diff --git a/05_php_addressbook.md b/05_php_addressbook.md
deleted file mode 100644
index ea4ffb4..0000000
--- a/05_php_addressbook.md
+++ /dev/null
@@ -1,99 +0,0 @@
-# Enable PHP in Nginx
-
-run in bash:
-
-```bash
-sudo apt install php-fpm -y
-```
-
-get php version/sock
-
-```bash
-ls -l /run/php/*.sock
-```
-
-add to nginx config (server section):
-
-```nginx
-# pass PHP scripts to FastCGI server
-#
-location ~ \.php$ {
- include snippets/fastcgi-php.conf;
- fastcgi_pass unix:/run/php/php8.4-fpm.sock; # <-- use version from output above!
-}
-```
-
-validate nginx configuration & restart if ok:
-
-```bash
-sudo nginx -t
-sudo systemctl reload nginx
-```
-
-create Demo-App:
-
-```bash
-sudo vi /var/www/*domain-name*/*webapp*.php
-```
-
-## Demo Webapp (Addressbook)
-
-```php
-
-
-
-
-
- Demo: Addressbook
-
-
-
- Einfaches Adressbuch
-
-
-
-
-
- Einträge:
-
-
- Benutzer:
-
-
-
- Liste leeren
-
-
-
-
-```
-
-create txt file (as database):
-
-```bash
-cd /var/www/*domain-name*
-sudo touch names.txt
-sudo chown www-data:www-data names.txt
-sudo chown www-data:www-data *webapp*
-```
-
-testing the webapp:
-
-```
-http://*domain-name*/*webapp*.php
-```
-
diff --git a/06_xss_demo.md b/06_xss_demo.md
deleted file mode 100644
index f4b6281..0000000
--- a/06_xss_demo.md
+++ /dev/null
@@ -1,25 +0,0 @@
-# XSS/CSP Demo
-
-## Environment
-Demo App -> [Addressbook](enable_php.md)
-
-## Demo
-check that csp is not set in nginx
-
-## Browser
-add following name & press "Speichern":
-
-```html
-Charlie
-```
-
-and now type on your keyboard...
-
-## CSP
-set CSP in nginx config
-
-```nginx
-add_header Content-Security-Policy "default-src 'self'; script-src 'self';" always;
-```
-
-repeat the Demo.
\ No newline at end of file
diff --git a/07_header_manipulation.md b/07_header_manipulation.md
deleted file mode 100644
index 4f696a2..0000000
--- a/07_header_manipulation.md
+++ /dev/null
@@ -1,174 +0,0 @@
-# Nginx Header Manipulation
-Instructions to manipulate headers in nginx
-
-## Hide Webserver-Details
-The simplest (and anyhow recommended) configuration is to remove the webserver details.
-This will set the server header to `nginx` only (without any further details).
-This is done e.g. in the main configuration: `/etc/nginx/nginx.conf`
-
-```bash
-sudo vim /etc/nginx/nginx.conf
-```
-
-and uncomment or add following line:
-
-```nginx
-http {
-
- ##
- # Basic Settings
- ##
-
- [...]
- server_tokens off; # Recommended practice is to turn this off
- [...]
-}
-```
-
-## Hide/Replace Webserver at all
-To remove or add headers at all, the "headers more module" is needed.
-On debian/ubuntu the this module is included in the package `nginx-extras`.
-To verify if the package is already installed run:
-
-```bash
-sudo apt list nginx-extras --installed
-```
-
-to install the package run:
-
-```bash
-sudo apt install nginx-extras -y
-```
-
-to remove the Server header at all, modify the site configuration:
-
-```bash
-sudo vim /etc/nginx/sites-available/*site-name*
-```
-
-and add the following line to the server section:
-
-```nginx
-server {
- [...]
- more_clear_headers Server;
- [...]
-}
-```
-
-to replace it with a custom value, use following statement:
-
-```nginx
-server {
- [...]
- more_set_headers 'Server: Webserver';
- [...]
-}
-```
-
-## Security Header
-
-### X-Frame-Options
-instructs the browser to not show the website in an iframe.
-**Note:** The modern way is using `frame-ancestors` within the CSP header.
-edit the site configuration:
-
-```nginx
-server {
- [...]
- add_header X-Frame-Options DENY always; # disable being loaded as iframe at all
- add_header X-Frame-Options SAMEORIGIN always; # only from same domain allowed
- [...]
-}
-```
-
-### CSP
-
-#### XSS/CSP Demo
-Using Demo-App [Addressbook](enable_php.md)
-
-Using Instructions [XSS-Demo](xss_demo.md)
-
-#### Preparing Website for exercise
-as simple playground...add following code-block to the index.html (or index.nginx-debian.html) before **`