Skip to content

Jeff Balicki / FP_Canada

Go to a project
Toggle navigation
Toggle navigation pinning
7a91fd51 by Jeff Balicki
Options

headers 

Signed-off-by: Jeff <jeff@gotenzing.com>
1 parent a0f557c1
Expand all
Inline Side-by-side
Showing 73 changed files with 4630 additions and 85 deletions
msgid ""
msgstr ""
"Project-Id-Version: Headers Security Advanced & HSTS WP\n"
"POT-Creation-Date: 2021-11-04 20:22+0000\n"
"PO-Revision-Date: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 2.4.2\n"
"X-Poedit-Basepath: .\n"
"X-Poedit-KeywordsList: _e;__\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"Last-Translator: \n"
"Language: it\n"
"X-Poedit-SearchPath-0: ..\n"
#: ../includes/headers-security-advanced-hsts-admin-login.php:109
msgid "Please upgrade to the latest version of WordPress to activate"
msgstr "Effettua l’aggiornamento all’ultima versione di WordPress"
#. Plugin Name
#: ../includes/headers-security-advanced-hsts-admin-login.php:109
#: ../includes/headers-security-advanced-hsts-admin-login.php:141
#: ../includes/headers-security-advanced-hsts-admin-login.php:168
msgid "Headers Security Advanced & HSTS WP"
msgstr "Headers Security Advanced & HSTS WP"
#: ../includes/headers-security-advanced-hsts-admin-login.php:142
msgid ""
"This option allows you to set a networkwide default, which can be overridden "
"by individual sites. Simply go to to the site’s permalink settings to change "
"the url."
msgstr ""
"Questa opzione consente di impostare un valore predefinito per l’intera "
"rete, che può essere ignorato dai singoli siti. Basta andare alle "
"impostazioni permalink del sito per modificare l’URL."
#: ../includes/headers-security-advanced-hsts-admin-login.php:145
msgid "Networkwide default"
msgstr "Predefinito per l’intera rete"
#: ../includes/headers-security-advanced-hsts-admin-login.php:175
msgid "Login url"
msgstr "Url di accesso"
#: ../includes/headers-security-advanced-hsts-admin-login.php:183
msgid "Redirect URL"
msgstr "
#: ../includes/headers-security-advanced-hsts-admin-login.php:226
#, php-format
msgid ""
"To set a networkwide default, go to <a href=\"%s\">Network Settings</a>."
msgstr ""
"Per impostare una rete predefinita ampia, andate a <a href=\\”%s"
"\\”>Impostazioni di rete</a>."
#: ../includes/headers-security-advanced-hsts-admin-login.php.php:235
msgid "Use the slug name, example: "contact-me" - DO NOT USE the full website URL. If you leave the above field empty the plugin will add a redirect to the website homepage."
msgstr ""
#: ../includes/headers-security-advanced-hsts-admin-login.php:250
#, php-format
msgid ""
"Your login page is now here: <strong><a href=\"%1$s\">%2$s</a></strong>. "
"Bookmark this page!"
msgstr ""
"La tua pagina di accesso adesso si trova qui: <strong><a href=\\”%1$s\\”>"
"%2$s</a></strong>. Metti questa pagina nei preferiti!"
#: ../includes/headers-security-advanced-hsts-admin-login.php:256
#: ../includes/headers-security-advanced-hsts-admin-login.php:258
msgid "Settings"
msgstr "Impostazioni"
#: ../includes/headers-security-advanced-hsts-admin-login.php:275
msgid "This feature is not enabled."
msgstr "Questa funzione non è abilitata."
=== HTTP Headers ===
Contributors: zinoui
Donate link: https://zinoui.com/donation
Tags: custom headers, http headers, headers, security, http header, header, cross domain, cors, xss, clickjacking, mitm, cross origin, cross site, privacy, p3p, hsts, referrer, csp, caching, compression, access control, authentication
Requires at least: 3.2
Tested up to: 5.7.1
Requires PHP: 5.3
Stable tag: 1.18.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
HTTP Headers adds CORS & security HTTP headers to your website.
== Description ==
HTTP Headers gives your control over the http headers returned by your blog or website.
Headers supported by HTTP Headers includes:
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Max-Age
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
- Access-Control-Expose-Headers
- Age
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- Cache-Control
- Clear-Site-Data
- Connection
- Content-Encoding
- Content-Type
- Cross-Origin-Embedder-Policy
- Cross-Origin-Opener-Policy
- Cross-Origin-Resource-Policy
- Expect-CT
- Expires
- Feature-Policy
- NEL
- Permissions-Policy
- Pragma
- P3P
- Referrer-Policy
- Report-To
- Strict-Transport-Security
- Timing-Allow-Origin
- Vary
- WWW-Authenticate
- X-Content-Type-Options
- X-DNS-Prefetch-Control
- X-Download-Options
- X-Frame-Options
- X-Permitted-Cross-Domain-Policies
- X-Powered-By
- X-Robots-Tag
- X-UA-Compatible
- X-XSS-Protection
The [getting started tutorial](https://zinoui.com/blog/http-headers-for-wordpress) describes a typical configuration of this plugin.
== Installation ==
Upload the HTTP Headers plugin to your blog. Then activate it.
That's all.
== Frequently Asked Questions ==
= Why to use this plugin? =
Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.
= Who use these headers? =
These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.
== Screenshots ==
1. This screenshot shows up the dashboard with categories of the supported headers.
2. This screenshot shows up the headers of a chosen category and their current values.
3. This screenshot shows up the settings page where you can adjust the security headers.
4. This screenshot shows up the response headers returned by the web server.
== Upgrade Notice ==
Updates are on they way, so stay tuned at [@DimitarIvanov](https://twitter.com/DimitarIvanov)
== Changelog ==
= 1.18.5 =
*Release Date - 30th April, 2021*
* Configurable paths to files who store passwords for basic/digest auth
* Fixed issue with plugin activation, due missing file
= 1.18.4 =
*Release Date - 30th April, 2021*
* Initial value of X-Robots-Tag fixed
= 1.18.3 =
*Release Date - 30th April, 2021*
* Added "X-Robots-Tag" header
* Added "interest-cohort", "layout-animations", "legacy-image-formats", "oversized-images", and "wake-lock" directive to "Permissions-Policy" header
* Added "cross-origin" value to "Cross-Origin-Resource-Policy" header
* Added "navigate-to" and "prefetch-src" directives to "Content-Security-Policy" header
= 1.18.2 =
*Release Date - 24th April, 2021*
* Configurable paths to .htaccess and .user.ini files
= 1.18.1 =
*Release Date - 29th October, 2020*
* Added "allow-downloads" and "allow-top-navigation-by-user-activation" to "sandbox" directive, part of CSP
= 1.18.0 =
*Release Date - 20th September, 2020*
* Added "Permissions-Policy" header
* Fixed "Cookie Security"
= 1.17.0 =
*Release Date - 26th July, 2020*
* Added "Cross-Origin-Embedder-Policy" header
* Added "Cross-Origin-Opener-Policy" header
= 1.16.1 =
*Release Date - 23rd July, 2020*
* Fixed JS/CSS versioning
= 1.16.0 =
*Release Date - 23rd July, 2020*
* Added the "NEL" header
* Fixed the "Report-To" header
= 1.15.2 =
*Release Date - 18th June, 2020*
* Fixed a PHP Notice at "Expires" page
* Fixed comments in .user.ini file
= 1.15.1 =
*Release Date - 9th May, 2020*
* Fixed the "Access-Control-Allow-Origin" header
= 1.15.0 =
*Release Date - 26th January, 2020*
* Added the "Cross-Origin-Resource-Policy" header
* Removed the "Public-Key-Pins" header
= 1.14.2 =
*Release Date - 25th November, 2019*
* CORS headers updated (added "Vary: Origin")
= 1.14.1 =
*Release Date - 15th September, 2019*
* Simple filtering was replaced with Dynamic filtering
= 1.14.0 =
*Release Date - 1st September, 2019*
* Added the "Content-Type" header
* Fixed the "Access-Control-Allow-Credentials" header
* Improvement to "Access-Control-Allow-Headers" header
* Improvement to "Access-Control-Allow-Methods" header
* Improvement to "Access-Control-Expose-Headers" header
* Improvement to "Cache-Control" header
* Improvement to "Vary" header
= 1.13.4 =
*Release Date - 14th July, 2019*
* Added the "always" condition to Header (unset) directive
* Fixed the "import" function
* Fixed the "Access-Control-Allow-Origin" header
= 1.13.3 =
*Release Date - 16th June, 2019*
* Bugfix in "WWW-Authenticate" header
* Added support of Apache 2.4
= 1.13.2 =
*Release Date - 13th June, 2019*
* Bugfix in "Content-Encoding" header
* Bugfix in "Vary" header
= 1.13.1 =
*Release Date - 8th June, 2019*
* Added Brotli compression
= 1.13.0 =
*Release Date - 7th June, 2019*
* Added "SameSite" to Cookie Security
* Fixed import/export function
* Code refactoring
= 1.12.2 =
*Release Date - 5th April, 2019*
* UI improvement for Content-Security-Policy
* Fix for Access-Control-Allow-Headers
* Fix for Access-Control-Allow-Origin
* Fix for Feature-Policy
= 1.12.1 =
*Release Date - 9th January, 2019*
* Remove direct calls to cURL
= 1.12.0 =
*Release Date - 5th January, 2019*
* Better handling of activate/deactivate functions
= 1.11.0 =
*Release Date - 9th December, 2018*
* Added support of "Clear-Site-Data" header
= 1.10.5 =
*Release Date - 6th November, 2018*
* Hotfix: parallel work with third-party plugins
= 1.10.4 =
*Release Date - 30th September, 2018*
* Support of following Server APIs: CGI, FastCGI, PHP-FPM
* Error handling improvement
= 1.10.3 =
*Release Date - 8th August, 2018*
* HSTS improvement
* CORS improvement
= 1.10.2 =
*Release Date - 31st July, 2018*
* Export feature bug-fixed
= 1.10.1 =
*Release Date - 18th July, 2018*
* Feature-Policy header update: new features added
= 1.10.0 =
*Release Date - 17th July, 2018*
* Added support of "Feature-Policy" header
= 1.9.5 =
*Release Date - 12th July, 2018*
* CORS bugfix
= 1.9.4 =
*Release Date - 13th January, 2018*
* In-plugin security improvement
= 1.9.3 =
*Release Date - 10th January, 2018*
* Bug fix
= 1.9.2 =
*Release Date - 4th January, 2018*
* Security improvements
= 1.9.1 =
*Release Date - 27th December, 2017*
* Updated translations
= 1.9.0 =
*Release Date - 23th December, 2017*
* Added support of "Report-To" header
* Added support of translations
* Added support of Import/Export
* Updated "Content-Security-Policy" header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
* Updated "WWW-Authenticate" header (support multiple users)
* Updated "Access-Control" headers (added list of origins)
= 1.8.0 =
*Release Date - 31st August, 2017*
* Added support of "Timing-Allow-Origin" header
* Added support of "X-Download-Options" header
* Added support of "X-DNS-Prefetch-Control" header
* Added support of "X-Permitted-Cross-Domain-Policies" header
* Added support of Custom headers
= 1.7.1 =
*Release Date - 18th August, 2017*
* PHP notice bugfixed
= 1.7.0 =
*Release Date - 15th August, 2017*
* Added support of "Content-Security-Policy-Report-Only" header
* Added support of "Public-Key-Pins-Report-Only" header
* Added "1; report=<reporting-URI>" directive to the "X-XSS-Protection" header
* Added "Inspect headers" tool
* UI bugfixes
= 1.6.0 =
*Release Date - 5th August, 2017*
* Added support of "Expect-CT" header
= 1.5.0 =
*Release Date - 30th July, 2017*
* Added support of "Age" header
* Added support of "Cache-Control" header
* Added support of "Connection" header
* Added support of "Content-Encoding" header
* Added support of "Expires" header
* Added support of "Pragma" header
* Added support of "Vary" header
* Added support of "WWW-Authenticate" header
* Added support of "X-Powered-By" header
* Added support of "Secure" and "HttpOnly" cookies
= 1.4.0 =
*Release Date - 5th July, 2017*
* Added support of Apache (via htaccess) inclusion method
= 1.3.0 =
*Release Date - 3rd June, 2017*
* Added support of Content-Security-Policy header
* Added dashboard
= 1.2.0 =
*Release Date - 28th April, 2017*
* Added support of Referrer-Policy header
= 1.1.2 =
*Release Date - 13th February, 2017*
* Added support of 'preload' directive to HSTS header
= 1.1.1 =
*Release Date - 8th November, 2016*
* Fixed typo in the X-Frame-Options header
= 1.1.0 =
*Release Date - 20th May, 2016*
* Added support of P3P header
= 1.0.0 =
*Release Date - 10th May, 2016*
* Initial version
select.readonly,
select[readonly] {
background-color: #eee;
}
.hh-table > tbody > tr > th,
.hh-table > tbody > tr > td,
.hh-table td{
vertical-align: top;
}
.hh-table tbody td.hh-td-inner{
padding: 0;
}
.hh-table > tbody > tr > th{
width: 35%;
}
.hh-table > tbody > tr > td:nth-child(2){
width: 10%;
}
.hh-table > tbody > tr > th .description{
font-weight: normal;
}
.hh-table .hh-center{
text-align: center;
}
.hh-table .hh-middle{
vertical-align: middle;
}
.hh-table .hh-p-sm td,
.hh-table .hh-p-sm th{
padding: 8px 5px;
}
.hh-bordered{
border-collapse: collapse;
}
.hh-bordered th,
.hh-bordered td{
border: dashed 1px #999;
}
.hh-panel{
background-color: #fff;
padding: .7em 2em 1em;
-webkit-box-shadow: 0 1px 1px rgba(0,0,0,.04);
-moz-box-shadow: 0 1px 1px rgba(0,0,0,.04);
box-shadow: 0 1px 1px rgba(0,0,0,.04);
border: 1px solid #e5e5e5;
margin: 20px 0 0;
}
.hh-index-table{
border-collapse: separate;
border-spacing: 0;
width: 100%;
}
.hh-index-table tbody{
border-left: solid 1px rgba(0,0,0,.1);
border-right: solid 1px rgba(0,0,0,.1);
}
.hh-index-table th{
background-color: #fff;
font-weight: normal;
padding: 8px 10px;
text-align: left;
}
.hh-index-table td{
background-color: #fff;
color: gray;
padding: 8px 10px;
}
.hh-index-table td:first-child{
border-left: 4px solid #fff;
}
.hh-index-table .active td{
background-color: #f7fcfe;
color: green;
}
.hh-index-table .active td:first-child{
border-left: 4px solid #00a0d2;
}
.hh-index-table td{
box-shadow: 0 -1px 0 rgba(0,0,0,.1);
}
.hh-index-table .hh-status{
text-align: center;
}
.hh-index-table .hh-status span{
display: inline-block;
border-radius: 3px;
padding: 2px 5px;
}
.hh-index-table .hh-status-on span{
background-color: green;
color: #fff;
}
.hh-index-table .hh-status-off span{
background-color: #aaa;
color: #fff;
}
.hh-notice{
background-color: #FFFFCC;
margin: 20px 0;
padding: 8px 10px;
}
.hh-breadcrumbs{
}
.hh-breadcrumbs li{
display: inline-block;
}
.hh-breadcrumbs li:not(:last-child):after {
content: "\00A0\00BB\00A0";
display: inline-block;
}
.hh-breadcrumbs li a{
}
.hh-highlight{
background-color: #333;
color: #fff;
font-weight: 400;
padding: 3px 7px;
}
.hh-results{
border-collapse: collapse;
width: 100%;
}
.hh-results thead th,
.hh-results tbody td{
border-top: solid 1px #e0e0e0;
padding: 5px 5px 5px 0;
text-align: left;
}
.hh-results thead th{
border: none;
}
.hh-results tbody tr td:first-child{
white-space: nowrap;
}
.hh-results tbody tr.hh-found td{
background-color: #f7fcfe;
}
