs.com/): `npm install html5-boilerplate` and pull in what you need from the resulting `node_modules/html5-boilerplate/dist`
+- Install with [yarn](https://yarnpkg.com/): `yarn add html5-boilerplate`
 
 
 ## Features
@@ -55,16 +60,15 @@ Choose one of the following options:
 * Chrome *(latest 2)*
 * Edge *(latest 2)*
 * Firefox *(latest 2)*
-* Internet Explorer 9+
+* Internet Explorer 11
 * Opera *(latest 2)*
 * Safari *(latest 2)*
 
 *This doesn't mean that HTML5 Boilerplate cannot be used in older browsers,
 just that we'll ensure compatibility with the ones mentioned above.*
 
-If you need legacy browser support you
-can use [HTML5 Boilerplate v4](https://github.com/h5bp/html5-boilerplate/tree/v4) (IE 6+, Firefox 3.6+, Safari 4+),
-or [HTML5 Boilerplate v5](https://github.com/h5bp/html5-boilerplate/tree/v5.0.0) (IE8+). They are no longer actively developed.
+If you need legacy browser support you can use [HTML5 Boilerplate v6](https://github.com/h5bp/html5-boilerplate/releases/tag/6.1.0) (IE9/IE10)
+or [HTML5 Boilerplate v5](https://github.com/h5bp/html5-boilerplate/releases/tag/5.3.0) (IE 8). They are no longer actively developed.
 
 
 ## Documentation

dist/.editorconfig

@@ -4,7 +4,7 @@ root = true
 
 [*]
 charset = utf-8
-indent_size = 4
+indent_size = 2
 indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true

dist/.gitattributes

@@ -46,8 +46,8 @@
 *.xhtml    text
 
 ## DOCKER
-*.dockerignore    text
-Dockerfile    text
+*.dockerignore text
+Dockerfile     text
 
 ## DOCUMENTATION
 *.markdown   text
@@ -91,31 +91,33 @@ TODO         text
 *.twig       text
 
 ## LINTERS
+.babelrc      text
 .csslintrc    text
 .eslintrc     text
 .htmlhintrc   text
 .jscsrc       text
 .jshintrc     text
 .jshintignore text
+.prettierrc   text
 .stylelintrc  text
 
 ## CONFIGS
-*.bowerrc      text
-*.cnf          text
-*.conf         text
-*.config       text
-.browserslistrc    text
-.editorconfig  text
-.gitattributes text
-.gitconfig     text
-.gitignore     text
-.htaccess      text
-*.npmignore    text
-*.yaml         text
-*.yml          text
-browserslist   text
-Makefile       text
-makefile       text
+*.bowerrc       text
+*.cnf           text
+*.conf          text
+*.config        text
+.browserslistrc text
+.editorconfig   text
+.gitattributes  text
+.gitconfig      text
+.gitignore      text
+.htaccess       text
+*.npmignore     text
+*.yaml          text
+*.yml           text
+browserslist    text
+Makefile        text
+makefile        text
 
 ## HEROKU
 Procfile    text

dist/.htaccess

@@ -1,11 +1,11 @@
-# Apache Server Configs v2.14.0 | MIT License
+# Apache Server Configs v3.2.1 | MIT License
 # https://github.com/h5bp/server-configs-apache
 
 # (!) Using `.htaccess` files slows down Apache, therefore, if you have
 # access to the main server configuration file (which is usually called
 # `httpd.conf`), you should add this logic there.
 #
-# https://httpd.apache.org/docs/current/howto/htaccess.html.
+# https://httpd.apache.org/docs/current/howto/htaccess.html
 
 # ######################################################################
 # # CROSS-ORIGIN                                                       #
@@ -18,8 +18,8 @@
 # Allow cross-origin requests.
 #
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
-# http://enable-cors.org/
-# http://www.w3.org/TR/cors/
+# https://enable-cors.org/
+# https://www.w3.org/TR/cors/
 
 # <IfModule mod_headers.c>
 #     Header set Access-Control-Allow-Origin "*"
@@ -48,6 +48,8 @@
 # ----------------------------------------------------------------------
 
 # Allow cross-origin access to web fonts.
+#
+# https://developers.google.com/fonts/docs/troubleshooting
 
 <IfModule mod_headers.c>
     <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">
@@ -66,14 +68,14 @@
 # some of the attributes of the `PerformanceResourceTiming` object will
 # be set to zero.
 #
-# http://www.w3.org/TR/resource-timing/
-# http://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin
+# https://www.w3.org/TR/resource-timing/
+# https://www.stevesouders.com/blog/2014/08/21/resource-timing-practical-tips/
 
 # <IfModule mod_headers.c>
 #     Header set Timing-Allow-Origin: "*"
 # </IfModule>
 
-
 # ######################################################################
 # # ERRORS                                                             #
 # ######################################################################
@@ -83,6 +85,7 @@
 # ----------------------------------------------------------------------
 
 # Customize what Apache returns to the client in case of an error.
+#
 # https://httpd.apache.org/docs/current/mod/core.html#errordocument
 
 ErrorDocument 404 /404.html
@@ -100,7 +103,6 @@ ErrorDocument 404 /404.html
 
 Options -MultiViews
 
-
 # ######################################################################
 # # INTERNET EXPLORER                                                  #
 # ######################################################################
@@ -120,36 +122,13 @@ Options -MultiViews
 # consider enabling `Enterprise Mode` throughout your company.
 #
 # https://msdn.microsoft.com/en-us/library/ie/bg182625.aspx#docmode
-# http://blogs.msdn.com/b/ie/archive/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11.aspx
+# https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/
+# https://msdn.microsoft.com/en-us/library/ff955275.aspx
 
 <IfModule mod_headers.c>
-
-    Header set X-UA-Compatible "IE=edge"
-
-    # `mod_headers` cannot match based on the content-type, however,
-    # the `X-UA-Compatible` response header should be send only for
-    # HTML documents and not for the other resources.
-
-    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
-        Header unset X-UA-Compatible
-    </FilesMatch>
-
+    Header set X-UA-Compatible "IE=edge" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
 </IfModule>
 
-# ----------------------------------------------------------------------
-# | Iframes cookies                                                    |
-# ----------------------------------------------------------------------
-
-# Allow cookies to be set from iframes in Internet Explorer.
-#
-# https://msdn.microsoft.com/en-us/library/ms537343.aspx
-# http://www.w3.org/TR/2000/CR-P3P-20001215/
-
-# <IfModule mod_headers.c>
-#     Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
-# </IfModule>
-
-
 # ######################################################################
 # # MEDIA TYPES AND CHARACTER ENCODINGS                                #
 # ######################################################################
@@ -171,16 +150,17 @@ Options -MultiViews
     AddType application/json                            json map topojson
     AddType application/ld+json                         jsonld
     AddType application/rss+xml                         rss
-    AddType application/vnd.geo+json                    geojson
-    AddType application/xml                             rdf xml
+    AddType application/geo+json                        geojson
+    AddType application/rdf+xml                         rdf
+    AddType application/xml                             xml
 
 
   # JavaScript
 
-    # Normalize to standard type.
-    # https://tools.ietf.org/html/rfc4329#section-7.2
+    # Servers should use text/javascript for JavaScript resources.
+    # https://html.spec.whatwg.org/multipage/scripting.html#scriptingLanguages
 
-    AddType application/javascript                      js
+    AddType text/javascript                             js mjs
 
 
   # Manifest files
@@ -203,28 +183,25 @@ Options -MultiViews
     AddType video/x-flv                                 flv
 
     # Serving `.ico` image files with a different media type
-    # prevents Internet Explorer from displaying then as images:
+    # prevents Internet Explorer from displaying them as images:
     # https://github.com/h5bp/html5-boilerplate/commit/37b5fec090d00f38de64b591bcddcb205aadf8ee
 
     AddType image/x-icon                                cur ico
 
 
+  # WebAssembly
+
+    AddType application/wasm                            wasm
+
+
   # Web fonts
 
-    AddType application/font-woff                       woff
-    AddType application/font-woff2                      woff2
+    AddType font/woff                                   woff
+    AddType font/woff2                                  woff2
     AddType application/vnd.ms-fontobject               eot
-
-    # Browsers usually ignore the font media types and simply sniff
-    # the bytes to figure out the font type.
-    # https://mimesniff.spec.whatwg.org/#matching-a-font-type-pattern
-    #
-    # However, Blink and WebKit based browsers will show a warning
-    # in the console if the following font types are served with any
-    # other media types.
-
-    AddType application/x-font-ttf                      ttc ttf
-    AddType font/opentype                               otf
+    AddType font/ttf                                    ttf
+    AddType font/collection                             ttc
+    AddType font/otf                                    otf
 
 
   # Other
@@ -234,6 +211,8 @@ Options -MultiViews
     AddType application/x-chrome-extension              crx
     AddType application/x-opera-extension               oex
     AddType application/x-xpinstall                     xpi
+    AddType text/calendar                               ics
+    AddType text/markdown                               markdown md
     AddType text/vcard                                  vcard vcf
     AddType text/vnd.rim.location.xloc                  xloc
     AddType text/vtt                                    vtt
@@ -260,25 +239,26 @@ AddDefaultCharset utf-8
 # https://httpd.apache.org/docs/current/mod/mod_mime.html#addcharset
 
 <IfModule mod_mime.c>
-    AddCharset utf-8 .atom \
+    AddCharset utf-8 .appcache \
                      .bbaw \
                      .css \
-                     .geojson \
+                     .htc \
+                     .ics \
                      .js \
                      .json \
-                     .jsonld \
                      .manifest \
-                     .rdf \
-                     .rss \
+                     .map \
+                     .markdown \
+                     .md \
+                     .mjs \
                      .topojson \
                      .vtt \
-                     .webapp \
+                     .vcard \
+                     .vcf \
                      .webmanifest \
-                     .xloc \
-                     .xml
+                     .xloc
 </IfModule>
 
-
 # ######################################################################
 # # REWRITES                                                           #
 # ######################################################################
@@ -347,60 +327,90 @@ AddDefaultCharset utf-8
 # ----------------------------------------------------------------------
 
 # Redirect from the `http://` to the `https://` version of the URL.
+#
 # https://wiki.apache.org/httpd/RewriteHTTPToHTTPS
 
+# (1) If you're using cPanel AutoSSL or the Let's Encrypt webroot
+#     method it will fail to validate the certificate if validation
+#     requests are redirected to HTTPS. Turn on the condition(s)
+#     you need.
+#
+#     https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml
+#     https://tools.ietf.org/html/draft-ietf-acme-acme-12
+
 # <IfModule mod_rewrite.c>
 #    RewriteEngine On
 #    RewriteCond %{HTTPS} !=on
-#    RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
+#    # (1)
+#    # RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
+#    # RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[\w-]+$
+#    # RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
+#    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 # </IfModule>
 
 # ----------------------------------------------------------------------
-# | Suppressing / Forcing the `www.` at the beginning of URLs          |
+# | Suppressing the `www.` at the beginning of URLs                    |
 # ----------------------------------------------------------------------
 
+# Rewrite www.example.com → example.com
+
 # The same content should never be available under two different
 # URLs, especially not with and without `www.` at the beginning.
 # This can cause SEO problems (duplicate content), and therefore,
 # you should choose one of the alternatives and redirect the other
 # one.
 #
-# By default `Option 1` (no `www.`) is activated.
-# http://no-www.org/faq.php?q=class_b
-#
-# If you would prefer to use `Option 2`, just comment out all the
-# lines from `Option 1` and uncomment the ones from `Option 2`.
-#
-# (!) NEVER USE BOTH RULES AT THE SAME TIME!
+# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME!
 
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-# Option 1: rewrite www.example.com → example.com
+# (1) The rule assumes by default that both HTTP and HTTPS
+#     environments are available for redirection.
+#     If your SSL certificate could not handle one of the domains
+#     used during redirection, you should turn the condition on.
+#
+#     https://github.com/h5bp/server-configs-apache/issues/52
 
 <IfModule mod_rewrite.c>
     RewriteEngine On
-    RewriteCond %{HTTPS} !=on
+    # (1)
+    # RewriteCond %{HTTPS} !=on
     RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
     RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]
 </IfModule>
 
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# ----------------------------------------------------------------------
+# | Forcing the `www.` at the beginning of URLs                        |
+# ----------------------------------------------------------------------
 
-# Option 2: rewrite example.com → www.example.com
+# Rewrite example.com → www.example.com
+
+# The same content should never be available under two different
+# URLs, especially not with and without `www.` at the beginning.
+# This can cause SEO problems (duplicate content), and therefore,
+# you should choose one of the alternatives and redirect the other
+# one.
 #
+# (!) NEVER USE BOTH WWW-RELATED RULES AT THE SAME TIME!
+
+# (1) The rule assumes by default that both HTTP and HTTPS
+#     environments are available for redirection.
+#     If your SSL certificate could not handle one of the domains
+#     used during redirection, you should turn the condition on.
+#
+#     https://github.com/h5bp/server-configs-apache/issues/52
+
 # Be aware that the following might not be a good idea if you use "real"
 # subdomains for certain parts of your website.
 
 # <IfModule mod_rewrite.c>
 #     RewriteEngine On
-#     RewriteCond %{HTTPS} !=on
+#     # (1)
+#     # RewriteCond %{HTTPS} !=on
 #     RewriteCond %{HTTP_HOST} !^www\. [NC]
 #     RewriteCond %{SERVER_ADDR} !=127.0.0.1
 #     RewriteCond %{SERVER_ADDR} !=::1
 #     RewriteRule ^ %{ENV:PROTO}://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
 # </IfModule>
 
-
 # ######################################################################
 # # SECURITY                                                           #
 # ######################################################################
@@ -435,22 +445,13 @@ AddDefaultCharset utf-8
 # against more than just clickjacking attacks:
 # https://cure53.de/xfo-clickjacking.pdf.
 #
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
 # https://tools.ietf.org/html/rfc7034
-# http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
+# https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
 # https://www.owasp.org/index.php/Clickjacking
 
 # <IfModule mod_headers.c>
-
-#     Header set X-Frame-Options "DENY"
-
-#     # `mod_headers` cannot match based on the content-type, however,
-#     # the `X-Frame-Options` response header should be send only for
-#     # HTML documents and not for the other resources.
-
-#     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
-#         Header unset X-Frame-Options
-#     </FilesMatch>
-
+#     Header set X-Frame-Options "DENY" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
 # </IfModule>
 
 # ----------------------------------------------------------------------
@@ -463,29 +464,68 @@ AddDefaultCharset utf-8
 # This can be done by setting a `Content Security Policy` which
 # whitelists trusted sources of content for your website.
 #
-# The example header below allows ONLY scripts that are loaded from
-# the current website's origin (no inline scripts, no CDN, etc).
-# That almost certainly won't work as-is for your website!
+# There is no policy that fits all websites, you will have to modify
+# the `Content-Security-Policy` directives in the example below depending
+# on your needs.
 #
-# To make things easier, you can use an online CSP header generator
-# such as: http://cspisawesome.com/.
+# The example policy below aims to:
 #
-# http://content-security-policy.com/
-# http://www.html5rocks.com/en/tutorials/security/content-security-policy/
-# http://www.w3.org/TR/CSP11/).
+#  (1) Restrict all fetches by default to the origin of the current website
+#      by setting the `default-src` directive to `'self'` - which acts as a
+#      fallback to all "Fetch directives" (https://developer.mozilla.org/en-US/docs/Glossary/Fetch_directive).
+#
+#      This is convenient as you do not have to specify all Fetch directives
+#      that apply to your site, for example:
+#      `connect-src 'self'; font-src 'self'; script-src 'self'; style-src 'self'`, etc.
+#
+#      This restriction also means that you must explicitly define from
+#      which site(s) your website is allowed to load resources from.
+#
+#  (2) The `<base>` element is not allowed on the website. This is to
+#      prevent attackers from changing the locations of resources loaded
+#      from relative URLs.
+#
+#      If you want to use the `<base>` element, then `base-uri 'self'`
+#      can be used instead.
+#
+#  (3) Form submissions are only allowed from the current website by
+#      setting: `form-action 'self'`.
+#
+#  (4) Prevents all websites (including your own) from embedding your
+#      webpages within e.g. the `<iframe>` or `<object>` element by
+#      setting `frame-ancestors 'none'`.
+#
+#	   The `frame-ancestors` directive helps avoid "Clickjacking" attacks
+#      and is similar to the `X-Frame-Options` header.
+#
+#      Browsers that support the CSP header will ignore `X-Frame-Options`
+#      if `frame-ancestors` is also specified.
+#
+#  (5) Forces the browser to treat all the resources that are served over
+#      HTTP as if they were loaded securely over HTTPS by setting the
+#      `upgrade-insecure-requests` directive.
+#
+#      Please note that `upgrade-insecure-requests` does not ensure
+#      HTTPS for the top-level navigation. If you want to force the
+#      website itself to be loaded over HTTPS you must include the
+#      `Strict-Transport-Security` header.
+#
+# To make your CSP implementation easier, you can use an online CSP header
+# generator such as:
+# https://report-uri.com/home/generate/
+#
+# It is encouraged that you validate your CSP header using a CSP validator
+# such as:
+# https://csp-evaluator.withgoogle.com
+#
+# https://csp.withgoogle.com/docs/
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+# https://www.html5rocks.com/en/tutorials/security/content-security-policy/
+# https://www.w3.org/TR/CSP/
 
 # <IfModule mod_headers.c>
-
-#     Header set Content-Security-Policy "script-src 'self'; object-src 'self'"
-
-#     # `mod_headers` cannot match based on the content-type, however,
-#     # the `Content-Security-Policy` response header should be send
-#     # only for HTML documents and not for the other resources.
-
-#     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
-#         Header unset Content-Security-Policy
-#     </FilesMatch>
-
+#     #                                   (1)                 (2)              (3)                 (4)                     (5)
+#     Header set Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
 # </IfModule>
 
 # ----------------------------------------------------------------------
@@ -535,7 +575,7 @@ AddDefaultCharset utf-8
 # left by some text editors and can pose a security risk when anyone
 # has access to them.
 #
-# http://feross.org/cmsploit/
+# https://feross.org/cmsploit/
 #
 # (!) Update the `<FilesMatch>` regular expression from below to
 # include any files that might end up on your production server and
@@ -543,21 +583,11 @@ AddDefaultCharset utf-8
 # include: configuration files, files that contain metadata about the
 # project (e.g.: project dependencies), build scripts, etc..
 
