From f36170a44a562f2eb40d74e2e62b6ed796fb6932 Mon Sep 17 00:00:00 2001
From: Michael McGinnis <michael@webimize.com>
Date: Thu, 12 Oct 2017 22:20:18 -0500
Subject: [PATCH] Update README.md

Updated text, added to Table of Contents
---
 README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 9fd2bba..733b9f3 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ What we are doing here is mostly collecting useful snippets from all over the in
     - [Password Protect a File or Several Files](#password-protect-a-file-or-several-files)
     - [Block Visitors by Referrer](#block-visitors-by-referrer)
     - [Prevent Framing the Site](#prevent-framing-the-site)
+    - [Help to Prevent Cross-Site Scripting](#help-to-prevent-cross-site-scripting)
 - [Performance](#performance)
     - [Compress Text Files](#compress-text-files)
     - [Set Expires Headers](#set-expires-headers)
@@ -329,12 +330,13 @@ This prevents the website to be framed (i.e. put into an `iframe` tag), when sti
 SetEnvIf Request_URI "/starry-night" allow_framing=true
 Header set X-Frame-Options SAMEORIGIN env=!allow_framing
 ```
-### Helps Prevent Cross-Site Scripting (XSS)
+
+### Help to Prevent Cross-Site Scripting
 This uses the built-in reflective XSS protection found in Internet Explorer, Chrome and Safari (Webkit) to block the response if it detects an attack.
+[Source](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection)
 ``` apacheconf
 Header always set X-Xss-Protection "1; mode=block"
 ```
-[Source](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection)
 
 ## Performance
 ### Compress Text Files