.hh-results tbody tr.hh-found td:first-child{
color: green;
}
.form-field .form-label{
font-weight: bold;
}
.form-field .form-lbl{
display: inline-block;
margin: 0 10px 0 0;
}
.form-row .form-col-6{
float: left;
width: 50%;
}
.form-row:after{
clear: left;
content: '';
display: table;
zoom: 1;
}
.hh-tabs > ul{
margin-bottom: -1px;
}
.hh-tabs > ul:after{
content: '';
display: table;
clear: left;
zoom: 1;
}
.hh-tabs > ul > li{
background-color: #fff;
border: solid 1px #ccc;
border-bottom: none;
display: inline-block;
float: left;
margin: 0 5px 0 0;
padding: 0;
}
.hh-tabs > ul > li a{
color: #222;
display: inline-block;
padding: 5px 10px;
text-decoration: none;
}
.hh-tabs > ul > li.hh-active{
border: solid 1px #222;
border-bottom-color: #fff;
}
.hh-tabs .hh-tab-active{
background-color: #fff;
border: solid 1px #222;
padding: 20px;
}
.hh-textarea-manual{
width: 100%;
}
.hh-hidden{
display: none;
}
.hh-wrapper{
}
.hh-sidebar{
float: right;
width: 20%;
}
.hh-sidebar-inner{
background-color: #fff;
border: solid 1px #92D295;
padding: 15px;
}
.hh-sidebar-inner h3{
margin: 0;
}
.hh-categories{
float: left;
width: 80%;
}
.hh-categories *{
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
.hh-wrapper:after,
.hh-categories:after{
content: '';
clear: both;
display: table;
zoom: 1;
}
a.hh-category{
background-color: #fff;
border: solid 1px #92D295;
display: inline-block;
float: left;
font-size: 16px;
height: 168px;
margin: 0 3% 3% 0;
position: relative;
text-align: center;
text-decoration: none;
text-transform: uppercase;
width: 30%;
}
a.hh-category i {
background-color: #92D295;
display: inline-block;
height: 48px;
margin: 35px 0 0;
text-align: center;
width: 48px;
-webkit-transform: rotate(20deg);
-moz-transform: rotate(20deg);
-ms-transform: rotate(20deg);
-o-transform: rotate(20deg);
}
a.hh-category i:after {
background-color: #92D295;
content: "";
display: inline-block;
height: 48px;
width: 48px;
-webkit-transform: rotate(135deg);
-moz-transform: rotate(135deg);
-ms-transform: rotate(135deg);
-o-transform: rotate(135deg);
}
a.hh-category span{
display: block;
color: #fff;
font-size: 24px;
font-weight: 600;
text-transform: uppercase;
left: 0;
position: absolute;
top: 48px;
width: 100%;
}
a.hh-category strong{
display: block;
font-weight: normal;
margin: 20px 0 0;
}
a.hh-category:hover{
box-shadow: 0 0 3px #6EC271;
}
a.hh-category:hover i{
-webkit-transform: rotate(160deg);
-moz-transform: rotate(160deg);
-ms-transform: rotate(160deg);
-o-transform: rotate(160deg);
-webkit-transition: -webkit-transform 0.5s ease-out;
-moz-transition: -moz-transform 0.5s ease-out;
-o-transition: -o-transform 0.5s ease-out;
transition: transform 0.5s ease-out;
}
.hh-p{
margin: 0.5em 0;
}
.hh-csv-value {
padding-left: 25px;
}
@media (min-width: 1280px) {
a.hh-category{
max-width: 260px;
}
}
@media (max-width: 960px) {
a.hh-category{
margin: 0 5% 20px;
width: 40%;
}
.hh-categories{
width: 70%;
}
.hh-sidebar{
width: 30%;
}
}
@media (max-width: 768px) {
.hh-categories{
width: 65%;
}
.hh-sidebar{
width: 35%;
}
}
@media (max-width: 640px) {
a.hh-category{
float: none;
margin: 0 0 20px;
width: 100%;
}
.hh-categories{
width: 55%;
}
.hh-sidebar{
width: 40%;
}
}
@media (max-width: 468px) {
a.hh-category{
max-width: 260px;
}
.hh-categories,
.hh-sidebar{
float: none;
margin: 0 auto;
max-width: 250px;
width: 100%;
}
}
\ No newline at end of file
<?php
// If uninstall is not called from WordPress, exit
if ( !defined( 'WP_UNINSTALL_PLUGIN' ) ) {
exit();
}
$options = include dirname(__FILE__) . '/views/includes/options.inc.php';
foreach ($options as $option)
{
delete_option( $option[0] );
}
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Credentials
<p class="description"><?php _e('The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Credentials</legend>
<?php
$access_control_allow_credentials = get_option('hh_access_control_allow_credentials', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_credentials" value="<?php echo $k; ?>"<?php checked($access_control_allow_credentials, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acac' ); ?>
<?php do_settings_sections( 'http-headers-acac' ); ?>
<select name="hh_access_control_allow_credentials_value" class="http-header-value"<?php echo $access_control_allow_credentials == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('true');
$access_control_allow_credentials_value = get_option('hh_access_control_allow_credentials_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($access_control_allow_credentials_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Headers
<p class="description"><?php _e('The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Credentials</legend>
<?php
$access_control_allow_headers = get_option('hh_access_control_allow_headers', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_headers" value="<?php echo $k; ?>"<?php checked($access_control_allow_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acah' ); ?>
<?php do_settings_sections( 'http-headers-acah' ); ?>
<table><tbody><tr>
<?php
$access_control_allow_headers_value = get_option('hh_access_control_allow_headers_value');
if (!$access_control_allow_headers_value)
{
$access_control_allow_headers_value = array();
}
$i = 0;
array_unshift($headers_list, '*');
foreach ($headers_list as $item) {
if (in_array($item, $cors_safe_request_headers)) {
continue;
}
if ($i % 3 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_access_control_allow_headers_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_allow_headers_value) ? NULL : ' checked'; ?><?php echo $access_control_allow_headers == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
$i += 1;
}
?>
</tr></tbody></table>
<table><tbody>
<?php
$access_control_allow_headers_custom = get_option('hh_access_control_allow_headers_custom');
if (is_array($access_control_allow_headers_custom))
{
foreach ($access_control_allow_headers_custom as $header)
{
?>
<tr>
<td><input type="text" name="hh_access_control_allow_headers_custom[]"
class="http-header-value" size="35"
value="<?php echo esc_attr($header); ?>"<?php echo $access_control_allow_headers == 1 ? NULL : ' readonly'; ?> />
</td>
<td>
<button type="button" class="button button-small hh-btn-delete-ac"
title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button>
</td>
</tr>
<?php
}
}
?>
<tr>
<td colspan="2">
<button type="button" class="button hh-btn-add-ac" data-name="hh_access_control_allow_headers_custom[]">+ <?php _e('Add header', 'http-headers'); ?></button>
</td>
</tr>
</tbody></table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Methods
<p class="description"><?php _e('The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Methods</legend>
<?php
$access_control_allow_methods = get_option('hh_access_control_allow_methods', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_methods" value="<?php echo $k; ?>"<?php checked($access_control_allow_methods, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acam' ); ?>
<?php do_settings_sections( 'http-headers-acam' ); ?>
<?php
$items = array('*', 'GET', 'POST', 'OPTIONS', 'HEAD', 'PUT', 'DELETE', 'TRACE', 'CONNECT', 'PATCH');
$access_control_allow_methods_value = get_option('hh_access_control_allow_methods_value');
if (!$access_control_allow_methods_value)
{
$access_control_allow_methods_value = array();
}
foreach ($items as $item)
{
?><p><label><input type="checkbox" class="http-header-value" name="hh_access_control_allow_methods_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_allow_methods_value) ? NULL : ' checked'; ?><?php echo $access_control_allow_methods == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></p><?php
}
?>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Origin
<p class="description"><?php _e('The Access-Control-Allow-Origin header indicates whether a resource can be shared.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Origin</legend>
<?php
$access_control_allow_origin = get_option('hh_access_control_allow_origin', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_origin" value="<?php echo $k; ?>"<?php checked($access_control_allow_origin, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acao' ); ?>
<?php do_settings_sections( 'http-headers-acao' ); ?>
<?php
$access_control_allow_origin_url = get_option('hh_access_control_allow_origin_url');
if (is_scalar($access_control_allow_origin_url))
{
$access_control_allow_origin_url = array($access_control_allow_origin_url);
}
if (!is_array($access_control_allow_origin_url))
{
$access_control_allow_origin_url = array(NULL);
}
?>
<table>
<tr>
<td>
<select name="hh_access_control_allow_origin_value" class="http-header-value"<?php echo $access_control_allow_origin == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('*', 'origin', 'null');
$access_control_allow_origin_value = get_option('hh_access_control_allow_origin_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($access_control_allow_origin_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
<td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>"><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr(@$access_control_allow_origin_url[0]); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
<td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">&nbsp;</td>
</tr>
<?php
foreach ($access_control_allow_origin_url as $i => $url)
{
if ($i == 0)
{
continue;
}
?>
<tr class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
<td>&nbsp;</td>
<td><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr($url); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
<td><button type="button" class="button button-small hh-btn-delete-origin" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
</tr>
<?php
}
?>
<tr class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
<td>&nbsp;</td>
<td><button type="button" class="button hh-btn-add-origin">+ <?php _e('Add origin', 'http-headers'); ?></button></td>
<td>&nbsp;</td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Expose-Headers
<p class="description"><?php _e('The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Expose-Headers</legend>
<?php
$access_control_expose_headers = get_option('hh_access_control_expose_headers', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_expose_headers" value="<?php echo $k; ?>"<?php checked($access_control_expose_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-aceh' ); ?>
<?php do_settings_sections( 'http-headers-aceh' ); ?>
<?php
$access_control_expose_headers_value = get_option('hh_access_control_expose_headers_value');
if (!$access_control_expose_headers_value)
{
$access_control_expose_headers_value = array();
}
?>
<table><tbody><tr>
<?php
$i = 0;
array_unshift($headers_list, '*');
foreach ($headers_list as $item) {
if (in_array($item, $cors_safe_response_headers) || in_array($item, $cors_safe_request_headers))
{
continue;
}
if ($i % 3 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_access_control_expose_headers_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_expose_headers_value) ? NULL : ' checked'; ?><?php echo $access_control_expose_headers == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
$i += 1;
}
?>
</tr>
</tbody></table>
<table><tbody>
<?php
$access_control_expose_headers_custom = get_option('hh_access_control_expose_headers_custom');
if (is_array($access_control_expose_headers_custom))
{
foreach ($access_control_expose_headers_custom as $header)
{
?>
<tr>
<td><input type="text" name="hh_access_control_expose_headers_custom[]" class="http-header-value" size="35" value="<?php echo esc_attr($header); ?>"<?php echo $access_control_expose_headers == 1 ? NULL : ' readonly'; ?> /></td>
<td><button type="button" class="button button-small hh-btn-delete-ac" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
</tr>
<?php
}
}
?>
<tr>
<td colspan="2">
<button type="button" class="button hh-btn-add-ac" data-name="hh_access_control_expose_headers_custom[]">+ <?php _e('Add header', 'http-headers'); ?></button>
</td>
</tr>
</tbody></table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Max-Age
<p class="description"><?php _e('The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Max-Age</legend>
<?php
$access_control_max_age = get_option('hh_access_control_max_age', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_max_age" value="<?php echo $k; ?>"<?php checked($access_control_max_age, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acma' ); ?>
<?php do_settings_sections( 'http-headers-acma' ); ?>
<input type="text" name="hh_access_control_max_age_value" class="http-header-value" value="<?php echo esc_attr(get_option('hh_access_control_max_age_value')); ?>"<?php echo $access_control_max_age == 1 ? NULL : ' checked'; ?>>
<?php _e('seconds', 'http-headers'); ?>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<form method="post" action="options.php" accept-charset="utf-8">
<?php settings_fields( 'http-headers-mtd' ); ?>
<?php do_settings_sections( 'http-headers-mtd' ); ?>
<div style="overflow: hidden">
<div style="float: left; width: 49%">
<table class="hh-index-table">
<thead>
<tr>
<th>Directive</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr class="active">
<td>PHP version</td>
<td><?php echo PHP_VERSION; ?></td>
</tr>
<tr class="active">
<td>Server Software</td>
<td><?php echo getenv('SERVER_SOFTWARE'); ?></td>
</tr>
<tr class="active">
<td>Server API</td>
<td><?php echo PHP_SAPI; ?></td>
</tr>
<tr class="active">
<td>user_ini.filename</td>
<td><?php echo ini_get('user_ini.filename'); ?></td>
</tr>
</tbody>
</table>
</div>
<section class="hh-panel" style="float: right; width: 49%; box-sizing: border-box; margin: 0">
<table style="width: 100%">
<thead>
<tr>
<th colspan="2" style="text-align: left"><?php _e('Setup Location', 'http-headers'); ?></th>
</tr>
</thead>
<tbody>
<tr>
<td>Location of <code>.htaccess</code></td>
<td><input type="text" name="hh_htaccess_path" placeholder="<?php echo get_home_path(); ?>.htaccess" style="width: 100%" value="<?php echo get_option('hh_htaccess_path'); ?>"></td>
</tr>
<tr>
<td>Location of <code>.user.ini</code></td>
<td><input type="text" name="hh_user_ini_path" placeholder="<?php echo get_home_path(); ?>.user.ini" style="width: 100%" value="<?php echo get_option('hh_user_ini_path'); ?>"></td>
</tr>
<tr>
<td>Location of <code>.hh-htpasswd</code></td>