-<FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">
-
-    # Apache < 2.3
-    <IfModule !mod_authz_core.c>
-        Order allow,deny
-        Deny from all
-        Satisfy All
-    </IfModule>
-
-    # Apache ≥ 2.3
-    <IfModule mod_authz_core.c>
+<IfModule mod_authz_core.c>
+    <FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|orig|psd|sh|sql|sw[op])|~)$">
         Require all denied
-    </IfModule>
-
-</FilesMatch>
+    </FilesMatch>
+</IfModule>
 
 # ----------------------------------------------------------------------
 # | HTTP Strict Transport Security (HSTS)                              |
@@ -574,15 +604,39 @@ AddDefaultCharset utf-8
 # server via HTTPS, regardless of what the users type in the browser's
 # address bar.
 #
+# (!) Be aware that this, once published, is not revokable and you must ensure
+# being able to serve the site via SSL for the duration you've specified
+# in max-age. When you don't have a valid SSL connection (anymore) your
+# visitors will see a nasty error message even when attempting to connect
+# via simple HTTP.
+#
 # (!) Remove the `includeSubDomains` optional directive if the website's
 # subdomains are not using HTTPS.
 #
-# http://www.html5rocks.com/en/tutorials/security/transport-layer-security/
-# https://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec-14#section-6.1
-# http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-security-attacks-mitigations-deployment-https.aspx
+# (1) If you want to submit your site for HSTS preload (2) you must
+#     * ensure the `includeSubDomains` directive to be present
+#     * the `preload` directive to be specified
+#     * the `max-age` to be at least 31536000 seconds (1 year) according to the current status.
+#
+#     It is also advised (3) to only serve the HSTS header via a secure connection
+#     which can be done with either `env=https` or `"expr=%{HTTPS} == 'on'"` (4). The
+#     exact way depends on your environment and might just be tried.
+#
+# (2) https://hstspreload.org/
+# (3) https://tools.ietf.org/html/rfc6797#section-7.2
+# (4) https://stackoverflow.com/questions/24144552/how-to-set-hsts-header-from-htaccess-only-on-https/24145033#comment81632711_24145033
+#
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
+# https://tools.ietf.org/html/rfc6797#section-6.1
+# https://www.html5rocks.com/en/tutorials/security/transport-layer-security/
+# https://blogs.msdn.microsoft.com/ieinternals/2014/08/18/strict-transport-security/
 
 # <IfModule mod_headers.c>
 #     Header always set Strict-Transport-Security "max-age=16070400; includeSubDomains"
+#     # (1) or if HSTS preloading is desired (respect (2) for current requirements):
+#     # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
+#     # (4) respectively… (respect (2) for current requirements):
+#     # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"
 # </IfModule>
 
 # ----------------------------------------------------------------------
@@ -596,9 +650,8 @@ AddDefaultCharset utf-8
 # is serving user-uploaded content or content that could potentially be
 # treated as executable by the browser.
 #
-# http://www.slideshare.net/hasegawayosuke/owasp-hasegawa
-# http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
-# https://msdn.microsoft.com/en-us/library/ie/gg622941.aspx
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
+# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/
 # https://mimesniff.spec.whatwg.org/
 
 <IfModule mod_headers.c>
@@ -637,25 +690,65 @@ AddDefaultCharset utf-8
 #     you are taking all possible measures to prevent XSS attacks, the
 #     most obvious being: validating and sanitizing your website's inputs.
 #
-# http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
-# http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+# https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-iv-the-xss-filter/
+# https://blogs.msdn.microsoft.com/ieinternals/2011/01/31/controlling-the-xss-filter/
 # https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
 
 # <IfModule mod_headers.c>
-
 #     #                           (1)    (2)
-#     Header set X-XSS-Protection "1; mode=block"
-
-#     # `mod_headers` cannot match based on the content-type, however,
-#     # the `X-XSS-Protection` response header should be send only for
-#     # HTML documents and not for the other resources.
-
-#     <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
-#         Header unset X-XSS-Protection
-#     </FilesMatch>
-
+#     Header set X-XSS-Protection "1; mode=block" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
 # </IfModule>
 
+# ----------------------------------------------------------------------
+# | Referrer Policy                                                    |
+# ----------------------------------------------------------------------
+
+# A web application uses HTTPS and a URL-based session identifier.
+# The web application might wish to link to HTTPS resources on other
+# web sites without leaking the user's session identifier in the URL.
+#
+# This can be done by setting a `Referrer Policy` which
+# whitelists trusted sources of content for your website.
+#
+# To check your referrer policy, you can use an online service
+# such as: https://securityheaders.io/.
+#
+# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+
+# <IfModule mod_headers.c>
+#     # no-referrer-when-downgrade (default)
+#     # This should be the user agent's default behavior if no policy is
+#     # specified.The origin is sent as referrer to a-priori as-much-secure
+#     # destination (HTTPS->HTTPS), but isn't sent to a less secure destination
+#     # (HTTPS->HTTP).
+#     Header set Referrer-Policy "no-referrer-when-downgrade" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
+# </IfModule>
+
+# ----------------------------------------------------------------------
+# | Disable TRACE HTTP Method                                          |
+# ----------------------------------------------------------------------
+
+# Prevent Apache from responding to `TRACE` HTTP request.
+#
+# The TRACE method, while apparently harmless, can be successfully
+# leveraged in some scenarios to steal legitimate users' credentials
+#
+# Modern browsers now prevent TRACE requests being made via JavaScript,
+# however, other ways of sending TRACE requests with browsers have been
+# discovered, such as using Java.
+#
+# (!) The `TraceEnable` directive will only work in the main server
+# configuration file, so don't try to enable it in the `.htaccess` file!
+#
+# https://tools.ietf.org/html/rfc7231#section-4.3.8
+# https://www.owasp.org/index.php/Cross_Site_Tracing
+# https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
+# https://httpd.apache.org/docs/current/mod/core.html#traceenable
+
+# TraceEnable Off
+
 # ----------------------------------------------------------------------
 # | Server-side technology information                                 |
 # ----------------------------------------------------------------------
@@ -666,9 +759,9 @@ AddDefaultCharset utf-8
 #    (e.g.: ASP.NET, PHP), and its value contains information
 #    about them (e.g.: their name, version number)
 #
-#  * doesn't provide any value as far as users are concern,
-#    and in some cases, the information provided by it can
-#    be used by attackers
+#  * doesn't provide any value to users, contributes to header
+#    bloat, and in some cases, the information it provides can
+#    expose vulnerabilities
 #
 # (!) If you can, you should disable the `X-Powered-By` header from the
 # language / framework level (e.g.: for PHP, you can do that by setting
@@ -678,6 +771,7 @@ AddDefaultCharset utf-8
 
 <IfModule mod_headers.c>
     Header unset X-Powered-By
+    Header always unset X-Powered-By
 </IfModule>
 
 # ----------------------------------------------------------------------
@@ -703,8 +797,7 @@ ServerSignature Off
 #
 # https://httpd.apache.org/docs/current/mod/core.html#servertokens
 
-#ServerTokens Prod
-
+# ServerTokens Prod
 
 # ######################################################################
 # # WEB PERFORMANCE                                                    #
@@ -717,7 +810,9 @@ ServerSignature Off
 <IfModule mod_deflate.c>
 
     # Force compression for mangled `Accept-Encoding` request headers
-    # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html
+    #
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding
+    # https://calendar.perfplanet.com/2010/pushing-beyond-gzipping/
 
     <IfModule mod_setenvif.c>
         <IfModule mod_headers.c>
@@ -730,11 +825,6 @@ ServerSignature Off
 
     # Compress all output labeled with one of the following media types.
     #
-    # (!) For Apache versions below version 2.3.7 you don't need to
-    # enable `mod_filter` and can remove the `<IfModule mod_filter.c>`
-    # and `</IfModule>` lines as `AddOutputFilterByType` is still in
-    # the core directives.
-    #
     # https://httpd.apache.org/docs/current/mod/mod_filter.html#addoutputfilterbytype
 
     <IfModule mod_filter.c>
@@ -746,8 +836,9 @@ ServerSignature Off
                                       "application/rdf+xml" \
                                       "application/rss+xml" \
                                       "application/schema+json" \
-                                      "application/vnd.geo+json" \
+                                      "application/geo+json" \
                                       "application/vnd.ms-fontobject" \
+                                      "application/wasm" \
                                       "application/x-font-ttf" \
                                       "application/x-javascript" \
                                       "application/x-web-app-manifest+json" \
@@ -755,15 +846,17 @@ ServerSignature Off
                                       "application/xml" \
                                       "font/eot" \
                                       "font/opentype" \
+                                      "font/otf" \
                                       "image/bmp" \
                                       "image/svg+xml" \
                                       "image/vnd.microsoft.icon" \
-                                      "image/x-icon" \
                                       "text/cache-manifest" \
+                                      "text/calendar" \
                                       "text/css" \
                                       "text/html" \
                                       "text/javascript" \
                                       "text/plain" \
+                                      "text/markdown" \
                                       "text/vcard" \
                                       "text/vnd.rim.location.xloc" \
                                       "text/vtt" \
@@ -786,6 +879,7 @@ ServerSignature Off
     # the response, and thus, wouldn't be able to understand the
     # content.
     #
+    # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding
     # https://httpd.apache.org/docs/current/mod/mod_mime.html#addencoding
 
     <IfModule mod_mime.c>
@@ -794,6 +888,121 @@ ServerSignature Off
 
 </IfModule>
 
+# ----------------------------------------------------------------------
+# | Brotli pre-compressed content                                      |
+# ----------------------------------------------------------------------
+
+# Serve brotli compressed CSS, JS, HTML, SVG, ICS and JSON files
+# if they exist and if the client accepts br encoding.
+#
+# (!) To make this part relevant, you need to generate encoded
+# files by your own. Enabling this part will not auto-generate
+# brotlied files.
+#
+# Note that some clients (eg. browsers) require a secure connection
+# to request brotli-compressed resources.
+# https://www.chromestatus.com/feature/5420797577396224
+#
+# https://httpd.apache.org/docs/current/mod/mod_brotli.html#precompressed
+
+# <IfModule mod_headers.c>
+
+#     RewriteCond %{HTTP:Accept-Encoding} br
+#     RewriteCond %{REQUEST_FILENAME}\.br -f
+#     RewriteRule \.(css|ics|js|json|html|svg)$ %{REQUEST_URI}.br [L]
+
+#     # Prevent mod_deflate double gzip
+#     RewriteRule \.br$ - [E=no-gzip:1]
+
+#     <FilesMatch "\.br$">
+
+#         <IfModule mod_mime.c>
+#             # Serve correct content types
+#             AddType text/css              css.br
+#             AddType text/calendar         ics.br
+#             AddType text/javascript       js.br
+#             AddType application/json      json.br
+#             AddType text/html             html.br
+#             AddType image/svg+xml         svg.br
+
+#             # Serve correct content charset
+#             AddCharset utf-8 .css.br \
+#                              .ics.br \
+#                              .js.br \
+#                              .json.br
+#         </IfModule>
+
+#         # Force proxies to cache brotlied and non-brotlied files separately
+#         Header append Vary Accept-Encoding
+
+#     </FilesMatch>
+
+#     # Serve correct encoding type
+#     AddEncoding br .br
+
+# </IfModule>
+
+# ----------------------------------------------------------------------
+# | GZip pre-compressed content                                        |
+# ----------------------------------------------------------------------
+
+# Serve gzip compressed CSS, JS, HTML, SVG, ICS and JSON files
+# if they exist and if the client accepts gzip encoding.
+#
+# (!) To make this part relevant, you need to generate encoded
+# files by your own. Enabling this part will not auto-generate
+# gziped files.
+#
+# https://httpd.apache.org/docs/current/mod/mod_deflate.html#precompressed
+#
+# (1)
+# Removing default MIME Type for .gz files allowing to add custom
+# sub-types.
+# You may prefer using less generic extensions such as .html_gz in
+# order to keep default behavior regarding .gz files.
+# https://httpd.apache.org/docs/current/mod/mod_mime.html#removetype
+
+# <IfModule mod_headers.c>
+
+#     RewriteCond %{HTTP:Accept-Encoding} gzip
+#     RewriteCond %{REQUEST_FILENAME}\.gz -f
+#     RewriteRule \.(css|ics|js|json|html|svg)$ %{REQUEST_URI}.gz [L]
+
+#     # Prevent mod_deflate double gzip
+#     RewriteRule \.gz$ - [E=no-gzip:1]
+
+#     <FilesMatch "\.gz$">
+
+#         # Serve correct content types
+#         <IfModule mod_mime.c>
+#             # (1)
+#             RemoveType gz
+
+#             # Serve correct content types
+#             AddType text/css              css.gz
+#             AddType text/calendar         ics.gz
+#             AddType text/javascript       js.gz
+#             AddType application/json      json.gz
+#             AddType text/html             html.gz
+#             AddType image/svg+xml         svg.gz
+
+#             # Serve correct content charset
+#             AddCharset utf-8 .css.gz \
+#                              .ics.gz \
+#                              .js.gz \
+#                              .json.gz
+#         </IfModule>
+
+#         # Force proxies to cache gzipped and non-gzipped files separately
+#         Header append Vary Accept-Encoding
+
+#     </FilesMatch>
+
+#     # Serve correct encoding type
+#     AddEncoding gzip .gz
+
+# </IfModule>
+
 # ----------------------------------------------------------------------
 # | Content transformation                                             |
 # ----------------------------------------------------------------------
@@ -802,6 +1011,7 @@ ServerSignature Off
 # used by mobile network providers) from modifying the website's
 # content.
 #
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
 # https://tools.ietf.org/html/rfc2616#section-14.9.5
 #
 # (!) If you are using `mod_pagespeed`, please note that setting
@@ -822,6 +1032,7 @@ ServerSignature Off
 
 # Remove `ETags` as resources are sent with far-future expires headers.
 #
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
 # https://developer.yahoo.com/performance/rules.html#etags
 # https://tools.ietf.org/html/rfc7232#section-2.3
 
@@ -833,15 +1044,17 @@ ServerSignature Off
 FileETag None
 
 # ----------------------------------------------------------------------
-# | Expires headers                                                    |
+# | Cache expiration                                                   |
 # ----------------------------------------------------------------------
 
-# Serve resources with far-future expires headers.
+# Serve resources with far-future expiration date.
 #
 # (!) If you don't control versioning with filename-based
 # cache busting, you should consider lowering the cache times
 # to something like one week.
 #
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
 # https://httpd.apache.org/docs/current/mod/mod_expires.html
 
 <IfModule mod_expires.c>
@@ -863,8 +1076,9 @@ FileETag None
     ExpiresByType application/json                      "access plus 0 seconds"
     ExpiresByType application/ld+json                   "access plus 0 seconds"
     ExpiresByType application/schema+json               "access plus 0 seconds"
-    ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
+    ExpiresByType application/geo+json                  "access plus 0 seconds"
     ExpiresByType application/xml                       "access plus 0 seconds"
+    ExpiresByType text/calendar                         "access plus 0 seconds"
     ExpiresByType text/xml                              "access plus 0 seconds"
 
 
@@ -892,6 +1106,11 @@ FileETag None
     ExpiresByType text/cache-manifest                   "access plus 0 seconds"
 
 
+  # Markdown
+
+    ExpiresByType text/markdown                         "access plus 0 seconds"
+
+
   # Media files
 
     ExpiresByType audio/ogg                             "access plus 1 month"
@@ -906,17 +1125,27 @@ FileETag None
     ExpiresByType video/webm                            "access plus 1 month"
 
 
+  # WebAssembly
+
+    ExpiresByType application/wasm                      "access plus 1 year"
+
+
   # Web fonts
 
+    # Collection
+    ExpiresByType font/collection                       "access plus 1 month"
+
     # Embedded OpenType (EOT)
     ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
     ExpiresByType font/eot                              "access plus 1 month"
 
     # OpenType
     ExpiresByType font/opentype                         "access plus 1 month"
+    ExpiresByType font/otf                              "access plus 1 month"
 
     # TrueType
     ExpiresByType application/x-font-ttf                "access plus 1 month"
+    ExpiresByType font/ttf                              "access plus 1 month"
 
     # Web Open Font Format (WOFF) 1.0
     ExpiresByType application/font-woff                 "access plus 1 month"
@@ -925,6 +1154,7 @@ FileETag None
 
     # Web Open Font Format (WOFF) 2.0
     ExpiresByType application/font-woff2                "access plus 1 month"
+    ExpiresByType font/woff2                            "access plus 1 month"
 
 
   # Other
@@ -951,6 +1181,7 @@ FileETag None
 #   specified files.
 
 # <IfModule mod_include.c>
+
 #     <FilesMatch "\.combined\.js$">
 #         Options +Includes
 #         AddOutputFilterByType INCLUDES application/javascript \
@@ -958,11 +1189,13 @@ FileETag None
 #                                        text/javascript
 #         SetOutputFilter INCLUDES
 #     </FilesMatch>
+
 #     <FilesMatch "\.combined\.css$">
 #         Options +Includes
 #         AddOutputFilterByType INCLUDES text/css
 #         SetOutputFilter INCLUDES
 #     </FilesMatch>
+
 # </IfModule>
 
 # ----------------------------------------------------------------------
@@ -975,10 +1208,11 @@ FileETag None
 #
 # To understand why this is important and even a better solution than
 # using something like `*.css?v231`, please see:
-# http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
+# https://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
 
 # <IfModule mod_rewrite.c>
 #     RewriteEngine On
 #     RewriteCond %{REQUEST_FILENAME} !-f
-#     RewriteRule ^(.+)\.(\d+)\.(bmp|css|cur|gif|ico|jpe?g|js|png|svgz?|webp|webmanifest)$ $1.$3 [L]
+#     RewriteRule ^(.+)\.(\w+)\.(bmp|css|cur|gif|ico|jpe?g|m?js|png|svgz?|webp|webmanifest)$ $1.$3 [L]
 # </IfModule>
+

dist/css/main.css

@@ -1,5 +1,6 @@
-/*! HTML5 Boilerplate v5.3.0 | MIT License | https://html5boilerplate.com/ */
+/*! HTML5 Boilerplate v7.2.0 | MIT License | https://html5boilerplate.com/ */
 
+/* main.css 2.0.0 | MIT License | https://github.com/h5bp/main.css#readme */
 /*
  * What follows is the result of much research on cross-browser styling.
  * Credit left inline and big thanks to Nicolas Gallagher, Jonathan Neal,
@@ -11,9 +12,9 @@
    ========================================================================== */
 
 html {
-    color: #222;
-    font-size: 1em;
-    line-height: 1.4;
+  color: #222;
+  font-size: 1em;
+  line-height: 1.4;
 }
 
 /*
@@ -27,13 +28,13 @@ html {
  */
 
 ::-moz-selection {
-    background: #b3d4fc;
-    text-shadow: none;
+  background: #b3d4fc;
+  text-shadow: none;
 }
 
 ::selection {
-    background: #b3d4fc;
-    text-shadow: none;
+  background: #b3d4fc;
+  text-shadow: none;
 }
 
 /*
@@ -41,12 +42,12 @@ html {
  */
 
 hr {
-    display: block;
-    height: 1px;
-    border: 0;
-    border-top: 1px solid #ccc;
-    margin: 1em 0;
-    padding: 0;
+  display: block;
+  height: 1px;
+  border: 0;
+  border-top: 1px solid #ccc;
+  margin: 1em 0;
+  padding: 0;
 }
 
 /*
@@ -61,7 +62,7 @@ iframe,
 img,
 svg,
 video {
-    vertical-align: middle;
+  vertical-align: middle;
 }
 
 /*
@@ -69,9 +70,9 @@ video {
  */
 
 fieldset {
-    border: 0;
-    margin: 0;
-    padding: 0;
+  border: 0;
+  margin: 0;
+  padding: 0;
 }
 
 /*
@@ -79,7 +80,7 @@ fieldset {
  */
 
 textarea {
-    resize: vertical;
+  resize: vertical;
 }
 
 /* ==========================================================================
@@ -87,32 +88,16 @@ textarea {
    ========================================================================== */
 
 .browserupgrade {
-    margin: 0.2em 0;
-    background: #ccc;
-    color: #000;
-    padding: 0.2em 0;
+  margin: 0.2em 0;
+  background: #ccc;
+  color: #000;
+  padding: 0.2em 0;
 }
 
 /* ==========================================================================
    Author's custom styles
    ========================================================================== */
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
 /* ==========================================================================
    Helper classes
    ========================================================================== */
@@ -122,78 +107,78 @@ textarea {
  */
 
 .hidden {
-    display: none !important;
+  display: none !important;
 }
 
 /*
- * Hide only visually, but have it available for screen readers:
- * https://snook.ca/archives/html_and_css/hiding-content-for-accessibility
- *
- * 1. For long content, line feeds are not interpreted as spaces and small width
- *    causes content to wrap 1 word per line:
- *    https://medium.com/@jessebeach/beware-smushed-off-screen-accessible-text-5952a4c2cbfe
- */
+* Hide only visually, but have it available for screen readers:
+* https://snook.ca/archives/html_and_css/hiding-content-for-accessibility
+*
+* 1. For long content, line feeds are not interpreted as spaces and small width
+*    causes content to wrap 1 word per line:
+*    https://medium.com/@jessebeach/beware-smushed-off-screen-accessible-text-5952a4c2cbfe
+*/
 
-.visuallyhidden {
-    border: 0;
-    -webkit-clip-path: inset(50%);
-    clip-path: inset(50%);
-    display: inline-block;
-    height: 1px;
-    margin: -1px;
-    overflow: hidden;
-    padding: 0;
-    width: 1px;
-    white-space: nowrap; /* 1 */
+.sr-only {
+  border: 0;
+  clip: rect(0, 0, 0, 0);
+  height: 1px;
+  margin: -1px;
+  overflow: hidden;
+  padding: 0;
+  position: absolute;
+  white-space: nowrap;
+  width: 1px;
+  /* 1 */
 }
 
 /*
- * Extends the .visuallyhidden class to allow the element
- * to be focusable when navigated to via the keyboard:
- * https://www.drupal.org/node/897638
- */
+* Extends the .sr-only class to allow the element
+* to be focusable when navigated to via the keyboard:
+* https://www.drupal.org/node/897638
+*/
 
-.visuallyhidden.focusable:active,
-.visuallyhidden.focusable:focus {
-    clip: auto;
-    -webkit-clip-path: none;
-    clip-path: none;
-    height: auto;
-    margin: 0;
-    overflow: visible;
-    position: static;
-    width: auto;
-    white-space: inherit;
+.sr-only.focusable:active,
+.sr-only.focusable:focus {
+  clip: auto;
+  height: auto;
+  margin: 0;
+  overflow: visible;
+  position: static;
+  white-space: inherit;
+  width: auto;
 }
 
 /*
- * Hide visually and from screen readers, but maintain layout
- */
+* Hide visually and from screen readers, but maintain layout
+*/
 