<td><input type="text" name="hh_htpasswd_path" placeholder="<?php echo get_home_path(); ?>.hh-htpasswd" style="width: 100%" value="<?php echo get_option('hh_htpasswd_path'); ?>"></td>
</tr>
<tr>
<td>Location of <code>.hh-htdigest</code></td>
<td><input type="text" name="hh_htdigest_path" placeholder="<?php echo get_home_path(); ?>.hh-htdigest" style="width: 100%" value="<?php echo get_option('hh_htdigest_path'); ?>"></td>
</tr>
<tr>
<td></td>
<td><?php submit_button(null, 'primary', null, false); ?></td>
</tr>
</tbody>
</table>
</section>
</div>
<section class="hh-panel">
<table class="form-table hh-table">
<tbody>
<tr valign="top">
<th scope="row"><?php _e('Default mode', 'http-headers'); ?>
<p class="description"><?php _e('Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method.', 'http-headers'); ?></p>
</th>
<td>&nbsp;</td>
<td>
<fieldset>
<?php
$items = array(
'php' => __('Use PHP to send headers (deprecated)', 'http-headers'),
'htaccess' => __('Use Apache (mod_headers) to send headers', 'http-headers'),
);
$method = get_option('hh_method');
foreach ($items as $key => $val) {
?><p><label><input type="radio" name="hh_method" value="<?php echo $key; ?>"<?php checked($method, $key, true); ?>><?php echo $val; ?></label></p><?php
}
?>
</fieldset>
</td>
</tr>
</tbody>
</table>
<?php submit_button(); ?>
</section>
</form>
<section class="hh-panel">
<table class="form-table hh-table">
<tbody>
<tr valign="top">
<th scope="row"><?php _e('Export', 'http-headers'); ?>
<p class="description"><?php _e('Export the plugin current state of settings for later use if recovery needs.', 'http-headers'); ?></p>
</th>
<td>&nbsp;</td>
<td>
<fieldset>
<form method="post" action="<?php echo admin_url('admin-post.php'); ?>" target="_blank">
<?php wp_nonce_field('export'); ?>
<input type="hidden" name="action" value="export">
<button type="submit" class="button button-primary"><?php _e('Export settings', 'http-headers'); ?></button>
</form>
</fieldset>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e('Import', 'http-headers'); ?>
<p class="description"><?php _e('Import a previously saved state of settings.', 'http-headers'); ?></p>
</th>
<td>&nbsp;</td>
<td>
<fieldset>
<form method="post" action="<?php echo admin_url('admin-post.php'); ?>" enctype="multipart/form-data">
<?php wp_nonce_field('import'); ?>
<input type="hidden" name="action" value="import">
<input type="file" name="file" id="hh-import-file" class="hh-hidden">
<div class="button-group">
<button type="button" class="button hh-btn-import-choose"><?php _e('Choose file...', 'http-headers'); ?></button>
<button type="submit" class="button button-primary"><?php _e('Import settings', 'http-headers'); ?></button>
</div>
<p id="hh-import-name"></p>
</form>
</fieldset>
</td>
</tr>
</tbody>
</table>
</section>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Age
<p class="description"><?php _e('The Age header contains the time in seconds the object has been in a proxy cache.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Age"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Age</legend>
<?php
$age = get_option('hh_age', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_age" value="<?php echo $k; ?>"<?php checked($age, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-age' ); ?>
<?php do_settings_sections( 'http-headers-age' ); ?>
<input type="text" name="hh_age_value" class="http-header-value" size="5" value="<?php echo esc_attr(get_option('hh_age_value')); ?>"<?php echo $age == 1 ? NULL : ' checked'; ?>>
<?php _e('seconds', 'http-headers'); ?>
</td>
</tr>
\ No newline at end of file
<?php
if (!(isset($_POST['url']) && preg_match('|^https?://|', $_POST['url'])))
{
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('URL malformed', 'http-headers'); ?></span></h3>
</section>
<?php
exit;
}
include 'includes/config.inc.php';
$args = array();
if (isset($_POST['authentication'], $_POST['username'], $_POST['password'])
&& !empty($_POST['username'])
&& !empty($_POST['password'])
)
{
$args['headers'] = array(
'Authorization' => sprintf('Basic %s', base64_encode($_POST['username'] .':'. $_POST['password']))
);
}
$response = wp_remote_head($_POST['url'], $args);
$status = wp_remote_retrieve_response_code($response);
$dictionary = wp_remote_retrieve_headers($response);
$responseHeaders = $dictionary ? $dictionary->getAll() : array();
if ($status !== 200)
{
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('HTTP Status', 'http-headers'); ?>: <?php echo $status; ?></span></h3>
<p><?php
switch ($status)
{
case 400:
echo 'Bad Request';
break;
case 401:
echo 'Unauthorized';
break;
case 403:
echo 'Forbidden';
break;
case 404:
echo 'Not Found';
break;
case 405:
echo 'Method Not Allowed';
break;
default:
}
?></p>
</section>
<?php
exit;
}
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('Response headers', 'http-headers'); ?></span></h3>
<table class="hh-results">
<thead>
<tr>
<th style="width: 30%"><?php _e('Header', 'http-headers'); ?></th>
<th><?php _e('Value', 'http-headers'); ?></th>
</tr>
</thead>
<tbody>
<?php
$reportOnly = array('content-security-policy-report-only');
foreach ($responseHeaders as $k => $v)
{
$k = strtolower($k);
$found = in_array($k, $reportOnly);
$v = is_array($v) ? join(", ", $v) : $v;
?>
<tr<?php echo array_key_exists($k, $headers) || $found ? ' class="hh-found"' : NULL; ?>>
<td><?php echo htmlspecialchars($k); ?></td>
<td><?php echo htmlspecialchars($v); ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</section>
<?php
$special = array('content-security-policy');
$exclude = array('custom-headers', 'cookie-security', 'x-powered-by');
$missing = array();
foreach ($headers as $k => $v)
{
if (!array_key_exists($k, $responseHeaders)
&& !in_array($k, $exclude)
&& !(in_array($k, $special) && array_key_exists($k . '-report-only', $responseHeaders) ))
{
$missing[$k] = @$categories[$v[2]];
}
}
if (!empty($missing))
{
asort($missing);
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('Missing headers', 'http-headers'); ?></span></h3>
<table class="hh-results">
<thead>
<tr>
<th style="width: 30%"><?php _e('Header', 'http-headers'); ?></th>
<th><?php _e('Category', 'http-headers'); ?></th>
</tr>
</thead>
<tbody>
<?php
foreach ($missing as $k => $v)
{
?>
<tr>
<td><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;header=<?php echo htmlspecialchars($k); ?>"><?php echo $k; ?></a></td>
<td><?php echo $v; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</section>
<?php
}
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cache-Control
<p class="description"><?php _e('The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cache-Control</legend>
<?php
$cache_control = get_option('hh_cache_control', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cache_control" value="<?php echo $k; ?>"<?php checked($cache_control, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-cc' ); ?>
<?php do_settings_sections( 'http-headers-cc' ); ?>
<?php
$items = array(
'must-revalidate' => 'bool',
'no-cache' => 'bool',
'no-store' => 'bool',
'no-transform' => 'bool',
'public' => 'bool',
'private' => 'bool',
'proxy-revalidate' => 'bool',
'max-age' => 'int',
's-maxage' => 'int',
'immutable' => 'bool',
'stale-while-revalidate' => 'int',
'stale-if-error' => 'int',
);
?>
<table>
<?php
$cache_control_value = get_option('hh_cache_control_value');
if (!$cache_control_value)
{
$cache_control_value = array();
}
foreach ($items as $item => $type)
{
?>
<tr>
<td><label for="hh_cache_control_value_<?php echo $item; ?>"><?php echo $item; ?></label></td>
<td><?php
switch ($type) {
case 'bool':
?><input type="checkbox" class="http-header-value" name="hh_cache_control_value[<?php echo $item; ?>]" id="hh_cache_control_value_<?php echo $item; ?>" value="1"<?php checked(array_key_exists($item, $cache_control_value), 1, true); ?>><?php
break;
case 'int':
?><input type="text" class="http-header-value" name="hh_cache_control_value[<?php echo $item; ?>]" id="hh_cache_control_value_<?php echo $item; ?>" size="6" value="<?php echo array_key_exists($item, $cache_control_value) && strlen($cache_control_value[$item]) > 0 ? (int) $cache_control_value[$item] : NULL; ?>"> <?php _e('seconds', 'http-headers');
break;
}
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<table class="hh-index-table">
<thead>
<tr>
<th><?php _e('Header', 'http-headers'); ?></th>
<th style="width: 45%"><?php _e('Value', 'http-headers'); ?></th>
<th class="hh-status"><?php _e('Status', 'http-headers'); ?></th>
<th></th>
</tr>
</thead>
<tbody>
<?php
foreach ($headers as $index => $item)
{
if (@$_GET['category'] != $item[2])
{
continue;
}
$key = $item[1];
$option = get_option($key, 0);
$isOn = (int) $option === 1;
$value = NULL;
if ($isOn)
{
$value = get_option($key .'_value');
switch ($key)
{
case 'hh_age':
$value = (int) $value;
break;
case 'hh_p3p':
if (!empty($value))
{
$value = sprintf('CP="%s"', join(' ', array_keys($value)));
}
break;
case 'hh_x_xxs_protection':
if ($value == '1; report=') {
$value .= get_option('hh_x_xxs_protection_uri');
}
break;
case 'hh_x_powered_by':
if (get_option('hh_x_powered_by_option') == 'unset') {
$value = '[Unset]';
}
break;
case 'hh_x_frame_options':
$value = strtoupper($value);
if ($value == 'ALLOW-FROM')
{
$value .= ' ' . get_option('hh_x_frame_options_domain');
}
break;
case 'hh_strict_transport_security':
$tmp = array();
$hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
if ($hh_strict_transport_security_max_age !== false)
{
$tmp[] = sprintf('max-age=%u', $hh_strict_transport_security_max_age);
if (get_option('hh_strict_transport_security_sub_domains'))
{
$tmp[] = 'includeSubDomains';
}
if (get_option('hh_strict_transport_security_preload'))
{
$tmp[] = 'preload';
}
} else {
$tmp = array(get_option('hh_strict_transport_security_value'));
}
if (!empty($tmp))
{
$value = join('; ', $tmp);
}
break;
case 'hh_timing_allow_origin':
if ($value == 'origin')
{
$value = get_option('hh_timing_allow_origin_url');
}
break;
case 'hh_access_control_allow_origin':
if ($value == 'origin')
{
$value = join('<br>', get_option('hh_access_control_allow_origin_url', array()));
}
break;
case 'hh_access_control_expose_headers':
case 'hh_access_control_allow_headers':
case 'hh_access_control_allow_methods':
$value = join(', ', array_keys($value));
break;
case 'hh_content_security_policy':
$value = build_csp_value($value);
if (get_option('hh_content_security_policy_report_only')) {
$item[0] .= '-Report-Only';
}
break;
case 'hh_content_encoding':
$value = !$value ? null : join(', ', array_keys($value));
$ext = get_option('hh_content_encoding_ext');
if (!empty($ext)) {
$ext = join(', ', array_keys($ext));
$value .= (!empty($value) ? '<br>' : null) . $ext;
}
$module = get_option('hh_content_encoding_module');
switch ($module) {
case 'brotli_deflate':
$enc = 'br, gzip';
break;
case 'brotli':
$enc = 'br';
break;
case 'deflate':
default:
$enc = 'gzip';
break;
}
$value = !empty($value) ? sprintf('%s (%s)', $enc, $value) : $enc;
break;
case 'hh_vary':
$value = !$value ? null : join(', ', array_keys($value));
break;
case 'hh_www_authenticate':
$value = get_option('hh_www_authenticate_type');
break;
case 'hh_cache_control':
$tmp = array();
foreach ($value as $k => $v) {
if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) {
if (strlen($v) > 0) {
$tmp[] = sprintf("%s=%u", $k, $v);
}
} else {
$tmp[] = $k;
}
}
$value = join(', ', $tmp);
break;
case 'hh_expires':
$tmp = array();
$types = get_option('hh_expires_type', array());
foreach ($types as $type => $whatever) {
list($base, $period, $suffix) = explode('_', $value[$type]);
if (in_array($base, array('access', 'modification'))) {
$tmp[] = $type != 'default'
? sprintf('%s = "%s plus %u %s"', $type, $base, $period, $suffix)
: sprintf('default = "%s plus %u %s"', $base, $period, $suffix);
} elseif ($base == 'invalid') {
$tmp[] = $type != 'default'
? sprintf('%s = A0', $type)
: sprintf('default = A0');
}
}
$value = join('<br>', $tmp);
break;
case 'hh_cookie_security':
if (is_array($value)) {
if (isset($value['SameSite']) && !is_samesite_supported()) {
unset($value['SameSite']);
}
}
$value = is_array($value) && !empty($value)
? '&#10004; ' . join(' &#10004; ', array_keys($value))
: NULL;
break;
case 'hh_expect_ct':
$tmp = array();
$tmp[] = sprintf('max-age=%u', get_option('hh_expect_ct_max_age'));
if (get_option('hh_expect_ct_enforce') == 1) {
$tmp[] = 'enforce';
}
$tmp[] = sprintf('report-uri="%s"', get_option('hh_expect_ct_report_uri'));
$value = join(', ', $tmp);
break;
case 'hh_custom_headers':
$_names = array($item[0]);
$_values = array('&nbsp;');
foreach ($value['name'] as $key => $name)
{
if (!empty($name) && !empty($value['value'][$key]))
{
$_names[] = '<p class="hh-p">&nbsp;&nbsp;&nbsp;&nbsp;'.$name.'</p>';
$_values[] = '<p class="hh-p">'.$value['value'][$key].'</p>';
}
}
$item[0] = join('', $_names);
$value = join('', $_values);
break;
case 'hh_report_to':
$value = get_http_header('report_to');
break;
case 'hh_nel':
$value = get_http_header('nel');
break;
case 'hh_feature_policy':
$value = get_http_header('feature_policy');
break;
case 'hh_permissions_policy':
$value = get_http_header('permissions_policy');
break;
case 'hh_x_robots_tag':
$value = get_http_header('x_robots_tag');
break;
case 'hh_clear_site_data':
$value = '"' . join('", "', array_keys($value)) . '"';
break;
case 'hh_content_type':
$tmp = array();
foreach ($value as $key => $val) {
$tmp[] = sprintf(".%s => %s", $key, $val);
}
$value = join("<br>", $tmp);
break;
default:
$value = !is_array($value) ? $value : join(', ', $value);
}
}
$status = $isOn ? __('On', 'http-headers') : __('Off', 'http-headers');
?>
<tr<?php echo $isOn ? ' class="active"' : NULL; ?>>
<td><?php echo $item[0]; ?></td>
<td><?php echo $value; ?></td>
<td class="hh-status hh-status-<?php echo $isOn ? 'on' : 'off'; ?>"><span><?php echo $status; ?></span></td>
<td><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&header=<?php
echo $index; ?>"><?php _e('Edit', 'http-headers'); ?></a></td>
</tr>
<?php
}
?>
</tbody>
</table>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Clear-Site-Data
<p class="description"><?php _e('The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored locally by a browser for their origins.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Clear-Site-Data</legend>
<?php
$clear_site_data = get_option('hh_clear_site_data', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_clear_site_data" value="<?php echo $k; ?>"<?php checked($clear_site_data, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-csd' ); ?>
<?php do_settings_sections( 'http-headers-csd' ); ?>
<?php
$items = array(
'cache' => 'bool',
'cookies' => 'bool',
'storage' => 'bool',
'executionContexts' => 'bool',
'*' => 'bool',
);
?>
<table>
<?php
$clear_site_data_value = get_option('hh_clear_site_data_value');
if (!$clear_site_data_value)
{
$clear_site_data_value = array();
}
foreach ($items as $item => $type)
{
?>
<tr>
<td><label for="hh_clear_site_data_value_<?php echo $item; ?>">"<?php echo $item; ?>"</label></td>
<td><?php
switch ($type) {
case 'bool':
?><input type="checkbox" class="http-header-value" name="hh_clear_site_data_value[<?php echo $item; ?>]" id="hh_clear_site_data_value_<?php echo $item; ?>" value="1"<?php checked(array_key_exists($item, $clear_site_data_value), 1, true); ?>><?php
break;
}
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Connection
<p class="description"><?php _e('The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Connection</legend>
<?php
$connection = get_option('hh_connection', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_connection" value="<?php echo $k; ?>"<?php checked($connection, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-con' ); ?>
<?php do_settings_sections( 'http-headers-con' ); ?>
<select name="hh_connection_value" class="http-header-value"<?php echo $connection == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('keep-alive', 'close');
$connection_value = get_option('hh_connection_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($connection_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Content-Encoding
<p class="description"><?php _e('Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Content-Encoding</legend>
<?php
$content_encoding = get_option('hh_content_encoding', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_content_encoding" value="<?php echo $k; ?>"<?php checked($content_encoding, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-ce' ); ?>
<?php do_settings_sections( 'http-headers-ce' ); ?>
<table>
<tbody>
<tr>
<th colspan="2"><?php _e('Module', 'http-headers'); ?></th>
</tr>
<?php
$content_encoding_module = get_option('hh_content_encoding_module');
?>
<tr>
<td colspan="2" class="hh-td-inner">
<table style="width: 100%">
<tbody>
<tr>
<td>
<label><input type="radio" name="hh_content_encoding_module" value="deflate"<?php echo $content_encoding_module == 'deflate' || !$content_encoding_module ? ' checked' : NULL; ?>> <?php _e('DEFLATE', 'http-headers'); ?></label>
</td>
<td>
<label><input type="radio" name="hh_content_encoding_module" value="brotli"<?php checked($content_encoding_module, 'brotli'); ?>> <?php _e('BROTLI', 'http-headers'); ?></label>
</td>
<td>
<label><input type="radio" name="hh_content_encoding_module" value="brotli_deflate"<?php checked($content_encoding_module, 'brotli_deflate'); ?>> <?php _e('BROTLI; DEFLATE', 'http-headers'); ?></label>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<th colspan="2"><?php _e('By content type', 'http-headers'); ?></th>
</tr><tr>
<?php
$items = array(
'application/javascript',
'application/x-javascript',
'application/json',
'application/ld+json',
'application/manifest+json',
'application/rdf+xml',
'application/rss+xml',
'application/schema+json',
'application/vnd.geo+json',
'application/x-web-app-manifest+json',
'application/vnd.ms-fontobject',
'application/x-font-ttf',
'application/xhtml+xml',
'application/xml',
'font/opentype',
'font/eot',
'image/bmp',
'image/svg+xml',
'image/x-icon',
'image/vnd.microsoft.icon',
'text/javascript',
'text/css',
'text/html',
'text/plain',
'text/x-component',
'text/xml',
);
$content_encoding_value = get_option('hh_content_encoding_value');
if (!$content_encoding_value) {
$content_encoding_value = array();
}
foreach ($items as $i => $item) {
if ($i > 0 && $i % 2 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_content_encoding_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $content_encoding_value) ? NULL : ' checked'; ?><?php echo $content_encoding == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?>
</tr>
<tr>
<th colspan="2"><?php _e('By extension', 'http-headers'); ?></th>
</tr>
<tr>
<?php
$content_encoding_ext = get_option('hh_content_encoding_ext');
if (!$content_encoding_ext) {
$content_encoding_ext = array();
}
$items = array('php', 'html', 'js', 'css', 'json', 'xml', 'svg', 'txt', 'bmp', 'ico', 'ttf', 'otf', 'eot');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 2 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_content_encoding_ext[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $content_encoding_ext) ? NULL : ' checked'; ?><?php echo $content_encoding == 1 ? NULL : ' readonly'; ?> /> *.<?php echo $item; ?></label></td><?php
}
?>
</tr>
</tbody></table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
$content_security_policy = get_option('hh_content_security_policy', 0);
?>
<tr valign="top">
<th scope="row">Content Security Policy
<p class="description"><?php _e('Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.', 'http-headers'); ?></p>
<p>
<label><input type="checkbox" class="http-header-value"
name="hh_content_security_policy_report_only" value="1"
<?php checked(get_option('hh_content_security_policy_report_only'), 1, true); ?>
<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?> /> "Report-Only" (<?php _e('for reporting-only purposes', 'http-headers'); ?>)</label>
</p>
<hr>
<p class="description">Useful tools:</p>
<p class="description">
<a target="_blank" href="https://zinoui.com/tools/sri-generator">SRI Hash Generator</a>
- generates subresource integrity hashes using a cryptographic algorithm.
</p>
<p class="description">
<a target="_blank" href="https://zinoui.com/tools/csp-hash">CSP Hash Generator</a>
- generates CSP hashes to use in script-src and style-src directives.
</p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Content-Security-Policy</legend>
<?php
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_content_security_policy" value="<?php echo $k; ?>"<?php checked($content_security_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-csp' ); ?>
<?php do_settings_sections( 'http-headers-csp' ); ?>
<table>
<tbody>
<tr>
<td><strong><?php _e('Directive', 'http-headers'); ?></strong></td>
<td><strong><?php _e('Value', 'http-headers'); ?></strong></td>
</tr>
<?php
$directives = array(
'default-src',
'script-src',
'style-src',
'img-src',
'connect-src',
'font-src',
'media-src',
'report-uri',
'child-src',
'form-action',
'frame-ancestors',
'object-src',
'frame-src',
'worker-src',
'manifest-src',
'navigate-to',
'prefetch-src',
'base-uri',
'plugin-types',
'report-to',
'sandbox',
'require-sri-for',
'block-all-mixed-content',
'upgrade-insecure-requests',
);
$csp_value = get_option('hh_content_security_policy_value');
foreach ($directives as $item)
{
?>
<tr>
<td><?php echo $item; ?></td>
<td>
<?php
if ($item == 'sandbox')
{
include 'includes/csp-sandbox.inc.php';
} elseif (in_array($item, array('block-all-mixed-content', 'upgrade-insecure-requests'))) {
include 'includes/csp-inc.inc.php';
} elseif (in_array($item, array('report-to', 'plugin-types'))) {
include 'includes/csp-text.inc.php';
} elseif ($item == 'require-sri-for') {
include 'includes/csp-sri.inc.php';
} else {
include 'includes/csp-src.inc.php';
}
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Content-Type
<p class="description"><?php _e('The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Content-Type</legend>
<?php
$content_type = get_option('hh_content_type', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_content_type" value="<?php echo $k; ?>"<?php checked($content_type, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields('http-headers-cty'); ?>
<?php do_settings_sections('http-headers-cty'); ?>
<?php
$content_type_value = get_option('hh_content_type_value');
if (!$content_type_value) {
$content_type_value = array();
}
$map = array(
'eot' => 'application/vnd.ms-fontobject',
'otf' => 'application/x-font-opentype',
'svg' => 'image/svg+xml',
'ttf' => 'application/x-font-ttf',
'woff' => 'application/font-woff',
'woff2' => 'application/font-woff2',
'jsonp' => 'application/javascript',
);
?>
<table>
<tbody>
<tr>
<td></td>
<td><strong><?php _e('Extension', 'http-headers'); ?></strong></td>
<td><strong><?php _e('Media type', 'http-headers'); ?></strong></td>
</tr>
<?php
foreach ($map as $ext => $media_type)
{
?>
<tr>
<td>
<input type="checkbox" class="http-header-value"
name="hh_content_type_value[<?php echo $ext; ?>]"
value="<?php echo $media_type; ?>"<?php
echo !(array_key_exists($ext, $content_type_value) && $content_type_value[$ext] == $media_type) ? NULL : ' checked';
echo $content_type == 1 ? NULL : ' readonly'; ?>></td>
<td>.<?php echo $ext; ?></td>
<td><?php echo $media_type; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cookie security
<p class="description"><?php _e('A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol.', 'http-headers'); ?></p>
<p class="description"><?php _e("To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server.", 'http-headers'); ?></p>
<p class="description"><?php _e('SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cookie security</legend>
<?php
$cookie_security = get_option('hh_cookie_security', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cookie_security" value="<?php echo $k; ?>"<?php checked($cookie_security, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-cose' ); ?>
<?php do_settings_sections( 'http-headers-cose' ); ?>
<?php
$items = array('Secure', 'HttpOnly', 'SameSite');
$cookie_security_value = get_option('hh_cookie_security_value');
foreach ($items as $item)
{
$is_checked = is_array($cookie_security_value) && array_key_exists($item, $cookie_security_value);
?>
<p>
<label><input type="checkbox"
class="http-header-value"
name="hh_cookie_security_value[<?php echo $item; ?>]"
value="1"<?php echo !$is_checked ? NULL : ' checked'; ?><?php echo $cookie_security == 1 ? NULL : ' readonly'; ?>> <?php echo $item; ?><?php
?></label>
</p>
<?php
if ($item == 'SameSite')
{
foreach (array('None', 'Lax', 'Strict') as $s_val)
{
?>
<p class="hh-csv-value<?php echo !$is_checked ? ' hh-hidden' : NULL; ?>">
<label><input type="radio"
class="http-header-value"
name="hh_cookie_security_value[SameSite]"
value="<?php echo $s_val; ?>"<?php echo !is_array($cookie_security_value) || !array_key_exists($item, $cookie_security_value) || $cookie_security_value[$item] != $s_val ? NULL : ' checked'; ?><?php echo $cookie_security == 1 ? NULL : ' readonly'; ?>> <?php echo $s_val; ?></label>
</p>
<?php
}
}
}
?>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cross-Origin-Embedder-Policy
<p class="description"><?php _e("The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).", 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cross-Origin-Embedder-Policy</legend>
<?php
$cross_origin_embedder_policy = get_option('hh_cross_origin_embedder_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cross_origin_embedder_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_embedder_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-coep' ); ?>
<?php do_settings_sections( 'http-headers-coep' ); ?>
<select name="hh_cross_origin_embedder_policy_value" class="http-header-value"<?php echo $cross_origin_embedder_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('unsafe-none', 'require-corp');
$cross_origin_embedder_policy_value = get_option('hh_cross_origin_embedder_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($cross_origin_embedder_policy_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cross-Origin-Opener-Policy
<p class="description"><?php _e('The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.', 'http-headers'); ?></p>
<p class="description"><?php _e("COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks.", 'http-headers'); ?></p>
<p class="description"><?php _e('If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cross-Origin-Opener-Policy</legend>
<?php
$cross_origin_opener_policy = get_option('hh_cross_origin_opener_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cross_origin_opener_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_opener_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-coop' ); ?>
<?php do_settings_sections( 'http-headers-coop' ); ?>
<select name="hh_cross_origin_opener_policy_value" class="http-header-value"<?php echo $cross_origin_opener_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('unsafe-none', 'same-origin-allow-popups', 'same-origin');
$cross_origin_opener_policy_value = get_option('hh_cross_origin_opener_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($cross_origin_opener_policy_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cross-Origin-Resource-Policy
<p class="description"><?php _e('The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cross-Origin-Resource-Policy</legend>
<?php
$cross_origin_resource_policy = get_option('hh_cross_origin_resource_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cross_origin_resource_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_resource_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-corp' ); ?>
<?php do_settings_sections( 'http-headers-corp' ); ?>
<select name="hh_cross_origin_resource_policy_value" class="http-header-value"<?php echo $cross_origin_resource_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('same-site', 'same-origin', 'cross-origin');
$cross_origin_resource_policy_value = get_option('hh_cross_origin_resource_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($cross_origin_resource_policy_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Custom headers
<p class="description"><?php _e('Common non-standard response fields:', 'http-headers'); ?>
<br>X-Pingback
<br>X-Cache
<br>X-Edge-Location
<br>X-HTTP-Method-Override
<br>X-Csrf-Token
<br>X-Request-ID
<br>X-Correlation-ID
<br>X-Content-Duration
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Custom headers</legend>
<?php
$custom_headers = get_option('hh_custom_headers', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_custom_headers" value="<?php echo $k; ?>"<?php checked($custom_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-che' ); ?>