 .invisible {
-    visibility: hidden;
+  visibility: hidden;
 }
 
 /*
- * Clearfix: contain floats
- *
- * For modern browsers
- * 1. The space content is one way to avoid an Opera bug when the
- *    `contenteditable` attribute is included anywhere else in the document.
- *    Otherwise it causes space to appear at the top and bottom of elements
- *    that receive the `clearfix` class.
- * 2. The use of `table` rather than `block` is only necessary if using
- *    `:before` to contain the top-margins of child elements.
- */
+* Clearfix: contain floats
+*
+* For modern browsers
+* 1. The space content is one way to avoid an Opera bug when the
+*    `contenteditable` attribute is included anywhere else in the document.
+*    Otherwise it causes space to appear at the top and bottom of elements
+*    that receive the `clearfix` class.
+* 2. The use of `table` rather than `block` is only necessary if using
+*    `:before` to contain the top-margins of child elements.
+*/
 
 .clearfix:before,
 .clearfix:after {
-    content: " "; /* 1 */
-    display: table; /* 2 */
+  content: " ";
+  /* 1 */
+  display: table;
+  /* 2 */
 }
 
 .clearfix:after {
-    clear: both;
+  clear: both;
 }
 
 /* ==========================================================================
@@ -203,88 +188,79 @@ textarea {
    ========================================================================== */
 
 @media only screen and (min-width: 35em) {
-    /* Style adjustments for viewports that meet the condition */
+  /* Style adjustments for viewports that meet the condition */
 }
 
 @media print,
-       (-webkit-min-device-pixel-ratio: 1.25),
-       (min-resolution: 1.25dppx),
-       (min-resolution: 120dpi) {
-    /* Style adjustments for high resolution devices */
+  (-webkit-min-device-pixel-ratio: 1.25),
+  (min-resolution: 1.25dppx),
+  (min-resolution: 120dpi) {
+  /* Style adjustments for high resolution devices */
 }
 
 /* ==========================================================================
    Print styles.
    Inlined to avoid the additional HTTP request:
-   http://www.phpied.com/delay-loading-your-print-css/
+   https://www.phpied.com/delay-loading-your-print-css/
    ========================================================================== */
 
 @media print {
-    *,
-    *:before,
-    *:after {
-        background: transparent !important;
-        color: #000 !important; /* Black prints faster:
-                                   http://www.sanbeiji.com/archives/953 */
-        box-shadow: none !important;
-        text-shadow: none !important;
-    }
-
-    a,
-    a:visited {
-        text-decoration: underline;
-    }
-
-    a[href]:after {
-        content: " (" attr(href) ")";
-    }
-
-    abbr[title]:after {
-        content: " (" attr(title) ")";
-    }
-
-    /*
+  *,
+  *:before,
+  *:after {
+    background: transparent !important;
+    color: #000 !important;
+    /* Black prints faster */
+    -webkit-box-shadow: none !important;
+    box-shadow: none !important;
+    text-shadow: none !important;
+  }
+  a,
+  a:visited {
+    text-decoration: underline;
+  }
+  a[href]:after {
+    content: " (" attr(href) ")";
+  }
+  abbr[title]:after {
+    content: " (" attr(title) ")";
+  }
+  /*
      * Don't show links that are fragment identifiers,
      * or use the `javascript:` pseudo protocol
      */
-
-    a[href^="#"]:after,
-    a[href^="javascript:"]:after {
-        content: "";
-    }
-
-    pre {
-        white-space: pre-wrap !important;
-    }
-    pre,
-    blockquote {
-        border: 1px solid #999;
-        page-break-inside: avoid;
-    }
-
-    /*
+  a[href^="#"]:after,
+  a[href^="javascript:"]:after {
+    content: "";
+  }
+  pre {
+    white-space: pre-wrap !important;
+  }
+  pre,
+  blockquote {
+    border: 1px solid #999;
+    page-break-inside: avoid;
+  }
+  /*
      * Printing Tables:
-     * http://css-discuss.incutio.com/wiki/Printing_Tables
+     * https://web.archive.org/web/20180815150934/http://css-discuss.incutio.com/wiki/Printing_Tables
      */
-
-    thead {
-        display: table-header-group;
-    }
-
-    tr,
-    img {
-        page-break-inside: avoid;
-    }
-
-    p,
-    h2,
-    h3 {
-        orphans: 3;
-        widows: 3;
-    }
-
-    h2,
-    h3 {
-        page-break-after: avoid;
-    }
+  thead {
+    display: table-header-group;
+  }
+  tr,
+  img {
+    page-break-inside: avoid;
+  }
+  p,
+  h2,
+  h3 {
+    orphans: 3;
+    widows: 3;
+  }
+  h2,
+  h3 {
+    page-break-after: avoid;
+  }
 }
+

dist/css/normalize.css

@@ -1,17 +1,15 @@
-/*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */
+/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */
 
 /* Document
    ========================================================================== */
 
 /**
  * 1. Correct the line height in all browsers.
- * 2. Prevent adjustments of font size after orientation changes in
- *    IE on Windows Phone and in iOS.
+ * 2. Prevent adjustments of font size after orientation changes in iOS.
  */
 
 html {
   line-height: 1.15; /* 1 */
-  -ms-text-size-adjust: 100%; /* 2 */
   -webkit-text-size-adjust: 100%; /* 2 */
 }
 
@@ -19,7 +17,7 @@ html {
    ========================================================================== */
 
 /**
- * Remove the margin in all browsers (opinionated).
+ * Remove the margin in all browsers.
  */
 
 body {
@@ -27,15 +25,10 @@ body {
 }
 
 /**
- * Add the correct display in IE 9-.
+ * Render the `main` element consistently in IE.
  */
 
-article,
-aside,
-footer,
-header,
-nav,
-section {
+main {
   display: block;
 }
 
@@ -52,25 +45,6 @@ h1 {
 /* Grouping content
    ========================================================================== */
 
-/**
- * Add the correct display in IE 9-.
- * 1. Add the correct display in IE.
- */
-
-figcaption,
-figure,
-main { /* 1 */
-  display: block;
-}
-
-/**
- * Add the correct margin in IE 8.
- */
-
-figure {
-  margin: 1em 40px;
-}
-
 /**
  * 1. Add the correct box sizing in Firefox.
  * 2. Show the overflow in Edge and IE.
@@ -96,17 +70,15 @@ pre {
    ========================================================================== */
 
 /**
- * 1. Remove the gray background on active links in IE 10.
- * 2. Remove gaps in links underline in iOS 8+ and Safari 8+.
+ * Remove the gray background on active links in IE 10.
  */
 
 a {
-  background-color: transparent; /* 1 */
-  -webkit-text-decoration-skip: objects; /* 2 */
+  background-color: transparent;
 }
 
 /**
- * 1. Remove the bottom border in Chrome 57- and Firefox 39-.
+ * 1. Remove the bottom border in Chrome 57-
  * 2. Add the correct text decoration in Chrome, Edge, IE, Opera, and Safari.
  */
 
@@ -116,15 +88,6 @@ abbr[title] {
   text-decoration: underline dotted; /* 2 */
 }
 
-/**
- * Prevent the duplicate application of `bolder` by the next rule in Safari 6.
- */
-
-b,
-strong {
-  font-weight: inherit;
-}
-
 /**
  * Add the correct font weight in Chrome, Edge, and Safari.
  */
@@ -146,23 +109,6 @@ samp {
   font-size: 1em; /* 2 */
 }
 
-/**
- * Add the correct font style in Android 4.3-.
- */
-
-dfn {
-  font-style: italic;
-}
-
-/**
- * Add the correct background and color in IE 9-.
- */
-
-mark {
-  background-color: #ff0;
-  color: #000;
-}
-
 /**
  * Add the correct font size in all browsers.
  */
@@ -196,44 +142,18 @@ sup {
    ========================================================================== */
 
 /**
- * Add the correct display in IE 9-.
- */
-
-audio,
-video {
-  display: inline-block;
-}
-
-/**
- * Add the correct display in iOS 4-7.
- */
-
-audio:not([controls]) {
-  display: none;
-  height: 0;
-}
-
-/**
- * Remove the border on images inside links in IE 10-.
+ * Remove the border on images inside links in IE 10.
  */
 
 img {
   border-style: none;
 }
 
-/**
- * Hide the overflow in IE.
- */
-
-svg:not(:root) {
-  overflow: hidden;
-}
-
 /* Forms
    ========================================================================== */
 
 /**
- * 1. Change the font styles in all browsers (opinionated).
+ * 1. Change the font styles in all browsers.
  * 2. Remove the margin in Firefox and Safari.
  */
 
@@ -242,7 +162,7 @@ input,
 optgroup,
 select,
 textarea {
-  font-family: sans-serif; /* 1 */
+  font-family: inherit; /* 1 */
   font-size: 100%; /* 1 */
   line-height: 1.15; /* 1 */
   margin: 0; /* 2 */
@@ -269,16 +189,14 @@ select { /* 1 */
 }
 
 /**
- * 1. Prevent a WebKit bug where (2) destroys native `audio` and `video`
- *    controls in Android 4.
- * 2. Correct the inability to style clickable types in iOS and Safari.
+ * Correct the inability to style clickable types in iOS and Safari.
  */
 
 button,
-html [type="button"], /* 1 */
+[type="button"],
 [type="reset"],
 [type="submit"] {
-  -webkit-appearance: button; /* 2 */
+  -webkit-appearance: button;
 }
 
 /**
@@ -329,17 +247,15 @@ legend {
 }
 
 /**
- * 1. Add the correct display in IE 9-.
- * 2. Add the correct vertical alignment in Chrome, Firefox, and Opera.
+ * Add the correct vertical alignment in Chrome, Firefox, and Opera.
  */
 
 progress {
-  display: inline-block; /* 1 */
-  vertical-align: baseline; /* 2 */
+  vertical-align: baseline;
 }
 
 /**
- * Remove the default vertical scrollbar in IE.
+ * Remove the default vertical scrollbar in IE 10+.
  */
 
 textarea {
@@ -347,8 +263,8 @@ textarea {
 }
 
 /**
- * 1. Add the correct box sizing in IE 10-.
- * 2. Remove the padding in IE 10-.
+ * 1. Add the correct box sizing in IE 10.
+ * 2. Remove the padding in IE 10.
  */
 
 [type="checkbox"],
@@ -377,10 +293,9 @@ textarea {
 }
 
 /**
- * Remove the inner padding and cancel buttons in Chrome and Safari on macOS.
+ * Remove the inner padding in Chrome and Safari on macOS.
  */
 
-[type="search"]::-webkit-search-cancel-button,
 [type="search"]::-webkit-search-decoration {
   -webkit-appearance: none;
 }
@@ -399,12 +314,10 @@ textarea {
    ========================================================================== */
 
 /*
- * Add the correct display in IE 9-.
- * 1. Add the correct display in Edge, IE, and Firefox.
+ * Add the correct display in Edge, IE 10+, and Firefox.
  */
 
-details, /* 1 */
-menu {
+details {
   display: block;
 }
 
@@ -416,30 +329,19 @@ summary {
   display: list-item;
 }
 
-/* Scripting
+/* Misc
    ========================================================================== */
 
 /**
- * Add the correct display in IE 9-.
- */
-
-canvas {
-  display: inline-block;
-}
-
-/**
- * Add the correct display in IE.
+ * Add the correct display in IE 10+.
  */
 
 template {
   display: none;
 }
 
-/* Hidden
-   ========================================================================== */
-
 /**
- * Add the correct display in IE 10-.
+ * Add the correct display in IE 10.
  */
 
 [hidden] {

dist/doc/TOC.md

@@ -31,5 +31,4 @@ aspects of your website/web app (e.g.: the performance, security, etc.).
     *  [lighttpd](https://github.com/h5bp/server-configs-lighttpd)
     *  [Nginx](https://github.com/h5bp/server-configs-nginx)
     *  [Node.js](https://github.com/h5bp/server-configs-node)
-* [Ant Build Script](https://github.com/h5bp/ant-build-script) — Apache
-  Ant based build script.
+* [Front-end Developer Interview Questions](https://github.com/h5bp/Front-end-Developer-Interview-Questions)

dist/doc/css.md

@@ -6,10 +6,7 @@ table of contents](TOC.md)
 HTML5 Boilerplate's CSS includes:
 
 * [Normalize.css](#normalizecss)
-* [Useful defaults](#useful-defaults)
-* [Common helpers](#common-helpers)
-* [Placeholder media queries](#media-queries)
-* [Print styles](#print-styles)
+* [main.css](#maincss)
 
 This starting CSS does not rely on the presence of
 [conditional class names](https://www.paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/),
@@ -39,7 +36,7 @@ page](https://necolas.github.com/normalize.css/), as well as this
 [blog post](http://nicolasgallagher.com/about-normalize-css/).
 
 
-## Useful defaults
+## main.css
 
 Several base styles are included that build upon `Normalize.css`. These
 styles:
@@ -49,116 +46,6 @@ styles:
 * tweak the default alignment of some elements (e.g.: `img`, `video`,
   `fieldset`, `textarea`)
 * style the prompt that is displayed to users using an outdated browser
+* and more...
 
-You are free and even encouraged to modify or add to these base styles as your
-project requires.
-
-
-## Common helpers
-
-Along with the base styles, we also provide some commonly used helper classes.
-
-#### `.hidden`
-
-The `hidden` class can be added to any element that you want to hide visually
-and from screen readers. It could be an element that will be populated and
-displayed later, or an element you will hide with JavaScript.
-
-#### `.visuallyhidden`
-
-The `visuallyhidden` class can be added to any element that you want to hide
-visually, while still have its content accessible to screen readers.
-
-See also:
-
-* [CSS in Action: Invisible Content Just for Screen Reader
-  Users](http://webaim.org/techniques/css/invisiblecontent/)
-* [Hiding content for
-  accessibility](https://snook.ca/archives/html_and_css/hiding-content-for-accessibility)
-* [HTML5 Boilerplate - Issue #194](https://github.com/h5bp/html5-boilerplate/issues/194).
-
-__N.B.__ [The visuallyhidden class can be an accessibility issue for users using high contrast modes.](https://www.paciellogroup.com/blog/2012/08/notes-on-accessible-css-image-sprites/)
-
->Use JavaScript to detect when images are disabled and remove the CSS visually hidden display state of the text alternative.
-Use JavaScript to detect when Windows high contrast mode is enabled and remove the CSS visually hidden display state of the text alternative.
-
-#### `.invisible`
-
-The `invisible` class can be added to any element that you want to hide
-visually and from screen readers, but without affecting the layout.
-
-As opposed to the `hidden` class that effectively removes the element from the
-layout, the `invisible` class will simply make the element invisible while
-keeping it in the flow and not affecting the positioning of the surrounding
-content.
-
-__N.B.__ Try to stay away from, and don't use the classes specified above for
-[keyword stuffing](https://en.wikipedia.org/wiki/Keyword_stuffing) as you will
-harm your site's ranking!
-
-#### `.clearfix`
-
-The `clearfix` class can be added to any element to ensure that it always fully
-contains its floated children.
-
-Over the years there have been many variants of the clearfix hack, but currently,
-we use the [micro clearfix](http://nicolasgallagher.com/micro-clearfix-hack/).
-
-
-## Media Queries
-
-HTML5 Boilerplate makes it easy for you to get started with a
-[_mobile first_](http://www.lukew.com/presos/preso.asp?26) and [_responsive web
-design_](http://alistapart.com/article/responsive-web-design) approach to
-development. But it's worth remembering that there are [no silver
-bullets](https://cloudfour.com/thinks/css-media-query-for-mobile-is-fools-gold/).
-
-We include placeholder media queries to help you build up your mobile styles for
-wider viewports and high-resolution displays. It's recommended that you adapt
-these media queries based on the content of your site rather than mirroring the
-fixed dimensions of specific devices.
-
-If you do not want to take the _mobile first_ approach, you can simply edit or
-remove these placeholder media queries. One possibility would be to work from
-wide viewports down, and use `max-width` media queries instead (e.g.:
-`@media only screen and (max-width: 480px)`).
-
-
-## Print styles
-
-Lastly, we provide some useful print styles that will optimize the printing
-process, as well as make the printed pages easier to read.
-
-At printing time, these styles will:
-
-* strip all background colors, change the font color to black, and remove the
-  `text-shadow` — done in order to [help save printer ink and speed up the
-  printing process](http://www.sanbeiji.com/archives/953)
-* underline and expand links to include the URL — done in order to allow users
-  to know where to refer to<br>
-  (exceptions to this are: the links that are
-  [fragment identifiers](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-href),
-  or use the
-  [`javascript:` pseudo protocol](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void#JavaScript_URIs))
-* expand abbreviations to include the full description — done in order to allow
-  users to know what the abbreviations stands for
-* provide instructions on how browsers should break the content into pages and
-  on [orphans/widows](https://en.wikipedia.org/wiki/Widows_and_orphans), namely,
-  we instruct
-  [supporting browsers](https://en.wikipedia.org/wiki/Comparison_of_layout_engines_%28Cascading_Style_Sheets%29#Grammar_and_rules)
-  that they should:
-
-  * ensure the table header (`<thead>`) is [printed on each page spanned by the
-    table](http://css-discuss.incutio.com/wiki/Printing_Tables)
-  * prevent block quotations, preformatted text, images and table rows from
-    being split onto two different pages
-  * ensure that headings never appear on a different page than the text they
-    are associated with
-  * ensure that
-    [orphans and widows](https://en.wikipedia.org/wiki/Widows_and_orphans) do
-    [not appear on printed pages](https://css-tricks.com/almanac/properties/o/orphans/)
-
-The print styles are included along with the other `css` to [avoid the
-additional HTTP request](http://www.phpied.com/delay-loading-your-print-css/).
-Also, they should always be included last, so that the other styles can be
-overwritten.
+These styles are included in [main.css](https://github.com/h5bp/html5-boilerplate/blob/master/dist/css/main.css). See the [main.css](https://github.com/h5bp/main.css) project [documentation](https://github.com/h5bp/main.css/blob/master/README.md#features) for a full discussion of these styles. 

dist/doc/extend.md

@@ -18,16 +18,14 @@ not everything fits with everyone's needs.
 * [Social Networks](#social-networks)
 * [URLs](#urls)
 * [Web Apps](#web-apps)
-
+* [security.txt](#security.txt)
 
 ## App Stores
 
 ### Smart App Banners in iOS 6+ Safari
 
 Stop bothering everyone with gross modals advertising your entry in the
-App Store. Include the following [meta tag](https://developer.apple.com/library/IOS/documentation/AppleApplications/Reference/SafariWebContent/PromotingAppswithAppBanners/PromotingAppswithAppBanners.html#//apple_ref/doc/uid/TP40002051-CH6-SW2)
-will unintrusively allow the user the option to download your iOS app,
-or open it with some data about the user's current state on the website.
+App Store. Including the following [meta tag](https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/PromotingAppswithAppBanners/PromotingAppswithAppBanners.html) will unobtrusively give the user the option to download your iOS app, or open it with some data about the user's current state on the website.
 
 ```html
 <meta name="apple-itunes-app" content="app-id=APP_ID,app-argument=SOME_TEXT">
@@ -108,10 +106,9 @@ Microsoft Ajax Content Delivery Network:
 
 ### Further reading about DNS prefetching
 
-* https://developer.mozilla.org/en-US/docs/Controlling_DNS_prefetching
+* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
 * https://dev.chromium.org/developers/design-documents/dns-prefetching
 * https://blogs.msdn.microsoft.com/ie/2011/03/17/internet-explorer-9-network-performance-improvements/
-* http://dayofjs.com/videos/22158462/web-browsers_alex-russel
 
 
 ## Google Universal Analytics
@@ -127,7 +124,7 @@ ga('create', 'UA-XXXXX-X', 'auto'); ga('send', 'pageview');
 ```
 
 To customize further, see Google's [Advanced
-Setup](https://developers.google.com/analytics/devguides/collection/analyticsjs/advanced),
+Setup](https://developers.google.com/analytics/devguides/collection/analyticsjs/),
 [Pageview](https://developers.google.com/analytics/devguides/collection/analyticsjs/pages),
 and [Event](https://developers.google.com/analytics/devguides/collection/analyticsjs/events) Docs.
 
@@ -217,34 +214,12 @@ $(function(){
 
 ## Internet Explorer
 
-### Prompt users to switch to "Desktop Mode" in IE10 Metro
+### IE Pinned Sites
 
-IE10 does not support plugins, such as Flash, in Metro mode. If
-your site requires plugins, you can let users know that via the
-`x-ua-compatible` meta element, which will prompt them to switch
-to Desktop Mode.
-
-```html
-<meta http-equiv="x-ua-compatible" content="requiresActiveX=true">
-```
-
-Here's what it looks like alongside H5BP's default `x-ua-compatible`
-values:
-
-```html
-<meta http-equiv="x-ua-compatible" content="ie=edge,requiresActiveX=true">
-```
-
-You can find more information in [Microsoft's IEBlog post about prompting for
-plugin use in IE10 Metro
-Mode](https://blogs.msdn.microsoft.com/ie/2012/01/31/web-sites-and-a-plug-in-free-web/).
-
-### IE Pinned Sites (IE9+)
-
-Enabling your application for pinning will allow IE9 users to add it to their
+Enabling your application for pinning will allow IE users to add it to their
 Windows Taskbar and Start Menu. This comes with a range of new tools that you
-can easily configure with the elements below. See more [documentation on IE9
-Pinned Sites](https://msdn.microsoft.com/en-us/library/gg131029.aspx).
+can easily configure with the elements below. See more [documentation on IE 
+Pinned Sites](https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/samples/gg491731(v%3dvs.85)).
 