<?php do_settings_sections( 'http-headers-che' ); ?>
<?php
$custom_headers_value = get_option('hh_custom_headers_value');
if (!$custom_headers_value) {
$custom_headers_value = array();
}
?>
<table>
<thead>
<tr>
<th><?php _e('Header', 'http-headers'); ?></th>
<th><?php _e('Value', 'http-headers'); ?></th>
<th></th>
</tr>
</thead>
<tbody>
<?php
if (empty($custom_headers_value))
{
?>
<tr>
<td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name"></td>
<td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="<?php esc_attr_e('Value', 'http-headers'); ?>"></td>
<td></td>
</tr>
<?php
} else {
foreach ($custom_headers_value['name'] as $key => $name)
{
if (empty($name) || empty($custom_headers_value['value'][$key]))
{
continue;
}
?>
<tr>
<td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name" value="<?php echo esc_attr($name); ?>"<?php echo $custom_headers == 1 ? NULL : ' readonly'; ?>></td>
<td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="<?php esc_attr_e('Value', 'http-headers'); ?>" value="<?php echo esc_attr($custom_headers_value['value'][$key]); ?>"<?php echo $custom_headers == 1 ? NULL : ' readonly'; ?>></td>
<td><button type="button" class="button button-small hh-btn-delete-header" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
</tr>
<?php
}
}
?>
<tr>
<td colspan="3"><button type="button" class="button" id="hh-btn-add-header">+ <?php _e('Add header', 'http-headers'); ?></button></td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
?>
<div class="hh-wrapper">
<div class="hh-categories">
<?php
$tmp = array();
foreach ($headers as $item)
{
if (!isset($tmp[$item[2]]))
{
$tmp[$item[2]] = array('total' => 0, 'on' => 0);
}
$tmp[$item[2]]['total'] += 1;
if (get_option($item[1]) == 1)
{
$tmp[$item[2]]['on'] += 1;
}
}
foreach ($categories as $key => $val)
{
?>
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;category=<?php echo $key; ?>" class="hh-category">
<i></i>
<span><?php echo $key[0]; ?></span>
<strong><?php echo $val; ?></strong>(<?php printf('%u/%u', @$tmp[$key]['on'], @$tmp[$key]['total']); ?>)</a>
<?php
}
?>
</div>
<div class="hh-sidebar">
<div class="hh-sidebar-inner">
<h3><?php _e('Rate us', 'http-headers'); ?></h3>
<p><?php _e('Tell us what you think about this plugin', 'http-headers'); ?> <a href="https://wordpress.org/support/plugin/http-headers/reviews/?rate=5#new-post"><?php _e('writing a review', 'http-headers'); ?></a>.</p>
<h3><?php _e('Contribution', 'http-headers'); ?></h3>
<p><?php _e('Help us to continue developing this plugin with a small donation.', 'http-headers'); ?></p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="biggie@abv.bg">
<input type="hidden" name="item_name" value="HTTP Headers Donation">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_number" value="">
$ <input type="text" name="amount" value="5" size="3">
<button type="submit" class="button"><?php _e('Donate', 'http-headers'); ?></button>
</form>
</div>
</div>
</div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Expect-CT
<p class="description"><?php _e('Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Expect-CT</legend>
<?php
$expect_ct = get_option('hh_expect_ct', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_expect_ct" value="<?php echo $k; ?>"<?php checked($expect_ct, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-ect' ); ?>
<?php do_settings_sections( 'http-headers-ect' ); ?>
<table>
<tr>
<td>max-age:</td>
<td><select name="hh_expect_ct_max_age" class="http-header-value"<?php echo $expect_ct == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year');
$expect_ct_max_age = get_option('hh_expect_ct_max_age');
foreach ($items as $key => $item) {
?><option value="<?php echo $key; ?>"<?php selected($expect_ct_max_age, $key); ?>><?php echo $item; ?></option><?php
}
?>
</select></td>
</tr>
<tr>
<td>report-uri:</td>
<td><input type="text" class="http-header-value" name="hh_expect_ct_report_uri" value="<?php echo esc_attr(get_option('hh_expect_ct_report_uri')); ?>" placeholder="https://example.com/ct-report"<?php echo $expect_ct == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
<tr>
<td>enforce:</td>
<td><input type="checkbox" class="http-header-value" name="hh_expect_ct_enforce" value="1"<?php checked(get_option('hh_expect_ct_enforce'), 1, true); ?><?php echo $expect_ct == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Expires
<p class="description"><?php _e('The Expires header contains the date/time after which the response is considered stale.', 'http-headers'); ?></p>
<p class="description"><?php _e('Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired.', 'http-headers'); ?></p>
<p class="description"><?php _e("If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored.", 'http-headers'); ?></p>
<p class="description"><?php _e('* Works only in Apache mode', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Expires</legend>
<?php
$expires = get_option('hh_expires', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_expires" value="<?php echo $k; ?>"<?php checked($expires, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-exp' ); ?>
<?php do_settings_sections( 'http-headers-exp' ); ?>
<table>
<?php
$types = array(
'default',
'text/css',
'text/javascript',
'text/plain',
'image/gif',
'image/png',
'image/jpeg',
'image/x-icon',
'application/x-javascript',
'application/javascript',
'application/x-icon',
);
$items = array(
'invalid_0_date' => '0 (invalid date)',
'access_1_hour' => 'Access +1 hour',
'access_6_hours' => 'Access +6 hours',
'access_12_hours' => 'Access +12 hours',
'access_1_day' => 'Access +1 day',
'access_3_days' => 'Access +3 days',
'access_1_week' => 'Access +1 week',
'access_2_weeks' => 'Access +2 weeks',
'access_1_month' => 'Access +1 month',
'access_3_months' => 'Access +3 months',
'access_6_months' => 'Access +6 months',
'access_1_year' => 'Access +1 year',
'modification_1_hour' => 'Modification +1 hour',
'modification_6_hours' => 'Modification +6 hours',
'modification_12_hours' => 'Modification +12 hours',
'modification_1_day' => 'Modification +1 day',
'modification_3_days' => 'Modification +3 days',
'modification_1_week' => 'Modification +1 week',
'modification_2_weeks' => 'Modification +2 weeks',
'modification_1_month' => 'Modification +1 month',
'modification_3_months' => 'Modification +3 months',
'modification_6_months' => 'Modification +6 months',
'modification_1_year' => 'Modification +1 year',
);
$expires_value = get_option('hh_expires_value');
$expires_type = get_option('hh_expires_type');
if (!$expires_value)
{
$expires_value = array();
}
if (!$expires_type)
{
$expires_type = array();
}
foreach ($types as $type) {
?>
<tr>
<td><input type="checkbox" class="http-header-value" name="hh_expires_type[<?php echo $type; ?>]" value="1"<?php echo !is_array($expires_type) || !array_key_exists($type, $expires_type) ? NULL : ' checked'; ?><?php echo $expires == 1 ? NULL : ' readonly'; ?>></td>
<td><?php echo $type; ?></td>
<td>
<select class="http-header-value" name="hh_expires_value[<?php echo $type; ?>]"<?php echo $expires == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($items as $k => $v) {
$val_type = !empty($expires_value[$type]) ? $expires_value[$type] : '';
?><option value="<?php echo $k; ?>"<?php selected($val_type, $k); ?>><?php echo $v; ?></option><?php
}
?>
</select>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Feature-Policy
<p class="description"><?php _e('With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser\'s default behavior for certain features.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Feature-Policy</legend>
<?php
$feature_policy = get_option('hh_feature_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_feature_policy" value="<?php echo $k; ?>"<?php checked($feature_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-fp' ); ?>
<?php do_settings_sections( 'http-headers-fp' ); ?>
<table>
<tbody>
<?php
$features = array(
'accelerometer',
'ambient-light-sensor',
'autoplay',
'camera',
'cookie',
'docwrite',
'domain',
'encrypted-media',
'fullscreen',
'geolocation',
'gyroscope',
'magnetometer',
'microphone',
'midi',
'payment',
'picture-in-picture',
'speaker',
'sync-script',
'sync-xhr',
'unsized-media',
'usb',
'vertical-scroll',
'vibrate',
'vr',
);
$origins = array("'self'", "'none'", '*', 'origin(s)');
$feature_policy_value = get_option('hh_feature_policy_value');
$feature_policy_feature = get_option('hh_feature_policy_feature');
$feature_policy_origin = get_option('hh_feature_policy_origin');
if (!$feature_policy_value)
{
$feature_policy_value = array();
}
if (!$feature_policy_feature)
{
$feature_policy_feature = array();
}
if (!$feature_policy_origin)
{
$feature_policy_origin = array();
}
foreach ($features as $feature)
{
?>
<tr>
<td><input type="checkbox" name="hh_feature_policy_feature[<?php echo $feature; ?>]" class="http-header-value"
value="1"<?php echo !is_array($feature_policy_feature) || !array_key_exists($feature, $feature_policy_feature) ? NULL : ' checked'; ?><?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>></td>
<td><?php echo $feature; ?></td>
<td>
<select name="hh_feature_policy_value[<?php echo $feature; ?>]"
class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($origins as $origin)
{
?><option value="<?php echo $origin; ?>"<?php selected(@$feature_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
}
?>
</select>
<input type="text" name="hh_feature_policy_origin[<?php echo $feature; ?>]"
value="<?php echo @$feature_policy_origin[$feature]; ?>" size="30"<?php echo isset($feature_policy_value[$feature]) && in_array($feature_policy_value[$feature], array('origin(s)', "'self'")) ? NULL : ' style="display: none"'; ?>
class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<section class="hh-panel">
<form method="post" action="options.php">
<table class="form-table hh-table">
<tbody>
<?php
$header_file = sprintf('%s/%s.php', dirname(__FILE__), basename($_GET['header']));
if (is_file($header_file))
{
include $header_file;
}
?>
</tbody>
</table>
<?php submit_button(); ?>
</form>
</section>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<ul class="hh-breadcrumbs">
<li><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers"><?php _e('Dashboard', 'http-headers'); ?></a></li>
<?php
if (isset($_GET['category']))
{
?><li><?php echo @$categories[$_GET['category']]; ?></li><?php
} elseif (isset($_GET['header'])) {
?><li><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;category=<?php echo htmlspecialchars($headers[$_GET['header']][2]); ?>"><?php echo @$categories[$headers[$_GET['header']][2]]; ?></a></li><?php
?><li><?php echo @$headers[$_GET['header']][0]; ?></li><?php
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'advanced') {
?><li><?php _e('Advanced settings', 'http-headers'); ?></li><?php
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'manual') {
?><li><?php _e('Manual setup', 'http-headers'); ?></li><?php
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'inspect') {
?><li><?php _e('Inspect headers', 'http-headers'); ?></li><?php
}
?>
</ul>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
$bools = array(
0 => __('Off', 'http-headers'),
1 => __('On', 'http-headers'),
);
$categories = array(
'security' => __('Security', 'http-headers'),
'access-control' => __('Access control', 'http-headers'),
'authentication' => __('Authentication', 'http-headers'),
'compression' => __('Compression', 'http-headers'),
'caching' => __('Caching', 'http-headers'),
'misc' => __('Miscellaneous', 'http-headers'),
);
$headers = array(
'x-frame-options' => array('X-Frame-Options', 'hh_x_frame_options', 'security'),
'x-xss-protection' => array('X-XSS-Protection', 'hh_x_xxs_protection', 'security'),
'x-content-type-options' => array('X-Content-Type-Options', 'hh_x_content_type_options', 'security'),
'x-ua-compatible' => array('X-UA-Compatible', 'hh_x_ua_compatible', 'misc'),
'strict-transport-security' => array('Strict-Transport-Security', 'hh_strict_transport_security', 'security'),
'p3p' => array('P3P', 'hh_p3p', 'access-control'),
'referrer-policy' => array('Referrer-Policy', 'hh_referrer_policy', 'security'),
'content-security-policy' => array('Content-Security-Policy', 'hh_content_security_policy', 'security'),
'access-control-allow-origin' => array('Access-Control-Allow-Origin', 'hh_access_control_allow_origin', 'access-control'),
'access-control-allow-credentials' => array('Access-Control-Allow-Credentials', 'hh_access_control_allow_credentials', 'access-control'),
'access-control-max-age' => array('Access-Control-Max-Age', 'hh_access_control_max_age', 'access-control'),
'access-control-allow-methods' => array('Access-Control-Allow-Methods', 'hh_access_control_allow_methods', 'access-control'),
'access-control-allow-headers' => array('Access-Control-Allow-Headers', 'hh_access_control_allow_headers', 'access-control'),
'access-control-expose-headers' => array('Access-Control-Expose-Headers', 'hh_access_control_expose_headers', 'access-control'),
'content-encoding' => array('Content-Encoding', 'hh_content_encoding', 'compression'),
'vary' => array('Vary', 'hh_vary', 'compression'),
'x-powered-by' => array('X-Powered-By', 'hh_x_powered_by', 'misc'),
'www-authenticate' => array('WWW-Authenticate', 'hh_www_authenticate', 'authentication'),
'cache-control' => array('Cache-Control', 'hh_cache_control', 'caching'),
'expires' => array('Expires', 'hh_expires', 'caching'),
'pragma' => array('Pragma', 'hh_pragma', 'caching'),
'age' => array('Age', 'hh_age', 'caching'),
'connection' => array('Connection', 'hh_connection', 'misc'),
'cookie-security' => array('Cookie security', 'hh_cookie_security', 'security'),
'expect-ct' => array('Expect-CT', 'hh_expect_ct', 'security'),
'timing-allow-origin' => array('Timing-Allow-Origin', 'hh_timing_allow_origin', 'access-control'),
'custom-headers' => array('Custom headers', 'hh_custom_headers', 'misc'),
'x-dns-prefetch-control' => array('X-DNS-Prefetch-Control', 'hh_x_dns_prefetch_control', 'security'),
'x-download-options' => array('X-Download-Options', 'hh_x_download_options', 'security'),
'x-permitted-cross-domain-policies' => array('X-Permitted-Cross-Domain-Policies', 'hh_x_permitted_cross_domain_policies', 'security'),
'report-to' => array('Report-To', 'hh_report_to', 'security'),
'feature-policy' => array('Feature-Policy', 'hh_feature_policy', 'security'),
'permissions-policy' => array('Permissions-Policy', 'hh_permissions_policy', 'security'),
'clear-site-data' => array('Clear-Site-Data', 'hh_clear_site_data', 'security'),
'content-type' => array('Content-Type', 'hh_content_type', 'misc'),
'cross-origin-resource-policy' => array('Cross-Origin-Resource-Policy', 'hh_cross_origin_resource_policy', 'security'),
'nel' => array('NEL', 'hh_nel', 'misc'),
'cross-origin-embedder-policy' => array('Cross-Origin-Embedder-Policy', 'hh_cross_origin_embedder_policy', 'security'),
'cross-origin-opener-policy' => array('Cross-Origin-Opener-Policy', 'hh_cross_origin_opener_policy', 'security'),
'x-robots-tag' => array('X-Robots-Tag', 'hh_x_robots_tag', 'misc'),
);
$headers_list = array(
'Accept',
'Accept-Charset',
'Accept-Encoding',
'Accept-Language',
'Accept-Datetime',
'Authorization',
'Cache-Control',
'Connection',
'Permanent',
'Cookie',
'Content-Length',
'Content-MD5',
'Content-Type',
'Date',
'Expect',
'Forwarded',
'From',
'Host',
'Permanent',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Max-Forwards',
'Origin',
'Pragma',
'Proxy-Authorization',
'Range',
'Referer',
'TE',
'User-Agent',
'Upgrade',
'Via',
'Warning',
'X-Requested-With',
'DNT',
'X-Forwarded-For',
'X-Forwarded-Host',
'X-Forwarded-Proto',
'Front-End-Https',
'X-Http-Method-Override',
'X-ATT-DeviceId',
'X-Wap-Profile',
'Proxy-Connection',
'X-UIDH',
'X-Csrf-Token',
'X-PINGOTHER',
'X-WP-Nonce',
);
$cors_safe_request_headers = array(
'Accept',
'Accept-Language',
'Content-Language',
'Content-Type',
);
$cors_safe_response_headers = array(
'Cache-Control',
'Content-Language',
'Content-Type',
'Expires',
'Last-Modified',
'Pragma',
);
\ No newline at end of file
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>]"
value="1"<?php echo isset($csp_value[$item]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
\ No newline at end of file
<?php
$sandbox = array(
'allow-forms',
'allow-same-origin',
'allow-scripts',
'allow-popups',
'allow-modals',
'allow-downloads',
'allow-orientation-lock',
'allow-pointer-lock',
'allow-presentation',
'allow-popups-to-escape-sandbox',
'allow-top-navigation',
'allow-top-navigation-by-user-activation',
);
foreach ($sandbox as $origin)
{
?>
<p>
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
id="csp-<?php echo $item; ?>-<?php echo $origin; ?>"
value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<label for="csp-<?php echo $item; ?>-<?php echo $origin; ?>"><?php echo $origin; ?></label>
</p>
<?php
}
?>
\ No newline at end of file
<?php
$origins = array(
'wildcard' => '*',
'self' => "'self'",
'none' => "'none'",
'unsafe-inline' => "'unsafe-inline'",
'unsafe-eval' => "'unsafe-eval'",
'strict-dynamic' => "'strict-dynamic'",
'report-sample' => "'report-sample'",
'http' => 'http:',
'https' => 'https:',
'data' => 'data:',
'mediastream' => 'mediastream:',
'blob' => 'blob:',
'filesystem' => 'filesystem:',
);
foreach ($origins as $k => $origin)
{
?>
<p<?php echo $origin == '*' || !isset($csp_value[$item]['*']) ? NULL : ' style="display: none"'; ?>>
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
id="csp-<?php echo $item; ?>-<?php echo $k; ?>"
value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<label for="csp-<?php echo $item; ?>-<?php echo $k; ?>"><?php echo $origin; ?></label>
</p>
<?php
}
switch ($item) {
case 'script-src':
$host_sources = array(
'js.example.com',
'http://js.example.com',
'https://js.example.com',
);
break;
case 'style-src':
$host_sources = array(
'css.example.com',
'http://css.example.com',
'https://css.example.com',
);
break;
case 'img-src':
$host_sources = array(
'img.example.com',
'http://img.example.com',
'https://img.example.com',
);
break;
case 'font-src':
$host_sources = array(
'font.example.com',
'http://font.example.com',
'https://font.example.com',
);
break;
case 'default-src':
$host_sources = array(
'http://*.example.com',
'mail.example.com:443',
'https://assets.example.com',
'cdn.example.com',
);
break;
default:
$host_sources = array(
'https://store.example.com',
'store.example.com',
'*.example.com',
);
}
shuffle($host_sources);
?>
<p<?php echo !isset($csp_value[$item]['*']) ? NULL : ' style="display: none"'; ?>>
<input type="text"
name="hh_content_security_policy_value[<?php echo $item; ?>][source]"
class="http-header-value"
size="40"
placeholder="<?php echo $host_sources[0]; ?>"
value="<?php echo esc_attr(@$csp_value[$item]['source']); ?>"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>
</p>
\ No newline at end of file
<?php
$origins = array(
'script',
'style',
);
foreach ($origins as $origin)
{
?>
<p>
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
id="csp-<?php echo $item; ?>-<?php echo $origin; ?>"
value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<label for="csp-<?php echo $item; ?>-<?php echo $origin; ?>"><?php echo $origin; ?></label>
</p>
<?php
}
?>
\ No newline at end of file
<input type="text" name="hh_content_security_policy_value[<?php echo $item; ?>]" class="http-header-value" size="40"
value="<?php echo esc_attr(@$csp_value[$item]); ?>"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<?php
if ($item == 'plugin-types')
{
?>
<br>
<em>Example: application/x-shockwave-flash application/x-java-applet</em>
<?php
}
?>
\ No newline at end of file
<?php
return array(
array('hh_method', 'htaccess'),
array('hh_htaccess_path', str_replace('\\', '/', ABSPATH) . '.htaccess'),
array('hh_user_ini_path', str_replace('\\', '/', ABSPATH) . '.user.ini'),
array('hh_htpasswd_path', str_replace('\\', '/', ABSPATH) . '.hh-htpasswd'),
array('hh_htdigest_path', str_replace('\\', '/', ABSPATH) . '.hh-htdigest'),
array('hh_x_frame_options', 0),
array('hh_x_frame_options_value', ''),
array('hh_x_frame_options_domain', ''),
array('hh_x_xxs_protection', 0),
array('hh_x_xxs_protection_value', ''),
array('hh_x_xxs_protection_uri', ''),
array('hh_x_content_type_options', 0),
array('hh_x_content_type_options_value', ''),
array('hh_strict_transport_security', 0),
array('hh_strict_transport_security_value', ''), //obsolete
array('hh_strict_transport_security_max_age', ''),
array('hh_strict_transport_security_sub_domains', ''),
array('hh_strict_transport_security_preload', ''),
array('hh_public_key_pins', 0),
array('hh_public_key_pins_sha256_1', ''),
array('hh_public_key_pins_sha256_2', ''),
array('hh_public_key_pins_max_age', ''),
array('hh_public_key_pins_sub_domains', ''),
array('hh_public_key_pins_report_uri', ''),
array('hh_public_key_pins_report_only', ''),
array('hh_x_ua_compatible', 0),
array('hh_x_ua_compatible_value', ''),
array('hh_p3p', 0),
array('hh_p3p_value', ''),
array('hh_referrer_policy', 0),
array('hh_referrer_policy_value', ''),
array('hh_content_security_policy', 0),
array('hh_content_security_policy_value', ''),
array('hh_content_security_policy_report_only', ''),
array('hh_access_control_allow_origin', 0),
array('hh_access_control_allow_origin_value', ''),
array('hh_access_control_allow_origin_url', ''),
array('hh_access_control_allow_credentials', 0),
array('hh_access_control_allow_credentials_value', ''),
array('hh_access_control_allow_methods', 0),
array('hh_access_control_allow_methods_value', ''),
array('hh_access_control_allow_headers', 0),
array('hh_access_control_allow_headers_value', ''),
array('hh_access_control_allow_headers_custom', ''),
array('hh_access_control_expose_headers', 0),
array('hh_access_control_expose_headers_value', ''),
array('hh_access_control_expose_headers_custom', ''),
array('hh_access_control_max_age', 0),
array('hh_access_control_max_age_value', ''),
array('hh_content_encoding', 0),
array('hh_content_encoding_module', ''),
array('hh_content_encoding_value', ''),
array('hh_content_encoding_ext', ''),
array('hh_vary', 0),
array('hh_vary_value', ''),
array('hh_x_powered_by', 0),
array('hh_x_powered_by_option', ''),
array('hh_x_powered_by_value', ''),
array('hh_www_authenticate', 0),
array('hh_www_authenticate_type', ''),
array('hh_www_authenticate_realm', ''),
array('hh_www_authenticate_user', ''),
array('hh_www_authenticate_pswd', ''),
array('hh_cache_control', 0),
array('hh_cache_control_value', ''),
array('hh_age', 0),
array('hh_age_value', ''),
array('hh_pragma', 0),
array('hh_pragma_value', ''),
array('hh_expires', 0),
array('hh_expires_value', ''),
array('hh_expires_type', ''),
array('hh_connection', 0),
array('hh_connection_value', ''),
array('hh_cookie_security', 0),
array('hh_cookie_security_value', ''),
array('hh_expect_ct', 0),
array('hh_expect_ct_max_age', ''),
array('hh_expect_ct_report_uri', ''),
array('hh_expect_ct_enforce', ''),
array('hh_timing_allow_origin', 0),
array('hh_timing_allow_origin_value', ''),
array('hh_timing_allow_origin_url', ''),
array('hh_x_permitted_cross_domain_policies', 0),
array('hh_x_permitted_cross_domain_policies_value', ''),
array('hh_x_download_options', 0),
array('hh_x_download_options_value', ''),
array('hh_x_dns_prefetch_control', 0),
array('hh_x_dns_prefetch_control_value', ''),
array('hh_custom_headers', 0),
array('hh_custom_headers_value', ''),
array('hh_report_to', 0),
array('hh_report_to_value', ''),
array('hh_feature_policy', 0),
array('hh_feature_policy_feature', ''),
array('hh_feature_policy_origin', ''),
array('hh_feature_policy_value', ''),
array('hh_permissions_policy', 0),
array('hh_permissions_policy_feature', ''),
array('hh_permissions_policy_origin', ''),
array('hh_permissions_policy_value', ''),
array('hh_clear_site_data', 0),
array('hh_clear_site_data_value', ''),
array('hh_content_type', 0),
array('hh_content_type_value', ''),
array('hh_content_nel', 0),
array('hh_content_nel_value', ''),
array('hh_x_robots_tag', 0),
array('hh_x_robots_tag_value', ''),
);
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<div class="wrap">
<h1>HTTP Headers</h1>
<?php
$check = check_web_server_requirements();
if ($check !== true) {
?>
<div class="notice notice-error">
<h2><?php _e('Error!', 'http-headers'); ?></h2>
<?php
if ($check == -1) {
?><p><?php _e('The following file was not found. Please make sure the file exists and has write permissions:', 'http-headers'); ?> <code><?php echo get_web_server_filename(); ?></code></p><?php
} elseif ($check == -2) {
?><p><?php _e('Please make sure the following file has write permissions:', 'http-headers'); ?> <code><?php echo get_web_server_filename(); ?></code></p><?php
}
?>
</div>
<?php
}
$check = check_php_requirements();
if ($check !== true) {
?>
<div class="notice notice-warning">
<h2><?php _e('Warning!', 'http-headers'); ?></h2>
<?php
if ($check == -1) {
?><p><?php _e('The following file was not found. Please make sure the file exists and has write permissions:', 'http-headers'); ?> <code><?php echo get_user_ini_filename(); ?></code></p><?php
} elseif ($check == -2) {
?><p><?php _e('Please make sure the following file has write permissions:', 'http-headers'); ?> <code><?php echo get_user_ini_filename(); ?></code></p><?php
}
?>
</div>
<?php
}
?>
<p><?php _e('Quick links', 'http-headers'); ?>:
<a href="https://zinoui.com/blog/http-headers-for-wordpress" target="_blank" title="HTTP Headers"><?php _e('Getting started', 'http-headers'); ?></a>,
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=advanced"><?php _e('Advanced settings', 'http-headers'); ?></a>,
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=manual"><?php _e('Manual setup', 'http-headers'); ?></a>,
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=inspect"><?php _e('Inspect headers', 'http-headers'); ?></a>
</p>
<?php
if (isset($_GET['header']) && !empty($_GET['header']))
{
include dirname(__FILE__) . '/header.php';
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'advanced') {
include dirname(__FILE__) . '/advanced.php';
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'manual') {
include dirname(__FILE__) . '/manual.php';
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'inspect') {
include dirname(__FILE__) . '/inspect.php';
} elseif (isset($_GET['category'])) {
include dirname(__FILE__) . '/category.php';
} else {
include dirname(__FILE__) . '/dashboard.php';
}
?>
</div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('Inspect headers', 'http-headers'); ?></span></h3>
<p><?php _e("Use this tool to inspect the HTTP headers of your website or your competitor's website.", 'http-headers'); ?></p>
<div class="form-wrap">
<form action="<?php echo admin_url('admin-ajax.php'); ?>" method="get" id="frmIspect">
<?php wp_nonce_field('inspect'); ?>
<input type="hidden" name="action" value="inspect">
<div class="form-row">
<div class="form-field form-col-6">
<label class="form-label">URL:</label>
<input type="text" name="url" size="40" placeholder="<?php echo home_url('/'); ?>" value="<?php echo home_url('/'); ?>">
</div>
<div class="form-field form-col-6">
<label class="form-label">&nbsp;</label>
<label><input type="checkbox" name="authentication" id="authentication"><?php _e('Authentication', 'http-headers'); ?></label>
</div>
</div>
<div id="box-authentication" style="display: none">
<div class="form-row">
<div class="form-field form-col-6">
<label class="form-label" for="username"><?php _e('Username', 'http-headers'); ?>:</label>
<input type="text" name="username">
</div>
<div class="form-field form-col-6">
<label class="form-label" for="password"><?php _e('Password', 'http-headers'); ?>:</label>
<input type="text" name="password">
</div>
</div>
</div>
<?php submit_button(__('Inspect', 'http-headers')); ?>
</form>
</div>
</section>
<div id="hh-result"></div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<div class="hh-tabs">
<ul>
<li class="hh-active"><a href="#hh-tab-1">Apache</a></li>
<li><a href="#hh-tab-2">Nginx</a></li>
</ul>
<div id="hh-tab-1" class="hh-tab-active">
<h3><span class="hh-highlight"><?php echo get_htaccess_filename(); ?></span></h3>
<textarea class="hh-textarea-manual" rows="20" readonly><?php
$lines = apache_headers_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_auth_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_content_encoding_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_expires_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_cookie_security_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_timing_directives();
echo join("\n", $lines);
?></textarea>
<?php