 ### Name the Pinned Site for Windows
 
@@ -277,7 +252,7 @@ track the number of pinned users, like so:
 
 ### Recolor IE's controls manually for a Pinned Site
 
-IE9+ will automatically use the overall color of your Pinned Site's favicon to
+IE will automatically use the overall color of your Pinned Site's favicon to
 shade its browser buttons. UNLESS you give it another color here. Only use
 named colors (`red`) or hex colors (`#ff0000`).
 
@@ -322,13 +297,13 @@ blog](https://blogs.msdn.microsoft.com/ie/2012/06/08/high-quality-visuals-for-pi
 
 ### (Windows 8) Badges for Pinned Sites
 
-IE10 will poll an XML document for badge information to display on your app's
+IE will poll an XML document for badge information to display on your app's
 tile in the Start screen. The user will be able to receive these badge updates
 even when your app isn't actively running. The badge's value can be a number,
 or one of a predefined list of glyphs.
 
 * [Tutorial on IEBlog with link to badge XML schema](https://blogs.msdn.microsoft.com/ie/2012/04/03/pinned-sites-in-windows-8/)
-* [Available badge values](https://msdn.microsoft.com/en-us/library/ie/br212849.aspx)
+* [Available badge values](https://docs.microsoft.com/en-us/uwp/schemas/tiles/badgeschema/element-badge)
 
 ```html
 <meta name="msapplication-badge" value="frequency=NUMBER_IN_MINUTES;polling-uri=https://www.example.com/path/to/file.xml">
@@ -398,18 +373,18 @@ plugin](https://www.google.com/search?ie=UTF-8&q=how+to+make+browser+search+plug
   [visibility](https://webmasters.googleblog.com/2009/05/introducing-rich-snippets.html).
 
 * If you're building a web app you may want [native style momentum scrolling in
-  iOS 5+](http://www.johanbrook.com/articles/native-style-momentum-scrolling-to-arrive-in-ios-5/)
+  iOS 5+](https://www.johanbrook.com/writings/native-style-momentum-scrolling-to-arrive-in-ios-5/)
   using `-webkit-overflow-scrolling: touch`.
 
 * If you want to disable the translation prompt in Chrome or block Google
   Translate from translating your web page, use [`<meta name="google"
-  value="notranslate">`](https://support.google.com/translate/?hl=en#2641276).
+  content="notranslate">`](https://support.google.com/webmasters/answer/79812).
   To disable translation for a particular section of the web page, add
   [`class="notranslate"`](https://support.google.com/translate/?hl=en#2641276).
 
 * If you want to disable the automatic detection and formatting of possible
   phone numbers in Safari on iOS, use [`<meta name="format-detection"
-  content="telephone=no">`](https://developer.apple.com/library/safari/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html/#//apple_ref/doc/uid/TP40008193-SW5).
+  content="telephone=no">`](https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html).
 
 * Avoid development/stage websites "leaking" into SERPs (search engine results
   page) by [implementing X-Robots-tag
@@ -431,7 +406,7 @@ scratch](http://www.rssboard.org/rss-specification)?
 
 Atom is similar to RSS, and you might prefer to use it instead of or in
 addition to it. [See what Atom's all
-about](http://www.atomenabled.org/developers/syndication/).
+about](https://en.wikipedia.org/wiki/Atom_(Web_standard)).
 
 ```html
 <link rel="alternate" type="application/atom+xml" title="Atom" href="/atom.xml">
@@ -447,7 +422,7 @@ attribute should contain the location of your pingback service.
 ```
 
 * High-level explanation: https://codex.wordpress.org/Introduction_to_Blogging#Pingbacks
-* Step-by-step example case: http://www.hixie.ch/specs/pingback/pingback-1.0#TOC5
+* Step-by-step example case: https://www.hixie.ch/specs/pingback/pingback-1.0#TOC5
 * PHP pingback service: https://web.archive.org/web/20131211032834/http://blog.perplexedlabs.com/2009/07/15/xmlrpc-pingbacks-using-php/
 
 
@@ -460,10 +435,10 @@ You can control the information that Facebook and others display when users
 share your site. Below are just the most basic data points you might need. For
 specific content types (including "website"), see [Facebook's built-in Open
 Graph content
-templates](https://developers.facebook.com/docs/opengraph/objects/builtin/).
+templates](https://developers.facebook.com/docs/sharing/opengraph/using-objects).
 Take full advantage of Facebook's support for complex data and activity by
 following the [Open Graph
-tutorial](https://developers.facebook.com/docs/opengraph/tutorial/).
+tutorial](https://developers.facebook.com/docs/sharing/webmasters/getting-started).
 
 For a reference of Open Graph's markup and properties, you may check
 [Facebook's Open Graph Protocol reference](http://ogp.me/). Finally,
@@ -485,12 +460,10 @@ registration to Facebook).
 ### Twitter Cards
 
 Twitter provides a snippet specification that serves a similar purpose to Open
-Graph. In fact, Twitter will use Open Graph when Cards is not available. Note
-that, as of this writing, Twitter requires that app developers activate Cards
-on a per-domain basis. You can read more about the various snippet formats
-and application process in the [official Twitter Cards
-documentation](https://dev.twitter.com/docs/cards), and you can validate
-your markup with the [Card validator](https://cards-dev.twitter.com/validator)
+Graph. In fact, Twitter will use Open Graph when Cards is not available. You 
+can read more about the various snippet formats and application process in the 
+[official Twitter Cards documentation](https://developer.twitter.com/en/docs/tweets/optimize-with-cards/overview/abouts-cards), 
+and you can validate your markup with the [Card validator](https://cards-dev.twitter.com/validator)
 (needs registration to Twitter).
 
 ```html
@@ -512,7 +485,7 @@ of [schema.org's microdata vocabulary](https://schema.org/), which
 covers many other schemas that can describe the content of your pages
 to search engines. For this reason, this metadata is more generic for
 SEO, notably for Google's search-engine, although this vocabulary is
-also used by Microsoft, Pinterest or Yandex.
+also used by Microsoft, Pinterest and Yandex.
 
 You can validate your markup with the [Structured Data Testing
 Tool](https://developers.google.com/structured-data/testing-tool/).
@@ -543,16 +516,6 @@ the cleaner, more accurate `https://www.example.com/cart.html`.
 <link rel="canonical" href="">
 ```
 
-### Official shortlink
-
-Signal to the world "This is the shortened URL to use this page!" Poorly
-supported at this time. Learn more by reading the [article about shortlinks on
-the Microformats wiki](http://microformats.org/wiki/rel-shortlink).
-
-```html
-<link rel="shortlink" href="h5bp.com">
-```
-
 ### Separate mobile URLs
 
 If you use separate URLs for desktop and mobile users, you should consider
@@ -573,8 +536,7 @@ This can be done by adding the following annotations in your HTML pages:
 
 For more information please see:
 
-* https://developers.google.com/webmasters/smartphone-sites/details#separateurls
-* https://developers.google.com/webmasters/smartphone-sites/feature-phones
+* https://developers.google.com/search/mobile-sites/mobile-seo/separate-urls
 
 
 ## Web Apps
@@ -605,39 +567,17 @@ on Apple's site.
 
 ### Apple Touch Icons
 
-The Apple touch icons can be seen as the favicons of iOS devices.
+Apple touch icons are used as icons when a user adds your webapp to the home 
+screen of aniOS devices.
 
-The main sizes of the Apple touch icons are:
-
-* `57×57px` – iPhone with @1x display and iPod Touch
-* `72×72px` – iPad and iPad mini with @1x display running iOS ≤ 6
-* `76×76px` – iPad and iPad mini with @1x display running iOS ≥ 7
-* `114×114px` – iPhone with @2x display running iOS ≤ 6
-* `120×120px` – iPhone with @2x and @3x display running iOS ≥ 7
-* `144×144px` – iPad and iPad mini with @2x display running iOS ≤ 6
-* `152×152px` – iPad and iPad mini with @2x display running iOS 7
-* `180×180px` – iPad and iPad mini with @2x display running iOS 8
-
-Displays meaning:
-
-* @1x - non-Retina
-* @2x - Retina
-* @3x - Retina HD
-
-More information about the displays of iOS devices can be found
-[here](https://en.wikipedia.org/wiki/List_of_iOS_devices#Display).
-
-In most cases, one `180×180px` touch icon named `icon.png`
-and including:
+Though the dimensions of the icon can vary between iOS devices and versions 
+one `180×180px` touch icon named `icon.png` and including the following in 
+the `<head>` of the page is enough:
 
 ```html
 <link rel="apple-touch-icon" href="icon.png">
 ```
 
-in the `<head>` of the page is enough. If you use art-direction and/or
-want to have different content for each device, you can add more touch
-icons as written above.
-
 For a more comprehensive overview, please refer to Mathias' [article on Touch
 Icons](https://mathiasbynens.be/notes/touch-icons).
 
@@ -646,19 +586,14 @@ Icons](https://mathiasbynens.be/notes/touch-icons).
 
 Apart from that it is possible to add start-up screens for web apps on iOS. This
 basically works by defining `apple-touch-startup-image` with an according link
-to the image. Since iOS devices have different screen resolutions it is
+to the image. Since iOS devices have different screen resolutions it maybe
 necessary to add media queries to detect which image to load. Here is an
-example for a retina iPhone:
+example for an iPhone:
 
 ```html
-<link rel="apple-touch-startup-image" media="(max-device-width: 480px) and (-webkit-min-device-pixel-ratio: 2)" href="img/startup-retina.png">
+<link rel="apple-touch-startup-image" media="(max-device-width: 480px) and (-webkit-min-device-pixel-ratio: 2)" href="img/startup.png">
 ```
 
-However, it is possible to detect which start-up image to use with JavaScript.
-The Mobile Boilerplate provides a useful function for this. Please see
-[helpers.js](https://github.com/h5bp/mobile-boilerplate/blob/v4.1.0/js/helper.js#L336-L383)
-for the implementation.
-
 
 ### Chrome Mobile web apps
 
@@ -691,3 +626,15 @@ The `content` attribute extension can take any valid CSS color.
 
 Currently, the `theme-color` meta extension is supported by [Chrome 39+
 for Android Lollipop](https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android).
+
+
+## security.txt
+
+When security risks in web services are discovered by users they often lack the
+channels to disclose them properly. As a result, security issues may be left unreported. 
+
+Security.txt defines a standard to help organizations define the process for 
+users to disclose security vulnerabilities securely. Include a text
+file on your server at `.well-known/security.txt` with the relevant contact details.
+
+Check [https://securitytxt.org/](https://securitytxt.org/) for more details.

dist/doc/faq.md

@@ -30,14 +30,9 @@ reinforces that scripts at the bottom are the right move. (Usually I
 concatenate and minify all my scripts into one .js file — the GA snippet being
 the suffix.)
 
-### How can I integrate [Bootstrap](https://getbootstrap.com/) with HTML5 Boilerplate?
-
-Here's Nicolas Gallagher writing about how [HTML5 Boilerplate and Bootstrap complement each
-other](https://www.quora.com/Is-Bootstrap-a-complement-or-an-alternative-to-HTML5-Boilerplate-or-viceversa/answer/Nicolas-Gallagher).
-
 ### Do I need to upgrade my site each time a new version of HTML5 Boilerplate is released?
 
-No, same as you don't normally replace the foundation of a house once it
+No, just as you don't normally replace the foundation of a house once it
 was built. However, there is nothing stopping you from trying to work in the
 latest changes, but you'll have to assess the costs/benefits of doing so.
 

dist/doc/html.md

@@ -7,7 +7,7 @@ By default, HTML5 Boilerplate provides two `html` pages:
 
 * [`index.html`](#indexhtml) - a default HTML skeleton that should form the
   basis of all pages on your website
-* [`404.html`](#404html) - a placeholder 404 error page
+* `404.html` - a placeholder 404 error page
 
 
 ## `index.html`
@@ -23,7 +23,7 @@ FOUC](https://www.paulirish.com/2009/avoiding-the-fouc-v3/).
 
 ## Language Attribute
 
-Please consider specifying the language of your content by adding a [value](http://www.iana.org/assignments/language-subtag-registry/language-subtag-registry) to the `lang`
+Please consider specifying the language of your content by adding a [value](https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry) to the `lang`
 attribute in the `<html>` as in this example:
 
 ```html
@@ -32,71 +32,12 @@ attribute in the `<html>` as in this example:
 
 ### The order of the `<title>` and `<meta>` tags
 
-The order in which the `<title>` and the `<meta>` tags are specified is
-important because:
-
-1) the charset declaration (`<meta charset="utf-8">`):
-
-   * must be included completely within the [first 1024 bytes of the
-     document](https://www.whatwg.org/specs/web-apps/current-work/multipage/semantics.html#charset)
-
-   * should be specified as early as possible (before any content that could
-     be controlled by an attacker, such as a `<title>` element) in order to
-     avoid a potential [encoding-related security
-     issue](https://code.google.com/p/doctype-mirror/wiki/ArticleUtf7) in
-     Internet Explorer
-
-2) the meta tag for compatibility mode
-   (`<meta http-equiv="x-ua-compatible" content="ie=edge">`):
-
-   * [needs to be included before all other tags except for the `<title>` and
-     the other `<meta>`
-     tags](https://msdn.microsoft.com/en-us/library/cc288325.aspx)
-
-
-### `x-ua-compatible`
-
-Internet Explorer 8/9/10 support [document compatibility
-modes](https://msdn.microsoft.com/en-us/library/cc288325.aspx) that affect the
-way webpages are interpreted and displayed. Because of this, even if your site's
-visitor is using, let's say, Internet Explorer 9, it's possible that IE will not
-use the latest rendering engine, and instead, decide to render your page using
-the Internet Explorer 5.5 rendering engine.
-
-Specifying the `x-ua-compatible` meta tag:
-
-```html
-<meta http-equiv="x-ua-compatible" content="ie=edge">
-```
-
-or sending the page with the following HTTP response header
-
-```
-X-UA-Compatible: IE=edge
-```
-
-will force Internet Explorer 8/9/10 to render the webpage in the highest
-available mode in [the various cases when it may
-not](https://hsivonen.fi/doctype/#ie8), and therefore, ensure that anyone
-browsing your site is treated to the best possible user experience that
-browser can offer.
-
-If possible, we recommend that you remove the `meta` tag and send only the
-HTTP response header as the `meta` tag will not always work if your site is
-served on a non-standard port, as Internet Explorer's preference option
-`Display intranet sites in Compatibility View` is checked by default.
-
-If you are using Apache as your webserver, including the
-[`.htaccess`](https://github.com/h5bp/server-configs-apache) file takes care of
-the HTTP header. If you are using a different server, check out our [other
-server config](https://github.com/h5bp/server-configs).
-
-Starting with Internet Explorer 11, [document modes are
-deprecated](https://msdn.microsoft.com/library/bg182625.aspx#docmode).
-If your business still relies on older web apps and services that were
-designed for older versions of Internet Explorer, you might want to consider
-enabling [Enterprise Mode](https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/) throughout your company.
-
+The charset declaration (`<meta charset="utf-8">`) must be included completely 
+within the [first 1024 bytes of the document](https://www.whatwg.org/specs/web-apps/current-work/multipage/semantics.html#charset)
+and should be specified as early as possible (before any content that could
+be controlled by an attacker, such as a `<title>` element) in order to avoid a 
+potential [encoding-related security issue](https://code.google.com/archive/p/doctype-mirror/wikis/ArticleUtf7.wiki)
+in Internet Explorer
 
 ## Meta Description
 
@@ -108,20 +49,27 @@ shown in the search results.
 <meta name="description" content="This is a description">
 ```
 
+Google's [Create good meta descriptions](https://support.google.com/webmasters/answer/35624?hl=en#meta-descriptions)
+documentation has useful tips on creating an effective description.
 
 ## Mobile Viewport
 
 There are a few different options that you can use with the [`viewport` meta
 tag](https://docs.google.com/present/view?id=dkx3qtm_22dxsrgcf4 "Viewport and
 Media Queries - The Complete Idiot's Guide"). You can find out more in [the
-Apple developer docs](https://developer.apple.com/library/safari/documentation/AppleApplications/Reference/SafariWebContent/UsingtheViewport/UsingtheViewport.html).
+MDN Web Docs](https://developer.mozilla.org/en-US/docs/Mozilla/Mobile/Viewport_meta_tag).
 HTML5 Boilerplate comes with a simple setup that strikes a good balance for general use cases.
 
 ```html
 <meta name="viewport" content="width=device-width, initial-scale=1">
 ```
 
+If you want to take advantage of edge-to-edge displays of iPhone X/XS/XR you can do
+so with additional viewport parameters. [Check the WebKit blog](https://webkit.org/blog/7929/designing-websites-for-iphone-x/) 
+for details.
+
 ## Web App Manifest
+
 HTML5 Boilerplate includes a simple web app manifest file. 
 
 The web app manifest is a simple JSON file that allows you to control how your 
@@ -132,7 +80,7 @@ control over the UI of a saved site or web app on a mobile device.
 It's linked to from the HTML as follows:
 
 ```html
-        <link rel="manifest" href="site.webmanifest">
+<link rel="manifest" href="site.webmanifest">
 ```
 Our [site.webmanifest](https://github.com/h5bp/html5-boilerplate/blob/master/src/site.webmanifest) contains a very skeletal "app" definition, just to show the basic usage. 
 You should fill this file out with [more information about your site or application](https://developer.mozilla.org/en-US/docs/Web/Manifest)
@@ -156,8 +104,8 @@ web app development.
 ### Browser Upgrade Prompt
 
 The main content area of the boilerplate includes a prompt to install an up to
-date browser for users of IE 8 and lower. If you intended to support IE 8, then you
-should remove the snippet of code.
+date browser for users of IE 9 and lower. If you intended to support IE, then you
+should edit or remove the snippet of code.
 
 ## Modernizr
 
@@ -176,14 +124,14 @@ Starting with version 3 Modernizr can be customized using the [modernizr-config.
 
 If you need to include [polyfills](https://remysharp.com/2010/10/08/what-is-a-polyfill)
 in your project, you must make sure those load before any other JavaScript. If you're
-using some polyfill CDN service, like [cdn.polyfill.io](https://cdn.polyfill.io/),
+using a polyfill CDN service, like [cdn.polyfill.io](https://cdn.polyfill.io/),
 just put it before the other scripts in the bottom of the page:
 
 ```html
-    <script src="js/vendor/modernizr-3.5.0.min.js"></script>
-    <script src="https://cdn.polyfill.io/v2/polyfill.min.js"></script>
-    <script src="https://code.jquery.com/jquery-3.2.1.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
-    <script>window.jQuery || document.write('<script src="js/vendor/jquery-3.2.1.min.js"><\/script>')</script>
+    <script src="js/vendor/modernizr-3.7.1.min.js"></script>
+    <script src="https://cdn.polyfill.io/v3/polyfill.min.js"></script>
+    <script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
+    <script>window.jQuery || document.write('<script src="js/vendor/jquery-3.4.1.min.js"><\/script>')</script>
     <script src="js/plugins.js"></script>
     <script src="js/main.js"></script>
 </body>
@@ -193,7 +141,7 @@ If you like to just include the polyfills yourself, you could include them in
 `js/plugins.js`. When you have a bunch of polyfills to load in, you could
 also create a `polyfills.js` file in the `js/vendor` directory or include the files 
 individually and combine them using a build tool. Always ensure that the polyfills 
-are all loaded before any other Javascript.
+are all loaded before any other JavaScript.
 
 There are some misconceptions about Modernizr and polyfills. It's important
 to understand that Modernizr just handles feature checking, not polyfilling
@@ -217,7 +165,7 @@ the Google Hosted version over the jQuery CDN because it was available
 over HTTPS (the jQuery CDN was not,) and it offered a better chance of
 hitting the cache lottery owing to the popularity of the Google CDN.
 The first issue is no longer valid and the second is far outweighed by
-being able to serve jQuery to Chinese users.
+being able to serve jQuery to users in China.
 
 While the jQuery CDN is a strong default solution your site or application may
 require a different configuration. Testing your site with services like
@@ -229,22 +177,29 @@ site or application.
 ### Google Universal Analytics Tracking Code
 
 Finally, an optimized version of the Google Universal Analytics tracking code is
-included. Google recommends that this script be placed at the top of the page.
+included.
+
+We use `analytics.js` rather than the newer `gtag.js` as 
+[it's faster and supports tasks and plugins](https://github.com/philipwalton/analyticsjs-boilerplate/issues/19#issuecomment-333714370)
+
+The beacon transport mechanism is used to send all hits [which saves HTTP requests and improves performance](https://philipwalton.com/articles/the-google-analytics-setup-i-use-on-every-site-i-build/#loading-analytics.js).
+
+Google recommends that this script be placed at the top of the page.
 Factors to consider: if you place this script at the top of the page, you’ll
 be able to count users who don’t fully load the page, and you’ll incur the max
 number of simultaneous connections of the browser.
 
 Further information:
 
-* [Optimizing the Google Universal Analytics
-  Snippet](https://mathiasbynens.be/notes/async-analytics-snippet#universal-analytics)
-* [Introduction to
+- [Introduction to
   Analytics.js](https://developers.google.com/analytics/devguides/collection/analyticsjs/)
-* [Google Analytics Demos & Tools](https://ga-dev-tools.appspot.com/)
+- [Google Analytics Demos & Tools](https://ga-dev-tools.appspot.com/)
 
-**N.B.** The Google Universal Analytics snippet is included by default mainly
+**N.B.** The Google Analytics snippet is included by default mainly
 because Google Analytics is [currently one of the most popular tracking
 solutions](https://trends.builtwith.com/analytics/Google-Analytics) out there.
 However, its usage isn't set in stone, and you SHOULD consider exploring the
 [alternatives](https://en.wikipedia.org/wiki/List_of_web_analytics_software)
-and use whatever suits your needs best!
+and use whatever suits your needs best.
+
+

dist/doc/misc.md

@@ -7,6 +7,7 @@ table of contents](TOC.md)
 * [.editorconfig](#editorconfig)
 * [Server Configuration](#server-configuration)
 * [robots.txt](#robotstxt)
+* [humans.txt](#humanstxt)
 * [browserconfig.xml](#browserconfigxml)
 
 --
@@ -41,21 +42,21 @@ your team define and maintain consistent coding styles between different
 editors and IDEs.
 
 By default, `.editorconfig` includes some basic
-[properties](http://editorconfig.org/#supported-properties) that reflect the
+[properties](https://editorconfig.org/#supported-properties) that reflect the
 coding styles from the files provided by default, but you can easily change
 them to better suit your needs.
 
 In order for your editor/IDE to apply the
-[properties](http://editorconfig.org/#supported-properties) from the
+[properties](https://editorconfig.org/#supported-properties) from the
 `.editorconfig` file, you may need to [install a
-plugin]( http://editorconfig.org/#download).
+plugin]( https://editorconfig.org/#download).
 
 __N.B.__ If you aren't using the server configurations provided by HTML5
 Boilerplate, we highly encourage you to configure your server to block
 access to `.editorconfig` files, as they can disclose sensitive information!
 
 For more details, please refer to the [EditorConfig
-project](http://editorconfig.org/).
+project](https://editorconfig.org/).
 
 
 ## Server Configuration
@@ -139,6 +140,20 @@ For more information about `robots.txt`, please see:
   * [robotstxt.org](http://www.robotstxt.org/)
   * [How Google handles the `robots.txt` file](https://developers.google.com/webmasters/control-crawl-index/docs/robots_txt)
 
+## humans.txt
+
+The `humans.txt` file is used to provide information about people involved with
+the website.
+
+The provided file contains three sections:
+
+  * `TEAM` - this is intended to list the group of people responsible for the website
+  * `THANKS` - this is intended to list the group of people that have contributed
+  to the website
+  * `TECHNOLOGY COLOPHON` - the section lists technologies used to make the website
+  
+For more information about `humans.txt`, please see: http://humanstxt.org/
+
 
 ## browserconfig.xml
 
@@ -155,4 +170,4 @@ By default, the file points to 2 placeholder tile images:
 Notice that IE11 uses the same images when adding a site to the `favorites`.
 
 For more in-depth information about the `browserconfig.xml` file, please
-see [MSDN](https://msdn.microsoft.com/library/dn320426.aspx).
+see [MSDN](https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/dn320426(v=vs.85)).

dist/doc/usage.md

@@ -18,7 +18,7 @@ serve as the foundation for whatever you're interested in building.
 
 Even the basic use-case of a simple static site can be enhanced by manipulating
 the code through an automated build process. Moving up in complexity HTML5
-Boilerplate can be be integrated with whatever front-end framework, CMS or
+Boilerplate can be integrated with whatever front-end framework, CMS or
 e-commerce platform you're working with. Mix-and-match to your heart's content.
 Use what you need (toss it in a blender if you need to) and discard the rest.
 HTML5 Boilerplate is a starting point, not a destination.
@@ -92,7 +92,7 @@ A helpful custom 404 to get you started.
 This file contains all settings regarding custom tiles for IE11 and Edge.
 
 For more info on this topic, please refer to
-[MSDN](https://msdn.microsoft.com/library/dn455106.aspx).
+[Microsoft's Docs](https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/dn320426(v=vs.85)).
 
 ### .editorconfig
 

dist/index.html

@@ -1,37 +1,41 @@
 <!doctype html>
 <html class="no-js" lang="">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title></title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
 
-        <link rel="manifest" href="site.webmanifest">
-        <link rel="apple-touch-icon" href="icon.png">
-        <!-- Place favicon.ico in the root directory -->
+<head>
+  <meta charset="utf-8">
+  <title></title>
+  <meta name="description" content="">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
 
-        <link rel="stylesheet" href="css/normalize.css">
-        <link rel="stylesheet" href="css/main.css">
-    </head>
-    <body>
-        <!--[if lte IE 9]>
-            <p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="https://browsehappy.com/">upgrade your browser</a> to improve your experience and security.</p>
-        <![endif]-->
+  <link rel="manifest" href="site.webmanifest">
+  <link rel="apple-touch-icon" href="icon.png">
+  <!-- Place favicon.ico in the root directory -->
 
-        <!-- Add your site or application content here -->
-        <p>Hello world! This is HTML5 Boilerplate.</p>
-        <script src="js/vendor/modernizr-3.5.0.min.js"></script>
-        <script src="https://code.jquery.com/jquery-3.2.1.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
-        <script>window.jQuery || document.write('<script src="js/vendor/jquery-3.2.1.min.js"><\/script>')</script>
-        <script src="js/plugins.js"></script>
-        <script src="js/main.js"></script>
+  <link rel="stylesheet" href="css/normalize.css">
+  <link rel="stylesheet" href="css/main.css">
+
+  <meta name="theme-color" content="#fafafa">
+</head>
+
+<body>
+  <!--[if IE]>
+    <p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="https://browsehappy.com/">upgrade your browser</a> to improve your experience and security.</p>
+  <![endif]-->
+
+  <!-- Add your site or application content here -->
+  <p>Hello world! This is HTML5 Boilerplate.</p>
+  <script src="js/vendor/modernizr-3.7.1.min.js"></script>
+  <script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
+  <script>window.jQuery || document.write('<script src="js/vendor/jquery-3.4.1.min.js"><\/script>')</script>
+  <script src="js/plugins.js"></script>
+  <script src="js/main.js"></script>
+
+  <!-- Google Analytics: change UA-XXXXX-Y to be your site's ID. -->
+  <script>
+    window.ga = function () { ga.q.push(arguments) }; ga.q = []; ga.l = +new Date;
+    ga('create', 'UA-XXXXX-Y', 'auto'); ga('set','transport','beacon'); ga('send', 'pageview')
+  </script>
+  <script src="https://www.google-analytics.com/analytics.js" async></script>
+</body>
 
-        <!-- Google Analytics: change UA-XXXXX-Y to be your site's ID. -->
-        <script>
-            window.ga=function(){ga.q.push(arguments)};ga.q=[];ga.l=+new Date;
-            ga('create','UA-XXXXX-Y','auto');ga('send','pageview')
-        </script>
-        <script src="https://www.google-analytics.com/analytics.js" async defer></script>
-    </body>
 </html>

dist/js/plugins.js

@@ -1,24 +1,24 @@
 // Avoid `console` errors in browsers that lack a console.
 (function() {
-    var method;
-    var noop = function () {};
-    var methods = [
-        'assert', 'clear', 'count', 'debug', 'dir', 'dirxml', 'error',
-        'exception', 'group', 'groupCollapsed', 'groupEnd', 'info', 'log',
-        'markTimeline', 'profile', 'profileEnd', 'table', 'time', 'timeEnd',
-        'timeline', 'timelineEnd', 'timeStamp', 'trace', 'warn'
-    ];
-    var length = methods.length;
-    var console = (window.console = window.console || {});
+  var method;
+  var noop = function () {};
+  var methods = [
+    'assert', 'clear', 'count', 'debug', 'dir', 'dirxml', 'error',
+    'exception', 'group', 'groupCollapsed', 'groupEnd', 'info', 'log',
+    'markTimeline', 'profile', 'profileEnd', 'table', 'time', 'timeEnd',
+    'timeline', 'timelineEnd', 'timeStamp', 'trace', 'warn'
+  ];
+  var length = methods.length;
+  var console = (window.console = window.console || {});
 
-    while (length--) {
-        method = methods[length];
+  while (length--) {
+    method = methods[length];
 
-        // Only stub undefined methods.
-        if (!console[method]) {
-            console[method] = noop;
-        }
+    // Only stub undefined methods.
+    if (!console[method]) {
+      console[method] = noop;
     }
+  }
 }());
 
 // Place any jQuery/helper plugins in here.

dist/site.webmanifest

@@ -1,8 +1,12 @@
 {
-    "icons": [{
-        "src": "icon.png",
-        "sizes": "192x192",
-        "type": "image/png"
-    }],
-    "start_url": "/"
+  "short_name": "",
+  "name": "",
+  "icons": [{
+    "src": "icon.png",
+    "type": "image/png",
+    "sizes": "192x192"
+  }],
+  "start_url": "/?utm_source=homescreen",
+  "background_color": "#fafafa",
+  "theme_color": "#fafafa"
 }

gulpfile.babel.js

@@ -14,7 +14,7 @@ import runSequence from 'run-sequence';
 import archiver from 'archiver';
 import glob from 'glob';
 import del from 'del';
-import sri from 'node-sri';
+import ssri from 'ssri';
 import modernizr from 'modernizr';
 
 import pkg from './package.json';
@@ -28,149 +28,147 @@ const dirs = pkg['h5bp-configs'].directories;
 // ---------------------------------------------------------------------
 
 gulp.task('archive:create_archive_dir', () => {
-    fs.mkdirSync(path.resolve(dirs.archive), '0755');
+  fs.mkdirSync(path.resolve(dirs.archive), '0755');
 });
 
 gulp.task('archive:zip', (done) => {
 
-    const archiveName = path.resolve(dirs.archive, `${pkg.name}_v${pkg.version}.zip`);
-    const zip = archiver('zip');
-    const files = glob.sync('**/*.*', {
-        'cwd': dirs.dist,
-        'dot': true // include hidden files
-    });
-    const output = fs.createWriteStream(archiveName);
+  const archiveName = path.resolve(dirs.archive, `${pkg.name}_v${pkg.version}.zip`);
+  const zip = archiver('zip');
+  const files = glob.sync('**/*.*', {
+    'cwd': dirs.dist,
+    'dot': true // include hidden files
+  });
+  const output = fs.createWriteStream(archiveName);
 
-    zip.on('error', (error) => {
-        done();
-        throw error;
+  zip.on('error', (error) => {
+    done();
+    throw error;
+  });
+
+  output.on('close', done);
+
+  files.forEach((file) => {
+
+    const filePath = path.resolve(dirs.dist, file);
+
+    // `zip.bulk` does not maintain the file
+    // permissions, so we need to add files individually
+    zip.append(fs.createReadStream(filePath), {
+      'name': file,
+      'mode': fs.statSync(filePath).mode
     });
 
-    output.on('close', done);
+  });
 
-    files.forEach( (file) => {
-
-        const filePath = path.resolve(dirs.dist, file);
-
-        // `zip.bulk` does not maintain the file
-        // permissions, so we need to add files individually
-        zip.append(fs.createReadStream(filePath), {
-            'name': file,
-            'mode': fs.statSync(filePath).mode
-        });
-
-    });
-
-    zip.pipe(output);
-    zip.finalize();
+  zip.pipe(output);
+  zip.finalize();
 
 });
 
 gulp.task('clean', (done) => {
-    del([
-        dirs.archive,
-        dirs.dist
-    ]).then( () => {
-        done();
-    });
+  del([
+    dirs.archive,
+    dirs.dist
+  ]).then(() => {
+    done();
+  });
 });
 
 gulp.task('copy', [
-    'copy:.htaccess',
-    'copy:index.html',
-    'copy:jquery',
-    'copy:license',
-    'copy:main.css',
-    'copy:misc',
-    'copy:normalize'
+  'copy:.htaccess',
+  'copy:index.html',
+  'copy:jquery',
+  'copy:license',
+  'copy:main.css',
+  'copy:misc',
+  'copy:normalize'
 ]);
 
 gulp.task('copy:.htaccess', () =>
-    gulp.src('node_modules/apache-server-configs/dist/.htaccess')
-        .pipe(plugins().replace(/# ErrorDocument/g, 'ErrorDocument'))
-        .pipe(gulp.dest(dirs.dist))
+  gulp.src('node_modules/apache-server-configs/dist/.htaccess')
+    .pipe(plugins().replace(/# ErrorDocument/g, 'ErrorDocument'))
+    .pipe(gulp.dest(dirs.dist))
 );
 
-gulp.task('copy:index.html', (done) =>
-    sri.hash('node_modules/jquery/dist/jquery.min.js', (err, hash) => {
-        if (err) throw err
+gulp.task('copy:index.html', () => {
+  const hash = ssri.fromData(
+    fs.readFileSync('node_modules/jquery/dist/jquery.min.js'),
+    {algorithms: ['sha256']}
+  );
+  let version = pkg.devDependencies.jquery;
+  let modernizrVersion = pkg.devDependencies.modernizr;
 
-        let version = pkg.devDependencies.jquery;
-        let modernizrVersion = pkg.devDependencies.modernizr;
-        gulp.src(`${dirs.src}/index.html`)
-            .pipe(plugins().replace(/{{JQUERY_VERSION}}/g, version))
-            .pipe(plugins().replace(/{{MODERNIZR_VERSION}}/g, modernizrVersion))
-            .pipe(plugins().replace(/{{JQUERY_SRI_HASH}}/g, hash))
-            .pipe(gulp.dest(dirs.dist));
-        done();
-    })
-);
+  gulp.src(`${dirs.src}/index.html`)
+    .pipe(plugins().replace(/{{JQUERY_VERSION}}/g, version))
+    .pipe(plugins().replace(/{{MODERNIZR_VERSION}}/g, modernizrVersion))
+    .pipe(plugins().replace(/{{JQUERY_SRI_HASH}}/g, hash.toString()))
+    .pipe(gulp.dest(dirs.dist));
+});
 
 gulp.task('copy:jquery', () =>
-    gulp.src(['node_modules/jquery/dist/jquery.min.js'])
-        .pipe(plugins().rename(`jquery-${pkg.devDependencies.jquery}.min.js`))
-        .pipe(gulp.dest(`${dirs.dist}/js/vendor`))
+  gulp.src(['node_modules/jquery/dist/jquery.min.js'])
+    .pipe(plugins().rename(`jquery-${pkg.devDependencies.jquery}.min.js`))
+    .pipe(gulp.dest(`${dirs.dist}/js/vendor`))
 );
 
 gulp.task('copy:license', () =>
-    gulp.src('LICENSE.txt')
-        .pipe(gulp.dest(dirs.dist))
+  gulp.src('LICENSE.txt')
+    .pipe(gulp.dest(dirs.dist))
 );
 
 gulp.task('copy:main.css', () => {
+  const banner = `/*! HTML5 Boilerplate v${pkg.version} | ${pkg.license} License | ${pkg.homepage} */\n\n`;
 
-    const banner = `/*! HTML5 Boilerplate v${pkg.version} | ${pkg.license} License | ${pkg.homepage} */\n\n`;
-
-    gulp.src(`${dirs.src}/css/main.css`)
-        .pipe(plugins().header(banner))
-        .pipe(plugins().autoprefixer({
-            browsers: ['last 2 versions', 'ie >= 9', '> 1%'],
-            cascade: false
-        }))
-        .pipe(gulp.dest(`${dirs.dist}/css`));
+  gulp.src(`node_modules/main.css/dist/main.css`)
+    .pipe(plugins().header(banner))
+    .pipe(plugins().autoprefixer({
+      browsers: ['last 2 versions', 'ie >= 9', '> 1%'],
+      cascade: false
+    }))
+    .pipe(gulp.dest(`${dirs.dist}/css`));
 });
 
 gulp.task('copy:misc', () =>
-    gulp.src([
+  gulp.src([
 
-        // Copy all files
-        `${dirs.src}/**/*`,
+    // Copy all files
+    `${dirs.src}/**/*`,
 
-        // Exclude the following files
-        // (other tasks will handle the copying of these files)
-        `!${dirs.src}/css/main.css`,
-        `!${dirs.src}/index.html`
+    // Exclude the following files
+    // (other tasks will handle the copying of these files)
+    `!${dirs.src}/css/main.css`,
+    `!${dirs.src}/index.html`
 
-    ], {
+  ], {
 
-        // Include hidden files by default
-        dot: true
+    // Include hidden files by default
+    dot: true
 
-    }).pipe(gulp.dest(dirs.dist))
+  }).pipe(gulp.dest(dirs.dist))
 );
 
 gulp.task('copy:normalize', () =>
-    gulp.src('node_modules/normalize.css/normalize.css')
-        .pipe(gulp.dest(`${dirs.dist}/css`))
+  gulp.src('node_modules/normalize.css/normalize.css')
+    .pipe(gulp.dest(`${dirs.dist}/css`))
 );
 
-gulp.task( 'modernizr', (done) =>{
+gulp.task('modernizr', (done) =>{
 
-    modernizr.build(modernizrConfig, (code) => {
-        fs.writeFile(`${dirs.dist}/js/vendor/modernizr-${pkg.devDependencies.modernizr}.min.js`, code, done);
-    });
+  modernizr.build(modernizrConfig, (code) => {
+    fs.writeFile(`${dirs.dist}/js/vendor/modernizr-${pkg.devDependencies.modernizr}.min.js`, code, done);
+  });
 
 });
 
 gulp.task('lint:js', () =>
-    gulp.src([
-        'gulpfile.js',
-        `${dirs.src}/js/*.js`,
-        `${dirs.test}/*.js`
-    ]).pipe(plugins().jscs())
-      .pipe(plugins().jshint())
-      .pipe(plugins().jshint.reporter('jshint-stylish'))
-      .pipe(plugins().jshint.reporter('fail'))
+  gulp.src([
+    'gulpfile.js',
+    `${dirs.src}/js/*.js`,
+    `${dirs.test}/*.js`
+  ]).pipe(plugins().jscs())
+    .pipe(plugins().eslint())
+    .pipe(plugins().eslint.failOnError())
 );
 