$credentials = apache_auth_credentials();
if ($credentials)
{
?>
<h3><span class="hh-highlight"><?php echo $credentials['ht_file']; ?></span></h3>
<textarea class="hh-textarea-manual" rows="5" readonly><?php
echo $credentials['auth'];
?></textarea><?php
}
?>
</div>
<div id="hh-tab-2" class="hh-hidden">
<textarea class="hh-textarea-manual" rows="20" readonly><?php
$lines = nginx_headers_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_auth_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_content_encoding_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_expires_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_cookie_security_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_timing_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
?></textarea>
<?php
$credentials = nginx_auth_credentials();
if ($credentials)
{
?>
<h3><span class="hh-highlight"><?php echo $credentials['ht_file']; ?></span></h3>
<textarea class="hh-textarea-manual" rows="5" readonly><?php
echo $credentials['auth'];
?></textarea><?php
}
?>
</div>
</div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">NEL
<p class="description"><?php _e('Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">NEL</legend>
<?php
$nel = get_option('hh_nel', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_nel" value="<?php echo $k; ?>"<?php checked($nel, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-nel' ); ?>
<?php do_settings_sections( 'http-headers-nel' ); ?>
<?php
$nel_value = get_option('hh_nel_value', array());
$report_to = isset($nel_value['report_to']) ? $nel_value['report_to'] : NULL;
$max_age = isset($nel_value['max_age']) ? $nel_value['max_age'] : NULL;
$include_subdomains = isset($nel_value['include_subdomains']) ? $nel_value['include_subdomains'] : NULL;
$success_fraction = isset($nel_value['success_fraction']) ? $nel_value['success_fraction'] : NULL;
$failure_fraction = isset($nel_value['failure_fraction']) ? $nel_value['failure_fraction'] : NULL;
$request_headers = isset($nel_value['request_headers']) ? $nel_value['request_headers'] : NULL;
$response_headers = isset($nel_value['response_headers']) ? $nel_value['response_headers'] : NULL;
?>
<table>
<tr>
<td>report_to:</td>
<td><input type="text" class="http-header-value" name="hh_nel_value[report_to]" value="<?php echo esc_attr($report_to); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
<tr>
<td>max_age:</td>
<td><select name="hh_nel_value[max_age]" class="http-header-value"<?php echo $nel == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year');
foreach ($items as $key => $item) {
?><option value="<?php echo $key; ?>"<?php selected($max_age, $key); ?>><?php echo $item; ?></option><?php
}
?>
</select></td>
</tr>
<tr>
<td>include_subdomains:</td>
<td><input type="checkbox" class="http-header-value" name="hh_nel_value[include_subdomains]" value="1"<?php checked($include_subdomains, 1, true); ?><?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
<tr>
<td>success_fraction:</td>
<td><input type="number" class="http-header-value" name="hh_nel_value[success_fraction]" value="<?php echo esc_attr($success_fraction); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?> min="0.0" max="1.0" step="0.1"></td>
</tr>
<tr>
<td>failure_fraction:</td>
<td><input type="number" class="http-header-value" name="hh_nel_value[failure_fraction]" value="<?php echo esc_attr($failure_fraction); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?> min="0.0" max="1.0" step="0.1"></td>
</tr>
<tr>
<td>request_headers:</td>
<td><input type="text" class="http-header-value" name="hh_nel_value[request_headers]" value="<?php echo esc_attr($request_headers); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
<tr>
<td>response_headers:</td>
<td><input type="text" class="http-header-value" name="hh_nel_value[response_headers]" value="<?php echo esc_attr($response_headers); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">P3P
<p class="description"><?php _e('The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">P3P</legend>
<?php
$p3p = get_option('hh_p3p', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_p3p" value="<?php echo $k; ?>"<?php checked($p3p, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-p3p' ); ?>
<?php do_settings_sections( 'http-headers-p3p' ); ?>
<?php
$p3p_value = get_option('hh_p3p_value');
if (!$p3p_value)
{
$p3p_value = array();
}
$in_creq = array('ADM', 'DEV', 'TAI', 'PSA', 'PSD', 'IVA', 'IVD', 'CON', 'HIS', 'TEL', 'OTP', 'DEL', 'SAM', 'UNR', 'PUB', 'OTR',);
$creq = array('a', 'i', 'o');
?>
<table>
<tbody>
<tr>
<td>Compact ACCESS</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('NOI', 'ALL', 'CAO', 'IDC', 'OTI', 'NON');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact DISPUTES</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('DSP');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact REMEDIES</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('COR', 'MON', 'LAW');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact NON-IDENTIFIABLE</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('NID');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact PURPOSE</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('CUR', 'ADM', 'DEV', 'TAI', 'PSA', 'PSD', 'IVA', 'IVD', 'CON', 'HIS', 'TEL', 'OTP');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact RECIPIENT</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('OUR', 'DEL', 'SAM', 'UNR', 'PUB', 'OTR');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact RETENTION</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('NOR', 'STP', 'LEG', 'BUS', 'IND');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact CATEGORIES</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('PHY', 'ONL', 'UNI', 'PUR', 'FIN', 'COM', 'NAV', 'INT', 'DEM', 'CNT', 'STA', 'POL', 'HEA', 'PRE', 'LOC', 'GOV', 'OTC');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact TEST</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('TST');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Permissions-Policy
<p class="description"><?php _e('Permissions Policy is a web platform API which gives a website the ability to allow or block the use of browser features in its own frame or in iframes that it embeds.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://www.w3.org/TR/permissions-policy-1/"><?php _e('W3C Working Draft', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Permissions-Policy</legend>
<?php
$permissions_policy = get_option('hh_permissions_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_permissions_policy" value="<?php echo $k; ?>"<?php checked($permissions_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-pp' ); ?>
<?php do_settings_sections( 'http-headers-pp' ); ?>
<table>
<tbody>
<?php
# https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md
$features = array(
'accelerometer',
'ambient-light-sensor',
'autoplay',
'battery',
'camera',
'cross-origin-isolated',
'display-capture',
'document-domain',
'encrypted-media',
'execution-while-not-rendered',
'execution-while-out-of-viewport',
'fullscreen',
'geolocation',
'gyroscope',
'interest-cohort',
'layout-animations',
'legacy-image-formats',
'magnetometer',
'microphone',
'midi',
'navigation-override',
'oversized-images',
'payment',
'picture-in-picture',
'publickey-credentials-get',
'screen-wake-lock',
'sync-script',
'sync-xhr',
'usb',
'vertical-scroll',
'web-share',
'wake-lock',
'xr-spatial-tracking',
);
$origins = array('none', 'self', '*', 'origin(s)');
$permissions_policy_value = get_option('hh_permissions_policy_value');
$permissions_policy_feature = get_option('hh_permissions_policy_feature');
$permissions_policy_origin = get_option('hh_permissions_policy_origin');
if (!$permissions_policy_value)
{
$permissions_policy_value = array();
}
if (!$permissions_policy_feature)
{
$permissions_policy_feature = array();
}
if (!$permissions_policy_origin)
{
$permissions_policy_origin = array();
}
foreach ($features as $feature)
{
?>
<tr>
<td><input type="checkbox" name="hh_permissions_policy_feature[<?php echo $feature; ?>]" class="http-header-value"
value="1"<?php echo !is_array($permissions_policy_feature) || !array_key_exists($feature, $permissions_policy_feature) ? NULL : ' checked'; ?><?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>></td>
<td><?php echo $feature; ?></td>
<td>
<select name="hh_permissions_policy_value[<?php echo $feature; ?>]"
class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($origins as $origin)
{
?><option value="<?php echo $origin; ?>"<?php selected(@$permissions_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
}
?>
</select>
<input type="text" name="hh_permissions_policy_origin[<?php echo $feature; ?>]"
value="<?php echo htmlspecialchars( @$permissions_policy_origin[$feature] ); ?>" size="30"<?php echo isset($permissions_policy_value[$feature]) && in_array($permissions_policy_value[$feature], array('origin(s)', 'self')) ? NULL : ' style="display: none"'; ?>
class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Pragma
<p class="description"><?php _e('The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Pragma</legend>
<?php
$pragma = get_option('hh_pragma', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_pragma" value="<?php echo $k; ?>"<?php checked($pragma, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-pra' ); ?>
<?php do_settings_sections( 'http-headers-pra' ); ?>
<select name="hh_pragma_value" class="http-header-value"<?php echo $pragma == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('no-cache');
$pragma_value = get_option('hh_pragma_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($pragma_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Referrer-Policy
<p class="description"><?php _e('The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Referrer-Policy</legend>
<?php
$referrer_policy = get_option('hh_referrer_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_referrer_policy" value="<?php echo $k; ?>"<?php checked($referrer_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-rp' ); ?>
<?php do_settings_sections( 'http-headers-rp' ); ?>
<select name="hh_referrer_policy_value" class="http-header-value"<?php echo $referrer_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array("", "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", "unsafe-url");
$referrer_policy_value = get_option('hh_referrer_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($referrer_policy_value, $item); ?>><?php echo !empty($item) ? $item : '(empty string)'; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Report-To
<p class="description"><?php _e('The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Report-To</legend>
<?php
$report_to = get_option('hh_report_to', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_report_to" value="<?php echo $k; ?>"<?php checked($report_to, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
<?php settings_fields( 'http-headers-rt' ); ?>
<?php do_settings_sections( 'http-headers-rt' ); ?>
</td>
</tr>
<?php
$default_value = array(
array(
'endpoints' => array(),
'group' => '',
'max_age' => '',
)
);
$report_to_value = get_option('hh_report_to_value');
if (!is_array($report_to_value) || empty($report_to_value))
{
$report_to_value = $default_value;
}
?>
<tr>
<td colspan="2">
<div style="max-width: 1024px; overflow-x: auto">
<table class="hh-bordered hh-p-sm">
<tr>
<th rowspan="2" class="hh-center hh-middle">group</th>
<th rowspan="2" class="hh-center hh-middle">max_age</th>
<th rowspan="2" class="hh-center hh-middle">include_subdomains</th>
<th colspan="3" class="hh-center">endpoints</th>
<th>&nbsp;</th>
<th>&nbsp;</th>
</tr>
<tr>
<th class="hh-center">url</th>
<th class="hh-center">priority</th>
<th class="hh-center">weight</th>
<th>&nbsp;</th>
<th>&nbsp;</th>
</tr>
<?php
$items = array('0' => '0 (Delete entire reporting cache)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years');
$i = 0;
foreach ($report_to_value as $item)
{
if (isset($item['endpoints']) && !empty($item['endpoints']))
{
$cnt = count($item['endpoints']);
$c = 0;
foreach ($item['endpoints'] as $k => $v)
{
$classes = array();
if ($c == 0)
{
if ($i == 0)
{
$classes[] = 'hh-tr-first';
}
$classes[] = 'hh-tr-group-start';
}
if ($c == $cnt - 1)
{
$classes[] = 'hh-tr-group-end';
}
?>
<tr class="<?php echo join(' ', $classes); ?>">
<?php
if ($c == 0)
{
?>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle"><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][group]" value="<?php echo esc_attr($item['group']); ?>" placeholder="csp-endpoint"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>></td>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle"><select class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][max_age]"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($items as $key => $val) {
?><option value="<?php echo $key; ?>"<?php selected($item['max_age'], $key); ?>><?php echo $val; ?></option><?php
}
?>
</select></td>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
<?php
}
?>
<td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][url]" value="<?php echo esc_attr($v['url']); ?>" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][priority]" value="<?php echo esc_attr($v['priority']); ?>" min="0" step="1"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][weight]" value="<?php echo esc_attr($v['weight']); ?>" min="0" step="1"></td>
<td><?php
if ($c == 0)
{
?>
<button type="button" class="button hh-btn-add-endpoint"><?php _e('Add endpoint', 'http-headers'); ?></button>
<?php
} else {
?>
<button type="button" class="button hh-btn-delete-endpoint"><?php _e('Remove endpoint', 'http-headers'); ?></button>
<?php
}
?></td>
<?php
if ($c == 0)
{
?>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><?php
if ($i > 0)
{
?>
<button type="button" class="button hh-btn-delete-endpoint-group" title="<?php esc_attr_e('Delete', 'http-headers'); ?>"><?php _e('Remove group', 'http-headers'); ?></button>
<?php
}
?></td>
<?php
}
?>
</tr>
<?php
$c += 1;
}
} else {
?>
<tr class="hh-tr-first hh-tr-group-start hh-tr-group-end">
<td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][group]" value="<?php echo esc_attr($item['group']); ?>" placeholder="csp-endpoint"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>></td>