 
@@ -179,18 +177,18 @@ gulp.task('lint:js', () =>
 // ---------------------------------------------------------------------
 
 gulp.task('archive', (done) => {
-    runSequence(
-        'build',
-        'archive:create_archive_dir',
-        'archive:zip',
-    done)
+  runSequence(
+    'build',
+    'archive:create_archive_dir',
+    'archive:zip',
+    done);
 });
 
 gulp.task('build', (done) => {
-    runSequence(
-        ['clean', 'lint:js'],
-        'copy', 'modernizr',
-    done)
+  runSequence(
+    ['clean', 'lint:js'],
+    'copy', 'modernizr',
+    done);
 });
 
 gulp.task('default', ['build']);

package.json

@@ -1,39 +1,39 @@
 {
   "devDependencies": {
-    "@alrra/travis-scripts": "^3.0.1",
-    "apache-server-configs": "2.14.0",
-    "archiver": "^2.0.0",
-    "babel-core": "^6.25.0",
-    "babel-preset-es2015": "^6.18.0",
-    "babel-register": "^6.8.0",
-    "del": "^3.0.0",
-    "glob": "^7.1.2",
+    "apache-server-configs": "^3.2.1",
+    "archiver": "^3.0.0",
+    "babel-core": "^6.26.3",
+    "babel-preset-env": "^1.7.0",
+    "babel-register": "^6.26.0",
+    "del": "^4.1.1",
+    "eslint": "^5.16.0",
+    "eslint-config-recommended": "^4.0.0",
+    "eslint-plugin-mocha": "^5.3.0",
+    "glob": "^7.1.4",
     "gulp": "^3.9.1",
-    "gulp-autoprefixer": "^3.1.1",
-    "gulp-header": "^1.8.8",
-    "gulp-jscs": "^4.0.0",
-    "gulp-jshint": "^2.0.4",
-    "gulp-load-plugins": "^1.5.0",
-    "gulp-rename": "^1.2.2",
-    "gulp-replace": "^0.6.1",
-    "jquery": "3.2.1",
-    "jshint": "^2.9.5",
-    "jshint-stylish": "^2.2.1",
-    "mocha": "^3.2.0",
-    "modernizr": "3.5.0",
-    "node-sri": "^1.1.1",
-    "normalize.css": "7.0.0",
-    "run-sequence": "^2.0.0",
-    "strip-json-comments": "^2.0.1",
-    "travis-after-all": "^1.4.5"
+    "gulp-autoprefixer": "^6.1.0",
+    "gulp-eslint": "^5.0.0",
+    "gulp-header": "^2.0.7",
+    "gulp-jscs": "^4.1.0",
+    "gulp-load-plugins": "^1.6.0",
+    "gulp-rename": "^1.4.0",
+    "gulp-replace": "^1.0.0",
+    "jquery": "3.4.1",
+    "main.css": "2.0.0",
+    "mocha": "^5.2.0",
+    "modernizr": "3.7.1",
+    "normalize.css": "8.0.1",
+    "run-sequence": "^2.2.1",
+    "ssri": "^6.0.1",
+    "strip-json-comments": "^2.0.1"
   },
   "engines": {
-    "node": ">=4",
+    "node": ">=6",
     "npm": ">=3"
   },
   "babel": {
     "presets": [
-      "es2015"
+      "env"
     ]
   },
   "h5bp-configs": {
@@ -49,9 +49,9 @@
   "name": "html5-boilerplate",
   "scripts": {
     "build": "gulp build",
-    "test": "gulp archive && mocha --compilers js:babel-register --reporter spec --timeout 5000"
+    "test": "gulp archive && mocha --require babel-core/register --reporter spec --timeout 5000"
   },
-  "version": "6.0.0",
+  "version": "7.2.0",
   "description": "A professional front-end template for building fast, robust, and adaptable web apps or sites.",
   "files": [
     "CHANGELOG.md",
@@ -61,8 +61,8 @@
     "modernizr-config.json",
     "README.md"
   ],
-  "repository" : {
-    "type" : "git",
-    "url" : "https://github.com/h5bp/html5-boilerplate.git"
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/h5bp/html5-boilerplate.git"
   }
 }

src/.editorconfig

@@ -4,7 +4,7 @@ root = true
 
 [*]
 charset = utf-8
-indent_size = 4
+indent_size = 2
 indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true

src/.gitattributes

@@ -46,8 +46,8 @@
 *.xhtml    text
 
 ## DOCKER
-*.dockerignore    text
-Dockerfile    text
+*.dockerignore text
+Dockerfile     text
 
 ## DOCUMENTATION
 *.markdown   text
@@ -91,31 +91,33 @@ TODO         text
 *.twig       text
 
 ## LINTERS
+.babelrc      text
 .csslintrc    text
 .eslintrc     text
 .htmlhintrc   text
 .jscsrc       text
 .jshintrc     text
 .jshintignore text
+.prettierrc   text
 .stylelintrc  text
 
 ## CONFIGS
-*.bowerrc      text
-*.cnf          text
-*.conf         text
-*.config       text
-.browserslistrc    text
-.editorconfig  text
-.gitattributes text
-.gitconfig     text
-.gitignore     text
-.htaccess      text
-*.npmignore    text
-*.yaml         text
-*.yml          text
-browserslist   text
-Makefile       text
-makefile       text
+*.bowerrc       text
+*.cnf           text
+*.conf          text
+*.config        text
+.browserslistrc text
+.editorconfig   text
+.gitattributes  text
+.gitconfig      text
+.gitignore      text
+.htaccess       text
+*.npmignore     text
+*.yaml          text
+*.yml           text
+browserslist    text
+Makefile        text
+makefile        text
 
 ## HEROKU
 Procfile    text

src/css/main.css

@@ -1,280 +0,0 @@
-/*
- * What follows is the result of much research on cross-browser styling.
- * Credit left inline and big thanks to Nicolas Gallagher, Jonathan Neal,
- * Kroc Camen, and the H5BP dev community and team.
- */
-
-/* ==========================================================================
-   Base styles: opinionated defaults
-   ========================================================================== */
-
-html {
-    color: #222;
-    font-size: 1em;
-    line-height: 1.4;
-}
-
-/*
- * Remove text-shadow in selection highlight:
- * https://twitter.com/miketaylr/status/12228805301
- *
- * Vendor-prefixed and regular ::selection selectors cannot be combined:
- * https://stackoverflow.com/a/16982510/7133471
- *
- * Customize the background color to match your design.
- */
-
-::selection {
-    background: #b3d4fc;
-    text-shadow: none;
-}
-
-/*
- * A better looking default horizontal rule
- */
-
-hr {
-    display: block;
-    height: 1px;
-    border: 0;
-    border-top: 1px solid #ccc;
-    margin: 1em 0;
-    padding: 0;
-}
-
-/*
- * Remove the gap between audio, canvas, iframes,
- * images, videos and the bottom of their containers:
- * https://github.com/h5bp/html5-boilerplate/issues/440
- */
-
-audio,
-canvas,
-iframe,
-img,
-svg,
-video {
-    vertical-align: middle;
-}
-
-/*
- * Remove default fieldset styles.
- */
-
-fieldset {
-    border: 0;
-    margin: 0;
-    padding: 0;
-}
-
-/*
- * Allow only vertical resizing of textareas.
- */
-
-textarea {
-    resize: vertical;
-}
-
-/* ==========================================================================
-   Browser Upgrade Prompt
-   ========================================================================== */
-
-.browserupgrade {
-    margin: 0.2em 0;
-    background: #ccc;
-    color: #000;
-    padding: 0.2em 0;
-}
-
-/* ==========================================================================
-   Author's custom styles
-   ========================================================================== */
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-/* ==========================================================================
-   Helper classes
-   ========================================================================== */
-
-/*
- * Hide visually and from screen readers
- */
-
-.hidden {
-    display: none !important;
-}
-
-/*
- * Hide only visually, but have it available for screen readers:
- * https://snook.ca/archives/html_and_css/hiding-content-for-accessibility
- *
- * 1. For long content, line feeds are not interpreted as spaces and small width
- *    causes content to wrap 1 word per line:
- *    https://medium.com/@jessebeach/beware-smushed-off-screen-accessible-text-5952a4c2cbfe
- */
-
-.visuallyhidden {
-    border: 0;
-    clip-path: inset(50%);
-    display: inline-block;
-    height: 1px;
-    margin: -1px;
-    overflow: hidden;
-    padding: 0;
-    width: 1px;
-    white-space: nowrap; /* 1 */
-}
-
-/*
- * Extends the .visuallyhidden class to allow the element
- * to be focusable when navigated to via the keyboard:
- * https://www.drupal.org/node/897638
- */
-
-.visuallyhidden.focusable:active,
-.visuallyhidden.focusable:focus {
-    clip: auto;
-    clip-path: none;
-    height: auto;
-    margin: 0;
-    overflow: visible;
-    position: static;
-    width: auto;
-    white-space: inherit;
-}
-
-/*
- * Hide visually and from screen readers, but maintain layout
- */
-
-.invisible {
-    visibility: hidden;
-}
-
-/*
- * Clearfix: contain floats
- *
- * For modern browsers
- * 1. The space content is one way to avoid an Opera bug when the
- *    `contenteditable` attribute is included anywhere else in the document.
- *    Otherwise it causes space to appear at the top and bottom of elements
- *    that receive the `clearfix` class.
- * 2. The use of `table` rather than `block` is only necessary if using
- *    `:before` to contain the top-margins of child elements.
- */
-
-.clearfix:before,
-.clearfix:after {
-    content: " "; /* 1 */
-    display: table; /* 2 */
-}
-
-.clearfix:after {
-    clear: both;
-}
-
-/* ==========================================================================
-   EXAMPLE Media Queries for Responsive Design.
-   These examples override the primary ('mobile first') styles.
-   Modify as content requires.
-   ========================================================================== */
-
-@media only screen and (min-width: 35em) {
-    /* Style adjustments for viewports that meet the condition */
-}
-
-@media print,
-       (min-resolution: 1.25dppx),
-       (min-resolution: 120dpi) {
-    /* Style adjustments for high resolution devices */
-}
-
-/* ==========================================================================
-   Print styles.
-   Inlined to avoid the additional HTTP request:
-   http://www.phpied.com/delay-loading-your-print-css/
-   ========================================================================== */
-
-@media print {
-    *,
-    *:before,
-    *:after {
-        background: transparent !important;
-        color: #000 !important; /* Black prints faster:
-                                   http://www.sanbeiji.com/archives/953 */
-        box-shadow: none !important;
-        text-shadow: none !important;
-    }
-
-    a,
-    a:visited {
-        text-decoration: underline;
-    }
-
-    a[href]:after {
-        content: " (" attr(href) ")";
-    }
-
-    abbr[title]:after {
-        content: " (" attr(title) ")";
-    }
-
-    /*
-     * Don't show links that are fragment identifiers,
-     * or use the `javascript:` pseudo protocol
-     */
-
-    a[href^="#"]:after,
-    a[href^="javascript:"]:after {
-        content: "";
-    }
-
-    pre {
-        white-space: pre-wrap !important;
-    }
-    pre,
-    blockquote {
-        border: 1px solid #999;
-        page-break-inside: avoid;
-    }
-
-    /*
-     * Printing Tables:
-     * http://css-discuss.incutio.com/wiki/Printing_Tables
-     */
-
-    thead {
-        display: table-header-group;
-    }
-
-    tr,
-    img {
-        page-break-inside: avoid;
-    }
-
-    p,
-    h2,
-    h3 {
-        orphans: 3;
-        widows: 3;
-    }
-
-    h2,
-    h3 {
-        page-break-after: avoid;
-    }
-}

src/doc/TOC.md

@@ -31,5 +31,4 @@ aspects of your website/web app (e.g.: the performance, security, etc.).
     *  [lighttpd](https://github.com/h5bp/server-configs-lighttpd)
     *  [Nginx](https://github.com/h5bp/server-configs-nginx)
     *  [Node.js](https://github.com/h5bp/server-configs-node)
-* [Ant Build Script](https://github.com/h5bp/ant-build-script) — Apache
-  Ant based build script.
+* [Front-end Developer Interview Questions](https://github.com/h5bp/Front-end-Developer-Interview-Questions)

src/doc/css.md

@@ -6,10 +6,7 @@ table of contents](TOC.md)
 HTML5 Boilerplate's CSS includes:
 
 * [Normalize.css](#normalizecss)
-* [Useful defaults](#useful-defaults)
-* [Common helpers](#common-helpers)
-* [Placeholder media queries](#media-queries)
-* [Print styles](#print-styles)
+* [main.css](#maincss)
 
 This starting CSS does not rely on the presence of
 [conditional class names](https://www.paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/),
@@ -39,7 +36,7 @@ page](https://necolas.github.com/normalize.css/), as well as this
 [blog post](http://nicolasgallagher.com/about-normalize-css/).
 
 
-## Useful defaults
+## main.css
 
 Several base styles are included that build upon `Normalize.css`. These
 styles:
@@ -49,116 +46,6 @@ styles:
 * tweak the default alignment of some elements (e.g.: `img`, `video`,
   `fieldset`, `textarea`)
 * style the prompt that is displayed to users using an outdated browser
+* and more...
 
-You are free and even encouraged to modify or add to these base styles as your
-project requires.
-
-
-## Common helpers
-
-Along with the base styles, we also provide some commonly used helper classes.
-
-#### `.hidden`
-
-The `hidden` class can be added to any element that you want to hide visually
-and from screen readers. It could be an element that will be populated and
-displayed later, or an element you will hide with JavaScript.
-
-#### `.visuallyhidden`
-
-The `visuallyhidden` class can be added to any element that you want to hide
-visually, while still have its content accessible to screen readers.
-
-See also:
-
-* [CSS in Action: Invisible Content Just for Screen Reader
-  Users](http://webaim.org/techniques/css/invisiblecontent/)
-* [Hiding content for
-  accessibility](https://snook.ca/archives/html_and_css/hiding-content-for-accessibility)
-* [HTML5 Boilerplate - Issue #194](https://github.com/h5bp/html5-boilerplate/issues/194).
-
-__N.B.__ [The visuallyhidden class can be an accessibility issue for users using high contrast modes.](https://www.paciellogroup.com/blog/2012/08/notes-on-accessible-css-image-sprites/)
-
->Use JavaScript to detect when images are disabled and remove the CSS visually hidden display state of the text alternative.
-Use JavaScript to detect when Windows high contrast mode is enabled and remove the CSS visually hidden display state of the text alternative.
-
-#### `.invisible`
-
-The `invisible` class can be added to any element that you want to hide
-visually and from screen readers, but without affecting the layout.
-
-As opposed to the `hidden` class that effectively removes the element from the
-layout, the `invisible` class will simply make the element invisible while
-keeping it in the flow and not affecting the positioning of the surrounding
-content.
-
-__N.B.__ Try to stay away from, and don't use the classes specified above for
-[keyword stuffing](https://en.wikipedia.org/wiki/Keyword_stuffing) as you will
-harm your site's ranking!
-
-#### `.clearfix`
-
-The `clearfix` class can be added to any element to ensure that it always fully
-contains its floated children.
-
-Over the years there have been many variants of the clearfix hack, but currently,
-we use the [micro clearfix](http://nicolasgallagher.com/micro-clearfix-hack/).
-
-
-## Media Queries
-
-HTML5 Boilerplate makes it easy for you to get started with a
-[_mobile first_](http://www.lukew.com/presos/preso.asp?26) and [_responsive web
-design_](http://alistapart.com/article/responsive-web-design) approach to
-development. But it's worth remembering that there are [no silver
-bullets](https://cloudfour.com/thinks/css-media-query-for-mobile-is-fools-gold/).
-
-We include placeholder media queries to help you build up your mobile styles for
-wider viewports and high-resolution displays. It's recommended that you adapt
-these media queries based on the content of your site rather than mirroring the
-fixed dimensions of specific devices.
-
-If you do not want to take the _mobile first_ approach, you can simply edit or
-remove these placeholder media queries. One possibility would be to work from
-wide viewports down, and use `max-width` media queries instead (e.g.:
-`@media only screen and (max-width: 480px)`).
-
-
-## Print styles
-
-Lastly, we provide some useful print styles that will optimize the printing
-process, as well as make the printed pages easier to read.
-
-At printing time, these styles will:
-
-* strip all background colors, change the font color to black, and remove the
-  `text-shadow` — done in order to [help save printer ink and speed up the
-  printing process](http://www.sanbeiji.com/archives/953)
-* underline and expand links to include the URL — done in order to allow users
-  to know where to refer to<br>
-  (exceptions to this are: the links that are
-  [fragment identifiers](https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#attr-href),
-  or use the
-  [`javascript:` pseudo protocol](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/void#JavaScript_URIs))
-* expand abbreviations to include the full description — done in order to allow
-  users to know what the abbreviations stands for
-* provide instructions on how browsers should break the content into pages and
-  on [orphans/widows](https://en.wikipedia.org/wiki/Widows_and_orphans), namely,
-  we instruct
-  [supporting browsers](https://en.wikipedia.org/wiki/Comparison_of_layout_engines_%28Cascading_Style_Sheets%29#Grammar_and_rules)
-  that they should:
-
-  * ensure the table header (`<thead>`) is [printed on each page spanned by the
-    table](http://css-discuss.incutio.com/wiki/Printing_Tables)
-  * prevent block quotations, preformatted text, images and table rows from
-    being split onto two different pages
-  * ensure that headings never appear on a different page than the text they
-    are associated with
-  * ensure that
-    [orphans and widows](https://en.wikipedia.org/wiki/Widows_and_orphans) do
-    [not appear on printed pages](https://css-tricks.com/almanac/properties/o/orphans/)
-
-The print styles are included along with the other `css` to [avoid the
-additional HTTP request](http://www.phpied.com/delay-loading-your-print-css/).
-Also, they should always be included last, so that the other styles can be
-overwritten.
+These styles are included in [main.css](https://github.com/h5bp/html5-boilerplate/blob/master/dist/css/main.css). See the [main.css](https://github.com/h5bp/main.css) project [documentation](https://github.com/h5bp/main.css/blob/master/README.md#features) for a full discussion of these styles. 

src/doc/extend.md

@@ -18,16 +18,14 @@ not everything fits with everyone's needs.
 * [Social Networks](#social-networks)
 * [URLs](#urls)
 * [Web Apps](#web-apps)
-
+* [security.txt](#security.txt)
 
 ## App Stores
 
 ### Smart App Banners in iOS 6+ Safari
 
 Stop bothering everyone with gross modals advertising your entry in the
-App Store. Include the following [meta tag](https://developer.apple.com/library/IOS/documentation/AppleApplications/Reference/SafariWebContent/PromotingAppswithAppBanners/PromotingAppswithAppBanners.html#//apple_ref/doc/uid/TP40002051-CH6-SW2)
-will unintrusively allow the user the option to download your iOS app,
-or open it with some data about the user's current state on the website.
+App Store. Including the following [meta tag](https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariWebContent/PromotingAppswithAppBanners/PromotingAppswithAppBanners.html) will unobtrusively give the user the option to download your iOS app, or open it with some data about the user's current state on the website.
 
 ```html
 <meta name="apple-itunes-app" content="app-id=APP_ID,app-argument=SOME_TEXT">
@@ -108,10 +106,9 @@ Microsoft Ajax Content Delivery Network:
 
 ### Further reading about DNS prefetching
 
-* https://developer.mozilla.org/en-US/docs/Controlling_DNS_prefetching
+* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control
 * https://dev.chromium.org/developers/design-documents/dns-prefetching
 * https://blogs.msdn.microsoft.com/ie/2011/03/17/internet-explorer-9-network-performance-improvements/
-* http://dayofjs.com/videos/22158462/web-browsers_alex-russel
 
 
 ## Google Universal Analytics
@@ -127,7 +124,7 @@ ga('create', 'UA-XXXXX-X', 'auto'); ga('send', 'pageview');
 ```
 
 To customize further, see Google's [Advanced
-Setup](https://developers.google.com/analytics/devguides/collection/analyticsjs/advanced),
+Setup](https://developers.google.com/analytics/devguides/collection/analyticsjs/),
 [Pageview](https://developers.google.com/analytics/devguides/collection/analyticsjs/pages),
 and [Event](https://developers.google.com/analytics/devguides/collection/analyticsjs/events) Docs.
 
@@ -217,34 +214,12 @@ $(function(){
 
 ## Internet Explorer
 
-### Prompt users to switch to "Desktop Mode" in IE10 Metro
+### IE Pinned Sites
 
-IE10 does not support plugins, such as Flash, in Metro mode. If
-your site requires plugins, you can let users know that via the
-`x-ua-compatible` meta element, which will prompt them to switch
-to Desktop Mode.
-
-```html
-<meta http-equiv="x-ua-compatible" content="requiresActiveX=true">
-```
-
-Here's what it looks like alongside H5BP's default `x-ua-compatible`
-values:
-
-```html
-<meta http-equiv="x-ua-compatible" content="ie=edge,requiresActiveX=true">
-```
-
-You can find more information in [Microsoft's IEBlog post about prompting for
-plugin use in IE10 Metro
-Mode](https://blogs.msdn.microsoft.com/ie/2012/01/31/web-sites-and-a-plug-in-free-web/).
-
-### IE Pinned Sites (IE9+)
-
-Enabling your application for pinning will allow IE9 users to add it to their
+Enabling your application for pinning will allow IE users to add it to their
 Windows Taskbar and Start Menu. This comes with a range of new tools that you
-can easily configure with the elements below. See more [documentation on IE9
-Pinned Sites](https://msdn.microsoft.com/en-us/library/gg131029.aspx).
+can easily configure with the elements below. See more [documentation on IE 
+Pinned Sites](https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/samples/gg491731(v%3dvs.85)).
 
 ### Name the Pinned Site for Windows
 
@@ -277,7 +252,7 @@ track the number of pinned users, like so:
 
 ### Recolor IE's controls manually for a Pinned Site
 
-IE9+ will automatically use the overall color of your Pinned Site's favicon to
+IE will automatically use the overall color of your Pinned Site's favicon to
 shade its browser buttons. UNLESS you give it another color here. Only use
 named colors (`red`) or hex colors (`#ff0000`).
 
@@ -322,13 +297,13 @@ blog](https://blogs.msdn.microsoft.com/ie/2012/06/08/high-quality-visuals-for-pi
 
 ### (Windows 8) Badges for Pinned Sites
 
-IE10 will poll an XML document for badge information to display on your app's
+IE will poll an XML document for badge information to display on your app's
 tile in the Start screen. The user will be able to receive these badge updates
 even when your app isn't actively running. The badge's value can be a number,
 or one of a predefined list of glyphs.
 
 * [Tutorial on IEBlog with link to badge XML schema](https://blogs.msdn.microsoft.com/ie/2012/04/03/pinned-sites-in-windows-8/)
-* [Available badge values](https://msdn.microsoft.com/en-us/library/ie/br212849.aspx)
+* [Available badge values](https://docs.microsoft.com/en-us/uwp/schemas/tiles/badgeschema/element-badge)
 
 ```html
 <meta name="msapplication-badge" value="frequency=NUMBER_IN_MINUTES;polling-uri=https://www.example.com/path/to/file.xml">
@@ -398,18 +373,18 @@ plugin](https://www.google.com/search?ie=UTF-8&q=how+to+make+browser+search+plug
   [visibility](https://webmasters.googleblog.com/2009/05/introducing-rich-snippets.html).
 
 * If you're building a web app you may want [native style momentum scrolling in
-  iOS 5+](http://www.johanbrook.com/articles/native-style-momentum-scrolling-to-arrive-in-ios-5/)
+  iOS 5+](https://www.johanbrook.com/writings/native-style-momentum-scrolling-to-arrive-in-ios-5/)
   using `-webkit-overflow-scrolling: touch`.
 
 * If you want to disable the translation prompt in Chrome or block Google
   Translate from translating your web page, use [`<meta name="google"
-  value="notranslate">`](https://support.google.com/translate/?hl=en#2641276).
+  content="notranslate">`](https://support.google.com/webmasters/answer/79812).
   To disable translation for a particular section of the web page, add
   [`class="notranslate"`](https://support.google.com/translate/?hl=en#2641276).
 
 * If you want to disable the automatic detection and formatting of possible
   phone numbers in Safari on iOS, use [`<meta name="format-detection"
-  content="telephone=no">`](https://developer.apple.com/library/safari/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html/#//apple_ref/doc/uid/TP40008193-SW5).
+  content="telephone=no">`](https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/MetaTags.html).
 
 * Avoid development/stage websites "leaking" into SERPs (search engine results
   page) by [implementing X-Robots-tag
@@ -431,7 +406,7 @@ scratch](http://www.rssboard.org/rss-specification)?
 
 Atom is similar to RSS, and you might prefer to use it instead of or in
 addition to it. [See what Atom's all
-about](http://www.atomenabled.org/developers/syndication/).
+about](https://en.wikipedia.org/wiki/Atom_(Web_standard)).
 
 ```html
 <link rel="alternate" type="application/atom+xml" title="Atom" href="/atom.xml">
@@ -447,7 +422,7 @@ attribute should contain the location of your pingback service.
 ```
 
 * High-level explanation: https://codex.wordpress.org/Introduction_to_Blogging#Pingbacks
-* Step-by-step example case: http://www.hixie.ch/specs/pingback/pingback-1.0#TOC5
+* Step-by-step example case: https://www.hixie.ch/specs/pingback/pingback-1.0#TOC5
 * PHP pingback service: https://web.archive.org/web/20131211032834/http://blog.perplexedlabs.com/2009/07/15/xmlrpc-pingbacks-using-php/
 
 
@@ -460,10 +435,10 @@ You can control the information that Facebook and others display when users
 share your site. Below are just the most basic data points you might need. For
 specific content types (including "website"), see [Facebook's built-in Open
 Graph content
-templates](https://developers.facebook.com/docs/opengraph/objects/builtin/).
+templates](https://developers.facebook.com/docs/sharing/opengraph/using-objects).
 Take full advantage of Facebook's support for complex data and activity by
 following the [Open Graph
-tutorial](https://developers.facebook.com/docs/opengraph/tutorial/).
+tutorial](https://developers.facebook.com/docs/sharing/webmasters/getting-started).
 
 For a reference of Open Graph's markup and properties, you may check
 [Facebook's Open Graph Protocol reference](http://ogp.me/). Finally,
@@ -485,12 +460,10 @@ registration to Facebook).
 ### Twitter Cards
 
 Twitter provides a snippet specification that serves a similar purpose to Open
-Graph. In fact, Twitter will use Open Graph when Cards is not available. Note
-that, as of this writing, Twitter requires that app developers activate Cards
-on a per-domain basis. You can read more about the various snippet formats
-and application process in the [official Twitter Cards
-documentation](https://dev.twitter.com/docs/cards), and you can validate
-your markup with the [Card validator](https://cards-dev.twitter.com/validator)
+Graph. In fact, Twitter will use Open Graph when Cards is not available. You 
+can read more about the various snippet formats and application process in the 
+[official Twitter Cards documentation](https://developer.twitter.com/en/docs/tweets/optimize-with-cards/overview/abouts-cards), 
+and you can validate your markup with the [Card validator](https://cards-dev.twitter.com/validator)
 (needs registration to Twitter).
 
 ```html
@@ -512,7 +485,7 @@ of [schema.org's microdata vocabulary](https://schema.org/), which
 covers many other schemas that can describe the content of your pages
 to search engines. For this reason, this metadata is more generic for
 SEO, notably for Google's search-engine, although this vocabulary is
-also used by Microsoft, Pinterest or Yandex.
+also used by Microsoft, Pinterest and Yandex.
 
 You can validate your markup with the [Structured Data Testing
 Tool](https://developers.google.com/structured-data/testing-tool/).
@@ -543,16 +516,6 @@ the cleaner, more accurate `https://www.example.com/cart.html`.
 <link rel="canonical" href="">
 ```
 
-### Official shortlink
-
-Signal to the world "This is the shortened URL to use this page!" Poorly
-supported at this time. Learn more by reading the [article about shortlinks on
-the Microformats wiki](http://microformats.org/wiki/rel-shortlink).
-
-```html
-<link rel="shortlink" href="h5bp.com">
-```
-
 ### Separate mobile URLs
 
 If you use separate URLs for desktop and mobile users, you should consider
@@ -573,8 +536,7 @@ This can be done by adding the following annotations in your HTML pages:
 
 For more information please see:
 
-* https://developers.google.com/webmasters/smartphone-sites/details#separateurls
-* https://developers.google.com/webmasters/smartphone-sites/feature-phones
+* https://developers.google.com/search/mobile-sites/mobile-seo/separate-urls
 
 
 ## Web Apps
@@ -605,39 +567,17 @@ on Apple's site.
 
 ### Apple Touch Icons
 
-The Apple touch icons can be seen as the favicons of iOS devices.
+Apple touch icons are used as icons when a user adds your webapp to the home 
+screen of aniOS devices.
 
-The main sizes of the Apple touch icons are:
-
-* `57×57px` – iPhone with @1x display and iPod Touch
-* `72×72px` – iPad and iPad mini with @1x display running iOS ≤ 6
-* `76×76px` – iPad and iPad mini with @1x display running iOS ≥ 7
-* `114×114px` – iPhone with @2x display running iOS ≤ 6
-* `120×120px` – iPhone with @2x and @3x display running iOS ≥ 7
-* `144×144px` – iPad and iPad mini with @2x display running iOS ≤ 6
-* `152×152px` – iPad and iPad mini with @2x display running iOS 7
-* `180×180px` – iPad and iPad mini with @2x display running iOS 8
-
-Displays meaning:
-
-* @1x - non-Retina
-* @2x - Retina
-* @3x - Retina HD
-
-More information about the displays of iOS devices can be found
-[here](https://en.wikipedia.org/wiki/List_of_iOS_devices#Display).
-
-In most cases, one `180×180px` touch icon named `icon.png`
-and including:
+Though the dimensions of the icon can vary between iOS devices and versions 
+one `180×180px` touch icon named `icon.png` and including the following in 
+the `<head>` of the page is enough:
 
 ```html
 <link rel="apple-touch-icon" href="icon.png">
 ```
 
-in the `<head>` of the page is enough. If you use art-direction and/or
-want to have different content for each device, you can add more touch
-icons as written above.
-
 For a more comprehensive overview, please refer to Mathias' [article on Touch
 Icons](https://mathiasbynens.be/notes/touch-icons).
 
@@ -646,19 +586,14 @@ Icons](https://mathiasbynens.be/notes/touch-icons).
 
 Apart from that it is possible to add start-up screens for web apps on iOS. This
 basically works by defining `apple-touch-startup-image` with an according link
-to the image. Since iOS devices have different screen resolutions it is
+to the image. Since iOS devices have different screen resolutions it maybe
 necessary to add media queries to detect which image to load. Here is an
-example for a retina iPhone:
+example for an iPhone:
 
 ```html
-<link rel="apple-touch-startup-image" media="(max-device-width: 480px) and (-webkit-min-device-pixel-ratio: 2)" href="img/startup-retina.png">
+<link rel="apple-touch-startup-image" media="(max-device-width: 480px) and (-webkit-min-device-pixel-ratio: 2)" href="img/startup.png">
 ```
 
-However, it is possible to detect which start-up image to use with JavaScript.
-The Mobile Boilerplate provides a useful function for this. Please see
-[helpers.js](https://github.com/h5bp/mobile-boilerplate/blob/v4.1.0/js/helper.js#L336-L383)
-for the implementation.
-
 
 ### Chrome Mobile web apps
 
@@ -691,3 +626,15 @@ The `content` attribute extension can take any valid CSS color.
 
 Currently, the `theme-color` meta extension is supported by [Chrome 39+
 for Android Lollipop](https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android).
+
+
+## security.txt
+
+When security risks in web services are discovered by users they often lack the
+channels to disclose them properly. As a result, security issues may be left unreported. 
+
+Security.txt defines a standard to help organizations define the process for 
+users to disclose security vulnerabilities securely. Include a text
+file on your server at `.well-known/security.txt` with the relevant contact details.
+
+Check [https://securitytxt.org/](https://securitytxt.org/) for more details.

src/doc/faq.md

@@ -30,14 +30,9 @@ reinforces that scripts at the bottom are the right move. (Usually I
 concatenate and minify all my scripts into one .js file — the GA snippet being
 the suffix.)
 
-### How can I integrate [Bootstrap](https://getbootstrap.com/) with HTML5 Boilerplate?
-
-Here's Nicolas Gallagher writing about how [HTML5 Boilerplate and Bootstrap complement each
-other](https://www.quora.com/Is-Bootstrap-a-complement-or-an-alternative-to-HTML5-Boilerplate-or-viceversa/answer/Nicolas-Gallagher).
-
 ### Do I need to upgrade my site each time a new version of HTML5 Boilerplate is released?
 
-No, same as you don't normally replace the foundation of a house once it
+No, just as you don't normally replace the foundation of a house once it
 was built. However, there is nothing stopping you from trying to work in the
 latest changes, but you'll have to assess the costs/benefits of doing so.
 

src/doc/html.md

@@ -7,7 +7,7 @@ By default, HTML5 Boilerplate provides two `html` pages:
 
 * [`index.html`](#indexhtml) - a default HTML skeleton that should form the
   basis of all pages on your website
-* [`404.html`](#404html) - a placeholder 404 error page
+* `404.html` - a placeholder 404 error page
 
 
 ## `index.html`
@@ -23,7 +23,7 @@ FOUC](https://www.paulirish.com/2009/avoiding-the-fouc-v3/).
 
 ## Language Attribute
 
-Please consider specifying the language of your content by adding a [value](http://www.iana.org/assignments/language-subtag-registry/language-subtag-registry) to the `lang`
+Please consider specifying the language of your content by adding a [value](https://www.iana.org/assignments/language-subtag-registry/language-subtag-registry) to the `lang`
 attribute in the `<html>` as in this example:
 
 ```html
@@ -32,71 +32,12 @@ attribute in the `<html>` as in this example:
 
 ### The order of the `<title>` and `<meta>` tags
 
-The order in which the `<title>` and the `<meta>` tags are specified is
-important because:
-
-1) the charset declaration (`<meta charset="utf-8">`):
-
-   * must be included completely within the [first 1024 bytes of the
-     document](https://www.whatwg.org/specs/web-apps/current-work/multipage/semantics.html#charset)
-
-   * should be specified as early as possible (before any content that could
-     be controlled by an attacker, such as a `<title>` element) in order to
-     avoid a potential [encoding-related security
-     issue](https://code.google.com/p/doctype-mirror/wiki/ArticleUtf7) in
-     Internet Explorer
-
-2) the meta tag for compatibility mode
-   (`<meta http-equiv="x-ua-compatible" content="ie=edge">`):
-
-   * [needs to be included before all other tags except for the `<title>` and
-     the other `<meta>`
-     tags](https://msdn.microsoft.com/en-us/library/cc288325.aspx)
-
-
-### `x-ua-compatible`
-
-Internet Explorer 8/9/10 support [document compatibility
-modes](https://msdn.microsoft.com/en-us/library/cc288325.aspx) that affect the
-way webpages are interpreted and displayed. Because of this, even if your site's
-visitor is using, let's say, Internet Explorer 9, it's possible that IE will not
-use the latest rendering engine, and instead, decide to render your page using
-the Internet Explorer 5.5 rendering engine.
-
-Specifying the `x-ua-compatible` meta tag:
-
-```html
-<meta http-equiv="x-ua-compatible" content="ie=edge">
-```
-
-or sending the page with the following HTTP response header
-
-```
-X-UA-Compatible: IE=edge
-```
-
-will force Internet Explorer 8/9/10 to render the webpage in the highest
-available mode in [the various cases when it may
-not](https://hsivonen.fi/doctype/#ie8), and therefore, ensure that anyone
-browsing your site is treated to the best possible user experience that
-browser can offer.
-
-If possible, we recommend that you remove the `meta` tag and send only the
-HTTP response header as the `meta` tag will not always work if your site is
-served on a non-standard port, as Internet Explorer's preference option
-`Display intranet sites in Compatibility View` is checked by default.
-
-If you are using Apache as your webserver, including the
-[`.htaccess`](https://github.com/h5bp/server-configs-apache) file takes care of
-the HTTP header. If you are using a different server, check out our [other
-server config](https://github.com/h5bp/server-configs).
-
-Starting with Internet Explorer 11, [document modes are
-deprecated](https://msdn.microsoft.com/library/bg182625.aspx#docmode).
-If your business still relies on older web apps and services that were
-designed for older versions of Internet Explorer, you might want to consider
-enabling [Enterprise Mode](https://blogs.msdn.microsoft.com/ie/2014/04/02/stay-up-to-date-with-enterprise-mode-for-internet-explorer-11/) throughout your company.
-
+The charset declaration (`<meta charset="utf-8">`) must be included completely 
+within the [first 1024 bytes of the document](https://www.whatwg.org/specs/web-apps/current-work/multipage/semantics.html#charset)
+and should be specified as early as possible (before any content that could
+be controlled by an attacker, such as a `<title>` element) in order to avoid a 
+potential [encoding-related security issue](https://code.google.com/archive/p/doctype-mirror/wikis/ArticleUtf7.wiki)
+in Internet Explorer
 
 ## Meta Description
 
@@ -108,20 +49,27 @@ shown in the search results.
 <meta name="description" content="This is a description">
 ```
 
+Google's [Create good meta descriptions](https://support.google.com/webmasters/answer/35624?hl=en#meta-descriptions)
+documentation has useful tips on creating an effective description.
 
 ## Mobile Viewport
 
 There are a few different options that you can use with the [`viewport` meta
 tag](https://docs.google.com/present/view?id=dkx3qtm_22dxsrgcf4 "Viewport and
 Media Queries - The Complete Idiot's Guide"). You can find out more in [the
-Apple developer docs](https://developer.apple.com/library/safari/documentation/AppleApplications/Reference/SafariWebContent/UsingtheViewport/UsingtheViewport.html).
+MDN Web Docs](https://developer.mozilla.org/en-US/docs/Mozilla/Mobile/Viewport_meta_tag).
 HTML5 Boilerplate comes with a simple setup that strikes a good balance for general use cases.
 
 ```html
 <meta name="viewport" content="width=device-width, initial-scale=1">
 ```
 
+If you want to take advantage of edge-to-edge displays of iPhone X/XS/XR you can do
+so with additional viewport parameters. [Check the WebKit blog](https://webkit.org/blog/7929/designing-websites-for-iphone-x/) 
+for details.
+
 ## Web App Manifest
+
 HTML5 Boilerplate includes a simple web app manifest file. 
 
 The web app manifest is a simple JSON file that allows you to control how your 
@@ -132,7 +80,7 @@ control over the UI of a saved site or web app on a mobile device.
 It's linked to from the HTML as follows:
 
 ```html
-        <link rel="manifest" href="site.webmanifest">
+<link rel="manifest" href="site.webmanifest">
 ```
 Our [site.webmanifest](https://github.com/h5bp/html5-boilerplate/blob/master/src/site.webmanifest) contains a very skeletal "app" definition, just to show the basic usage. 
 You should fill this file out with [more information about your site or application](https://developer.mozilla.org/en-US/docs/Web/Manifest)
@@ -156,8 +104,8 @@ web app development.
 ### Browser Upgrade Prompt
 
 The main content area of the boilerplate includes a prompt to install an up to
-date browser for users of IE 8 and lower. If you intended to support IE 8, then you
-should remove the snippet of code.
+date browser for users of IE 9 and lower. If you intended to support IE, then you
+should edit or remove the snippet of code.
 
 ## Modernizr
 
@@ -176,14 +124,14 @@ Starting with version 3 Modernizr can be customized using the [modernizr-config.
 
 If you need to include [polyfills](https://remysharp.com/2010/10/08/what-is-a-polyfill)
 in your project, you must make sure those load before any other JavaScript. If you're
-using some polyfill CDN service, like [cdn.polyfill.io](https://cdn.polyfill.io/),
+using a polyfill CDN service, like [cdn.polyfill.io](https://cdn.polyfill.io/),
 just put it before the other scripts in the bottom of the page:
 
 ```html
-    <script src="js/vendor/modernizr-3.5.0.min.js"></script>
-    <script src="https://cdn.polyfill.io/v2/polyfill.min.js"></script>
-    <script src="https://code.jquery.com/jquery-3.2.1.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>
-    <script>window.jQuery || document.write('<script src="js/vendor/jquery-3.2.1.min.js"><\/script>')</script>
+    <script src="js/vendor/modernizr-3.7.1.min.js"></script>
+    <script src="https://cdn.polyfill.io/v3/polyfill.min.js"></script>
+    <script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script>
+    <script>window.jQuery || document.write('<script src="js/vendor/jquery-3.4.1.min.js"><\/script>')</script>
     <script src="js/plugins.js"></script>
     <script src="js/main.js"></script>
 </body>
@@ -193,7 +141,7 @@ If you like to just include the polyfills yourself, you could include them in
 `js/plugins.js`. When you have a bunch of polyfills to load in, you could
 also create a `polyfills.js` file in the `js/vendor` directory or include the files 
 individually and combine them using a build tool. Always ensure that the polyfills 
-are all loaded before any other Javascript.
+are all loaded before any other JavaScript.
 
 There are some misconceptions about Modernizr and polyfills. It's important
 to understand that Modernizr just handles feature checking, not polyfilling
@@ -217,7 +165,7 @@ the Google Hosted version over the jQuery CDN because it was available
 over HTTPS (the jQuery CDN was not,) and it offered a better chance of
 hitting the cache lottery owing to the popularity of the Google CDN.
 The first issue is no longer valid and the second is far outweighed by
-being able to serve jQuery to Chinese users.
+being able to serve jQuery to users in China.
 
 While the jQuery CDN is a strong default solution your site or application may
 require a different configuration. Testing your site with services like
@@ -229,22 +177,29 @@ site or application.
 ### Google Universal Analytics Tracking Code
 
 Finally, an optimized version of the Google Universal Analytics tracking code is
-included. Google recommends that this script be placed at the top of the page.
+included.
+
+We use `analytics.js` rather than the newer `gtag.js` as 
+[it's faster and supports tasks and plugins](https://github.com/philipwalton/analyticsjs-boilerplate/issues/19#issuecomment-333714370)
+
+The beacon transport mechanism is used to send all hits [which saves HTTP requests and improves performance](https://philipwalton.com/articles/the-google-analytics-setup-i-use-on-every-site-i-build/#loading-analytics.js).
+
+Google recommends that this script be placed at the top of the page.
 Factors to consider: if you place this script at the top of the page, you’ll
 be able to count users who don’t fully load the page, and you’ll incur the max
 number of simultaneous connections of the browser.
 
 Further information:
 
-* [Optimizing the Google Universal Analytics
-  Snippet](https://mathiasbynens.be/notes/async-analytics-snippet#universal-analytics)
-* [Introduction to
+- [Introduction to
   Analytics.js](https://developers.google.com/analytics/devguides/collection/analyticsjs/)
-* [Google Analytics Demos & Tools](https://ga-dev-tools.appspot.com/)
+- [Google Analytics Demos & Tools](https://ga-dev-tools.appspot.com/)
 
-**N.B.** The Google Universal Analytics snippet is included by default mainly
+**N.B.** The Google Analytics snippet is included by default mainly
 because Google Analytics is [currently one of the most popular tracking
 solutions](https://trends.builtwith.com/analytics/Google-Analytics) out there.
 However, its usage isn't set in stone, and you SHOULD consider exploring the
 [alternatives](https://en.wikipedia.org/wiki/List_of_web_analytics_software)
-and use whatever suits your needs best!
+and use whatever suits your needs best.
+
+

src/doc/misc.md

@@ -7,6 +7,7 @@ table of contents](TOC.md)
 * [.editorconfig](#editorconfig)
 * [Server Configuration](#server-configuration)
 * [robots.txt](#robotstxt)
+* [humans.txt](#humanstxt)
 * [browserconfig.xml](#browserconfigxml)
 
 --
@@ -41,21 +42,21 @@ your team define and maintain consistent coding styles between different
 editors and IDEs.
 
 By default, `.editorconfig` includes some basic
-[properties](http://editorconfig.org/#supported-properties) that reflect the
+[properties](https://editorconfig.org/#supported-properties) that reflect the
 coding styles from the files provided by default, but you can easily change
 them to better suit your needs.
 
 In order for your editor/IDE to apply the
-[properties](http://editorconfig.org/#supported-properties) from the
+[properties](https://editorconfig.org/#supported-properties) from the
 `.editorconfig` file, you may need to [install a
-plugin]( http://editorconfig.org/#download).
+plugin]( https://editorconfig.org/#download).
 
 __N.B.__ If you aren't using the server configurations provided by HTML5
 Boilerplate, we highly encourage you to configure your server to block
 access to `.editorconfig` files, as they can disclose sensitive information!
 
 For more details, please refer to the [EditorConfig
-project](http://editorconfig.org/).
+project](https://editorconfig.org/).
 
 
 ## Server Configuration
@@ -139,6 +140,20 @@ For more information about `robots.txt`, please see:
   * [robotstxt.org](http://www.robotstxt.org/)
   * [How Google handles the `robots.txt` file](https://developers.google.com/webmasters/control-crawl-index/docs/robots_txt)
 
+## humans.txt
+
+The `humans.txt` file is used to provide information about people involved with
+the website.
+
+The provided file contains three sections:
+
+  * `TEAM` - this is intended to list the group of people responsible for the website
+  * `THANKS` - this is intended to list the group of people that have contributed
+  to the website
+  * `TECHNOLOGY COLOPHON` - the section lists technologies used to make the website
+  
+For more information about `humans.txt`, please see: http://humanstxt.org/
+
 
 ## browserconfig.xml
 
@@ -155,4 +170,4 @@ By default, the file points to 2 placeholder tile images:
 Notice that IE11 uses the same images when adding a site to the `favorites`.
 
 For more in-depth information about the `browserconfig.xml` file, please
-see [MSDN](https://msdn.microsoft.com/library/dn320426.aspx).
+see [MSDN](https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/dn320426(v=vs.85)).

src/doc/usage.md

@@ -18,7 +18,7 @@ serve as the foundation for whatever you're interested in building.
 
 Even the basic use-case of a simple static site can be enhanced by manipulating
 the code through an automated build process. Moving up in complexity HTML5
-Boilerplate can be be integrated with whatever front-end framework, CMS or
+Boilerplate can be integrated with whatever front-end framework, CMS or
 e-commerce platform you're working with. Mix-and-match to your heart's content.
 Use what you need (toss it in a blender if you need to) and discard the rest.
 HTML5 Boilerplate is a starting point, not a destination.
@@ -92,7 +92,7 @@ A helpful custom 404 to get you started.
 This file contains all settings regarding custom tiles for IE11 and Edge.
 
 For more info on this topic, please refer to
-[MSDN](https://msdn.microsoft.com/library/dn455106.aspx).
+[Microsoft's Docs](https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/dn320426(v=vs.85)).
 
 ### .editorconfig
 

src/index.html

@@ -1,37 +1,41 @@
 <!doctype html>
 <html class="no-js" lang="">
-    <head>
-        <meta charset="utf-8">
-        <meta http-equiv="x-ua-compatible" content="ie=edge">
-        <title></title>
-        <meta name="description" content="">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
 
-        <link rel="manifest" href="site.webmanifest">
-        <link rel="apple-touch-icon" href="icon.png">
-        <!-- Place favicon.ico in the root directory -->
+<head>
+  <meta charset="utf-8">
+  <title></title>
+  <meta name="description" content="">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
 
-        <link rel="stylesheet" href="css/normalize.css">
-        <link rel="stylesheet" href="css/main.css">
-    </head>
-    <body>
-        <!--[if lte IE 9]>
-            <p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="https://browsehappy.com/">upgrade your browser</a> to improve your experience and security.</p>
-        <![endif]-->
+  <link rel="manifest" href="site.webmanifest">
+  <link rel="apple-touch-icon" href="icon.png">
+  <!-- Place favicon.ico in the root directory -->
 
-        <!-- Add your site or application content here -->
-        <p>Hello world! This is HTML5 Boilerplate.</p>
-        <script src="js/vendor/modernizr-{{MODERNIZR_VERSION}}.min.js"></script>
-        <script src="https://code.jquery.com/jquery-{{JQUERY_VERSION}}.min.js" integrity="{{JQUERY_SRI_HASH}}" crossorigin="anonymous"></script>
-        <script>window.jQuery || document.write('<script src="js/vendor/jquery-{{JQUERY_VERSION}}.min.js"><\/script>')</script>
-        <script src="js/plugins.js"></script>
-        <script src="js/main.js"></script>
+  <link rel="stylesheet" href="css/normalize.css">
+  <link rel="stylesheet" href="css/main.css">
+
+  <meta name="theme-color" content="#fafafa">
+</head>
+
+<body>
+  <!--[if IE]>
+    <p class="browserupgrade">You are using an <strong>outdated</strong> browser. Please <a href="https://browsehappy.com/">upgrade your browser</a> to improve your experience and security.</p>
+  <![endif]-->
+
+  <!-- Add your site or application content here -->
+  <p>Hello world! This is HTML5 Boilerplate.</p>
+  <script src="js/vendor/modernizr-{{MODERNIZR_VERSION}}.min.js"></script>
+  <script src="https://code.jquery.com/jquery-{{JQUERY_VERSION}}.min.js" integrity="{{JQUERY_SRI_HASH}}" crossorigin="anonymous"></script>
+  <script>window.jQuery || document.write('<script src="js/vendor/jquery-{{JQUERY_VERSION}}.min.js"><\/script>')</script>
+  <script src="js/plugins.js"></script>
+  <script src="js/main.js"></script>
+
+  <!-- Google Analytics: change UA-XXXXX-Y to be your site's ID. -->
+  <script>
+    window.ga = function () { ga.q.push(arguments) }; ga.q = []; ga.l = +new Date;
+    ga('create', 'UA-XXXXX-Y', 'auto'); ga('set','transport','beacon'); ga('send', 'pageview')
+  </script>
+  <script src="https://www.google-analytics.com/analytics.js" async></script>
+</body>
 
-        <!-- Google Analytics: change UA-XXXXX-Y to be your site's ID. -->
-        <script>
-            window.ga=function(){ga.q.push(arguments)};ga.q=[];ga.l=+new Date;
-            ga('create','UA-XXXXX-Y','auto');ga('send','pageview')
-        </script>
-        <script src="https://www.google-analytics.com/analytics.js" async defer></script>
-    </body>
 </html>

src/js/plugins.js

@@ -1,24 +1,24 @@
 // Avoid `console` errors in browsers that lack a console.
 (function() {
-    var method;
-    var noop = function () {};
-    var methods = [
-        'assert', 'clear', 'count', 'debug', 'dir', 'dirxml', 'error',
-        'exception', 'group', 'groupCollapsed', 'groupEnd', 'info', 'log',
-        'markTimeline', 'profile', 'profileEnd', 'table', 'time', 'timeEnd',
-        'timeline', 'timelineEnd', 'timeStamp', 'trace', 'warn'
-    ];
-    var length = methods.length;
-    var console = (window.console = window.console || {});
+  var method;
+  var noop = function () {};
+  var methods = [
+    'assert', 'clear', 'count', 'debug', 'dir', 'dirxml', 'error',
+    'exception', 'group', 'groupCollapsed', 'groupEnd', 'info', 'log',
+    'markTimeline', 'profile', 'profileEnd', 'table', 'time', 'timeEnd',
+    'timeline', 'timelineEnd', 'timeStamp', 'trace', 'warn'
+  ];
+  var length = methods.length;
+  var console = (window.console = window.console || {});
 
-    while (length--) {
-        method = methods[length];
+  while (length--) {
+    method = methods[length];
 
-        // Only stub undefined methods.
-        if (!console[method]) {
-            console[method] = noop;
-        }
+    // Only stub undefined methods.
+    if (!console[method]) {
+      console[method] = noop;
     }
+  }
 }());
 
 // Place any jQuery/helper plugins in here.

src/site.webmanifest

@@ -1,8 +1,12 @@
 {
-    "icons": [{
-        "src": "icon.png",
-        "sizes": "192x192",
-        "type": "image/png"
-    }],
-    "start_url": "/"
+  "short_name": "",
+  "name": "",
+  "icons": [{
+    "src": "icon.png",
+    "type": "image/png",
+    "sizes": "192x192"
+  }],
+  "start_url": "/?utm_source=homescreen",
+  "background_color": "#fafafa",
+  "theme_color": "#fafafa"
 }

test/file_content.js

@@ -1,5 +1,3 @@
-/* jshint mocha: true */
-
 import assert from 'assert';
 import fs from 'fs';
 import path from 'path';
@@ -12,36 +10,36 @@ const dirs = pkg['h5bp-configs'].directories;
 
 function checkString(file, string, done) {
 
-    let character = '';
-    let matchFound = false;
-    let matchedPositions = 0;
-    const readStream = fs.createReadStream(file, { 'encoding': 'utf8' });
+  let character = '';
+  let matchFound = false;
+  let matchedPositions = 0;
+  const readStream = fs.createReadStream(file, {'encoding': 'utf8'});
 
-    readStream.on('close', done);
-    readStream.on('error', done);
-    readStream.on('readable', function () {
+  readStream.on('close', done);
+  readStream.on('error', done);
+  readStream.on('readable', function () {
 
-        // Read file until the string is found
-        // or the whole file has been read
-        while (matchFound !== true &&
+    // Read file until the string is found
+    // or the whole file has been read
+    while (matchFound !== true &&
                 (character = readStream.read(1)) !== null) {
 
-            if (character === string.charAt(matchedPositions)) {
-                matchedPositions += 1;
-            } else {
-                matchedPositions = 0;
-            }
+      if (character === string.charAt(matchedPositions)) {
+        matchedPositions += 1;
+      } else {
+        matchedPositions = 0;
+      }
 
-            if (matchedPositions === string.length) {
-                matchFound = true;
-            }
+      if (matchedPositions === string.length) {
+        matchFound = true;
+      }
 
-        }
+    }
 
-        assert.equal(true, matchFound);
-        this.close();
+    assert.equal(true, matchFound);
+    this.close();
 
-    });
+  });
 
 }
 
@@ -49,37 +47,37 @@ function checkString(file, string, done) {
 
 function runTests() {
 
-    const dir = dirs.dist;
+  const dir = dirs.dist;
 
-    describe(`Test if the files from the "${dir}" directory have the expected content`, () => {
-
-        it('".htaccess" should have the "ErrorDocument..." line uncommented', (done) => {
-            const string = '\n\nErrorDocument 404 /404.html\n\n';
-            checkString(path.resolve(dir, '.htaccess'), string, done);
-        });
-
-        it('"index.html" should contain the correct jQuery version in the CDN URL', (done) => {
-            const string = `code.jquery.com/jquery-${pkg.devDependencies.jquery}.min.js`;
-            checkString(path.resolve(dir, 'index.html'), string, done);
-        });
-
-        it('"index.html" should contain the correct jQuery version in the local URL', (done) => {
-            const string = `js/vendor/jquery-${pkg.devDependencies.jquery}.min.js`;
-            checkString(path.resolve(dir, 'index.html'), string, done);
-        });
-
-        it('"index.html" should contain the correct Modernizr version in the local URL', (done) => {
-            const string = `js/vendor/modernizr-${pkg.devDependencies.modernizr}.min.js`;
-            checkString(path.resolve(dir, 'index.html'), string, done);
-        });
-
-        it('"main.css" should contain a custom banner', function (done) {
-            const string = `/*! HTML5 Boilerplate v${pkg.version} | ${pkg.license} License | ${pkg.homepage} */\n\n/*\n`;
-            checkString(path.resolve(dir, 'css/main.css'), string, done);
-        });
+  describe(`Test if the files from the "${dir}" directory have the expected content`, () => {
 
+    it('".htaccess" should have the "ErrorDocument..." line uncommented', (done) => {
+      const string = '\n\nErrorDocument 404 /404.html\n\n';
+      checkString(path.resolve(dir, '.htaccess'), string, done);
     });
 
+    it('"index.html" should contain the correct jQuery version in the CDN URL', (done) => {
+      const string = `code.jquery.com/jquery-${pkg.devDependencies.jquery}.min.js`;
+      checkString(path.resolve(dir, 'index.html'), string, done);
+    });
+
+    it('"index.html" should contain the correct jQuery version in the local URL', (done) => {
+      const string = `js/vendor/jquery-${pkg.devDependencies.jquery}.min.js`;
+      checkString(path.resolve(dir, 'index.html'), string, done);
+    });
+
+    it('"index.html" should contain the correct Modernizr version in the local URL', (done) => {
+      const string = `js/vendor/modernizr-${pkg.devDependencies.modernizr}.min.js`;
+      checkString(path.resolve(dir, 'index.html'), string, done);
+    });
+
+    it('"main.css" should contain a custom banner', function (done) {
+      const string = `/*! HTML5 Boilerplate v${pkg.version} | ${pkg.license} License | ${pkg.homepage} */\n`;
+      checkString(path.resolve(dir, 'css/main.css'), string, done);
+    });
+
+  });
+
 }
 
 runTests();

test/file_existence.js

@@ -1,5 +1,3 @@
-/* jshint mocha: true */
-
 import assert from 'assert';
 import fs from 'fs';
 import path from 'path';
@@ -10,55 +8,55 @@ import pkg  from './../package.json';
 const dirs = pkg['h5bp-configs'].directories;
 
 const expectedFilesInArchiveDir = [
-    `${pkg.name}_v${pkg.version}.zip`
+  `${pkg.name}_v${pkg.version}.zip`
 ];
 
 const expectedFilesInDistDir = [
 
-    '.editorconfig',
-    '.gitattributes',
-    '.gitignore',
-    '.htaccess',
-    '404.html',
-    'browserconfig.xml',
+  '.editorconfig',
+  '.gitattributes',
+  '.gitignore',
+  '.htaccess',
+  '404.html',
+  'browserconfig.xml',
 
-    'css/', // for directories, a `/` character
-            // should be included at the end
-        'css/main.css',
-        'css/normalize.css',
+  'css/', // for directories, a `/` character
+  // should be included at the end
+  'css/main.css',
+  'css/normalize.css',
 
-    'doc/',
-        'doc/TOC.md',
-        'doc/css.md',
-        'doc/extend.md',
-        'doc/faq.md',
-        'doc/html.md',
-        'doc/js.md',
-        'doc/misc.md',
-        'doc/usage.md',
+  'doc/',
+  'doc/TOC.md',
+  'doc/css.md',
+  'doc/extend.md',
+  'doc/faq.md',
+  'doc/html.md',
+  'doc/js.md',
+  'doc/misc.md',
+  'doc/usage.md',
 
-    'favicon.ico',
-    'humans.txt',
+  'favicon.ico',
+  'humans.txt',
 
-    'icon.png',
+  'icon.png',
 
-    'img/',
-        'img/.gitignore',
+  'img/',
+  'img/.gitignore',
 
-    'index.html',
+  'index.html',
 
-    'js/',
-        'js/main.js',
-        'js/plugins.js',
-        'js/vendor/',
-            `js/vendor/jquery-${pkg.devDependencies.jquery}.min.js`,
-            `js/vendor/modernizr-${pkg.devDependencies.modernizr}.min.js`,
+  'js/',
+  'js/main.js',
+  'js/plugins.js',
+  'js/vendor/',
+  `js/vendor/jquery-${pkg.devDependencies.jquery}.min.js`,
+  `js/vendor/modernizr-${pkg.devDependencies.modernizr}.min.js`,
 
-    'LICENSE.txt',
-    'robots.txt',
-    'site.webmanifest',
-    'tile-wide.png',
-    'tile.png'
+  'LICENSE.txt',
+  'robots.txt',
+  'site.webmanifest',
+  'tile-wide.png',
+  'tile.png'
 
 ];
 
@@ -66,51 +64,51 @@ const expectedFilesInDistDir = [
 
 function checkFiles(directory, expectedFiles) {
 
-    // Get the list of files from the specified directory
-    const files = glob.sync('**/*', {
-        'cwd': directory,
-        'dot': true,      // include hidden files
-        'mark': true      // add a `/` character to directory matches
+  // Get the list of files from the specified directory
+  const files = glob.sync('**/*', {
+    'cwd': directory,
+    'dot': true,      // include hidden files
+    'mark': true      // add a `/` character to directory matches
+  });
+
+  // Check if all expected files are present in the
+  // specified directory, and are of the expected type
+  expectedFiles.forEach((file) => {
+
+    let ok = false;
+    const expectedFileType = (file.slice(-1) !== '/' ? 'regular file' : 'directory');
+
+    // If file exists
+    if (files.indexOf(file) !== -1) {
+
+      // Check if the file is of the correct type
+      if (file.slice(-1) !== '/') {
+        // Check if the file is really a regular file
+        ok = fs.statSync(path.resolve(directory, file)).isFile();
+      } else {
+        // Check if the file is a directory
+        // (Since glob adds the `/` character to directory matches,
+        // we can simply check if the `/` character is present)
+        ok = (files[files.indexOf(file)].slice(-1) === '/');
+      }
+
+    }
+
+    it(`"${file}" should be present and it should be a ${expectedFileType}`, () =>{
+      assert.equal(true, ok);
     });
 
-    // Check if all expected files are present in the
-    // specified directory, and are of the expected type
-    expectedFiles.forEach( (file) => {
-
-        let ok = false;
-        const expectedFileType = (file.slice(-1) !== '/' ? 'regular file' : 'directory');
-
-        // If file exists
-        if (files.indexOf(file) !== -1) {
-
-            // Check if the file is of the correct type
-            if (file.slice(-1) !== '/') {
-                // Check if the file is really a regular file
-                ok = fs.statSync(path.resolve(directory, file)).isFile();
-            } else {
-                // Check if the file is a directory
-                // (Since glob adds the `/` character to directory matches,
-                // we can simply check if the `/` character is present)
-                ok = (files[files.indexOf(file)].slice(-1) === '/');
-            }
-
-        }
-
-        it(`"${file}" should be present and it should be a ${expectedFileType}`, () =>{
-            assert.equal(true, ok);
-        });
+  });
 
+  // List all files that should be NOT
+  // be present in the specified directory
+  (files.filter((file) => {
+    return expectedFiles.indexOf(file) === -1;
+  })).forEach((file) => {
+    it(`"${file}" should NOT be present`, () => {
+      assert(false);
     });
-
-    // List all files that should be NOT
-    // be present in the specified directory
-    (files.filter( (file) => {
-        return expectedFiles.indexOf(file) === -1;
-    })).forEach( (file) => {
-        it(`"${file}" should NOT be present`, () => {
-            assert(false);
-        });
-    });
+  });
 
 }
 
@@ -118,18 +116,18 @@ function checkFiles(directory, expectedFiles) {
 
 function runTests() {
 
-    describe('Test if all the expected files, and only them, are present in the build directories', () => {
-
-        describe(dirs.archive, () => {
-            checkFiles(dirs.archive, expectedFilesInArchiveDir);
-        });
-
-        describe(dirs.dist, () => {
-            checkFiles(dirs.dist, expectedFilesInDistDir);
-        });
+  describe('Test if all the expected files, and only them, are present in the build directories', () => {
 
+    describe(dirs.archive, () => {
+      checkFiles(dirs.archive, expectedFilesInArchiveDir);
     });
 
+    describe(dirs.dist, () => {
+      checkFiles(dirs.dist, expectedFilesInDistDir);
+    });
+
+  });
+
 }
 
 runTests();