<td><select class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][max_age]"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($items as $key => $val) {
?><option value="<?php echo $key; ?>"<?php selected($item['max_age'], $key); ?>><?php echo $val; ?></option><?php
}
?>
</select></td>
<td class="hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
<td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][url]" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][priority]" min="0" step="1"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][weight]" min="0" step="1"></td>
<td>
<button type="button" class="button hh-btn-add-endpoint"><?php _e('Add endpoint', 'http-headers'); ?></button>
</td>
<td rowspan="1"><?php
if ($i > 0)
{
?><button type="button" class="button hh-btn-delete-endpoint-group" title="<?php esc_attr_e('Delete', 'http-headers'); ?>"><?php _e('Remove group', 'http-headers'); ?></button><?php
}
?></td>
</tr>
<?php
}
$i += 1;
}
?>
<tr>
<td colspan="8">
<button type="button" class="button" id="hh-btn-add-endpoint-group">+ <?php _e('Add endpoint group', 'http-headers'); ?></button>
</td>
</tr>
</table>
</div>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Strict-Transport-Security
<p class="description"><?php _e("HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings.", 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Strict-Transport-Security</legend>
<?php
$strict_transport_security = get_option('hh_strict_transport_security', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_strict_transport_security" value="<?php echo $k; ?>"<?php checked($strict_transport_security, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-sts' ); ?>
<?php do_settings_sections( 'http-headers-sts' ); ?>
<table>
<tr>
<td>max-age:</td>
<td><select name="hh_strict_transport_security_max_age" class="http-header-value"<?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('0' => '0 (Delete entire HSTS Policy)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years');
$strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
foreach ($items as $key => $item) {
?><option value="<?php echo $key; ?>"<?php selected($strict_transport_security_max_age, $key); ?>><?php echo $item; ?></option><?php
}
?>
</select></td>
</tr>
<tr>
<td>includeSubDomains:</td>
<td><input type="checkbox" class="http-header-value" name="hh_strict_transport_security_sub_domains" value="1"<?php checked(get_option('hh_strict_transport_security_sub_domains'), 1, true); ?><?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
<tr>
<td>preload:</td>
<td><input type="checkbox" class="http-header-value" name="hh_strict_transport_security_preload" value="1"<?php checked(get_option('hh_strict_transport_security_preload'), 1, true); ?><?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Timing-Allow-Origin
<p class="description"><?php _e('The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Timing-Allow-Origin</legend>
<?php
$timing_allow_origin = get_option('hh_timing_allow_origin', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_timing_allow_origin" value="<?php echo $k; ?>"<?php checked($timing_allow_origin, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-tao' ); ?>
<?php do_settings_sections( 'http-headers-tao' ); ?>
<select name="hh_timing_allow_origin_value" class="http-header-value"<?php echo $timing_allow_origin == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('*', 'origin');
$timing_allow_origin_value = get_option('hh_timing_allow_origin_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($timing_allow_origin_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
<input type="text" name="hh_timing_allow_origin_url" class="http-header-value" placeholder="http://domain.com" value="<?php echo esc_attr(get_option('hh_timing_allow_origin_url')); ?>" size="35"<?php echo $timing_allow_origin == 1 && $timing_allow_origin_value == 'origin' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Vary
<p class="description"><?php _e('The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Vary</legend>
<?php
$vary = get_option('hh_vary', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_vary" value="<?php echo $k; ?>"<?php checked($vary, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-vary' ); ?>
<?php do_settings_sections( 'http-headers-vary' ); ?>
<table>
<tbody>
<tr>
<td>
<?php
$items = array(
'*', 'Accept-Encoding', 'User-Agent', 'Referer', 'Cookie',
);
$vary_value = get_option('hh_vary_value');
if (!$vary_value) {
$vary_value = array();
}
foreach ($items as $item)
{
?><p><label><input type="checkbox" class="http-header-value" name="hh_vary_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $vary_value) ? NULL : ' checked'; ?><?php echo $vary == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></p><?php
}
?>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">WWW-Authenticate
<p class="description"><?php _e('HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">WWW-Authenticate</legend>
<?php
$www_authenticate = get_option ( 'hh_www_authenticate', 0 );
foreach ( $bools as $k => $v ) {
?><p>
<label><input type="radio" class="http-header" name="hh_www_authenticate" value="<?php echo $k; ?>" <?php checked($www_authenticate, $k, true); ?> /> <?php echo $v; ?></label>
</p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-wwa' ); ?>
<?php do_settings_sections( 'http-headers-wwa' ); ?>
<table>
<tbody>
<tr>
<td>Type</td>
<td colspan="3">
<select name="hh_www_authenticate_type" class="http-header-value"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array ('Basic', 'Digest');
$www_authenticate_type = get_option ( 'hh_www_authenticate_type' );
foreach ( $items as $item ) {
?><option value="<?php echo $item; ?>" <?php selected($www_authenticate_type, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
<tr>
<td>Realm</td>
<td colspan="3"><input type="text" name="hh_www_authenticate_realm" class="http-header-value" size="30" value="<?php echo esc_attr(get_option('hh_www_authenticate_realm')); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?> placeholder="Restricted area"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><strong><?php _e('Username', 'http-headers'); ?></strong></td>
<td><strong><?php _e('Password', 'http-headers'); ?></strong></td>
<td>&nbsp;</td>
</tr>
<?php
$usernames = get_option('hh_www_authenticate_user', array());
$passwords = get_option('hh_www_authenticate_pswd', array());
if (!is_array($usernames)) {
$usernames = array($usernames);
}
if (!is_array($passwords)) {
$passwords = array($passwords);
}
$i = 0;
foreach ($usernames as $k => $user) {
?>
<tr>
<td>&nbsp;</td>
<td><input type="text" name="hh_www_authenticate_user[]" class="http-header-value" value="<?php echo esc_attr($user); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>></td>
<td><input type="text" name="hh_www_authenticate_pswd[]" class="http-header-value" value="<?php echo esc_attr($passwords[$k]); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>></td>
<td><?php
if ($i > 0)
{
?><button type="button" class="button button-small hh-btn-delete-user" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button><?php
} else {
echo "&nbsp;";
}
?></td>
</tr>
<?php
$i += 1;
}
?>
<tr>
<td>&nbsp;</td>
<td colspan="3">
<button type="button" class="button hh-btn-add-user">+ <?php _e('Add user', 'http-headers'); ?></button>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Content-Type-Options
<p class="description"><?php _e('Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Content-Type-Options</legend>
<?php
$x_content_type_options = get_option('hh_x_content_type_options', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_content_type_options" value="<?php echo $k; ?>"<?php checked($x_content_type_options, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-cto' ); ?>
<?php do_settings_sections( 'http-headers-cto' ); ?>
<select name="hh_x_content_type_options_value" class="http-header-value"<?php echo $x_content_type_options == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('nosniff');
$x_content_type_options_value = get_option('hh_x_content_type_options_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_content_type_options_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-DNS-Prefetch-Control
<p class="description"><?php _e('The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.', 'http-headers'); ?></p>
<p class="description"><?php _e('This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-DNS-Prefetch-Control</legend>
<?php
$x_dns_prefetch_control = get_option('hh_x_dns_prefetch_control', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_dns_prefetch_control" value="<?php echo $k; ?>"<?php checked($x_dns_prefetch_control, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xdpc' ); ?>
<?php do_settings_sections( 'http-headers-xdpc' ); ?>
<select name="hh_x_dns_prefetch_control_value" class="http-header-value"<?php echo $x_dns_prefetch_control == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('on', 'off');
$x_dns_prefetch_control_value = get_option('hh_x_dns_prefetch_control_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_dns_prefetch_control_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Download-Options
<p class="description"><?php _e("For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site's security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection.", 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Download-Options</legend>
<?php
$x_download_options = get_option('hh_x_download_options', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_download_options" value="<?php echo $k; ?>"<?php checked($x_download_options, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xdo' ); ?>
<?php do_settings_sections( 'http-headers-xdo' ); ?>
<select name="hh_x_download_options_value" class="http-header-value"<?php echo $x_download_options == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('noopen');
$x_download_options_value = get_option('hh_x_download_options_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_download_options_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Frame-Options
<p class="description"><?php _e('This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Frame-Options</legend>
<?php
$x_frame_options = get_option('hh_x_frame_options', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_frame_options" value="<?php echo $k; ?>"<?php checked($x_frame_options, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xfo' ); ?>
<?php do_settings_sections( 'http-headers-xfo' ); ?>
<select name="hh_x_frame_options_value" class="http-header-value"<?php echo $x_frame_options == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('deny', 'sameorigin', 'allow-from');
$x_frame_options_value = get_option('hh_x_frame_options_value');
foreach ($items as $item)
{
?><option value="<?php echo $item; ?>"<?php selected($x_frame_options_value, $item); ?>><?php echo strtoupper($item); ?></option><?php
}
?>
</select>
<input type="text" name="hh_x_frame_options_domain" class="http-header-value" placeholder="Domain" value="<?php echo esc_attr(get_option('hh_x_frame_options_domain')); ?>"<?php echo $x_frame_options == 1 && $x_frame_options_value == 'allow-from' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Permitted-Cross-Domain-Policies
<p class="description"><?php _e('A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Permitted-Cross-Domain-Policies</legend>
<?php
$x_permitted_cross_domain_policies = get_option('hh_x_permitted_cross_domain_policies', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_permitted_cross_domain_policies" value="<?php echo $k; ?>"<?php checked($x_permitted_cross_domain_policies, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xpcd' ); ?>
<?php do_settings_sections( 'http-headers-xpcd' ); ?>
<select name="hh_x_permitted_cross_domain_policies_value" class="http-header-value"<?php echo $x_permitted_cross_domain_policies == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('none', 'master-only', 'by-content-type', 'by-ftp-filename', 'all');
$x_permitted_cross_domain_policies_value = get_option('hh_x_permitted_cross_domain_policies_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_permitted_cross_domain_policies_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Powered-By
<p class="description"><?php _e('Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Powered-By</legend>
<?php
$x_powered_by = get_option ( 'hh_x_powered_by', 0 );
foreach ( $bools as $k => $v ) {
?><p>
<label><input type="radio" class="http-header" name="hh_x_powered_by" value="<?php echo $k; ?>" <?php checked($x_powered_by, $k, true); ?> /> <?php echo $v; ?></label>
</p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xpb' ); ?>
<?php do_settings_sections( 'http-headers-xpb' ); ?>
<select name="hh_x_powered_by_option" class="http-header-value"<?php echo $x_powered_by == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array (
'unset' => 'Unset',
'set' => 'Set',
);
$x_powered_by_option = get_option ( 'hh_x_powered_by_option' );
foreach ( $items as $k => $v ) {
?><option value="<?php echo $k; ?>" <?php selected($x_powered_by_option, $k); ?>><?php echo $v; ?></option><?php
}
?>
</select>
<input type="text" name="hh_x_powered_by_value" class="http-header-value" placeholder="PHP/<?php echo PHP_VERSION; ?>" value="<?php echo esc_attr(get_option('hh_x_powered_by_value')); ?>"
<?php echo $x_powered_by == 1 && $x_powered_by_option == 'set' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Robots-Tag
<p class="description"><?php _e('The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developers.google.com/search/docs/advanced/robots/robots_meta_tag"><?php _e('Google Search Central', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Robots-Tag</legend>
<?php
$x_robots_tag = get_option('hh_x_robots_tag', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_robots_tag" value="<?php echo $k; ?>"<?php checked($x_robots_tag, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-rob' ); ?>
<?php do_settings_sections( 'http-headers-rob' ); ?>
<?php
$items = array(
'all' => 'bool',
'noindex' => 'bool',
'nofollow' => 'bool',
'none' => 'bool',
'noarchive' => 'bool',
'nosnippet' => 'bool',
'max-snippet' => 'number',
'max-image-preview' => 'setting',
'max-video-preview' => 'number',
'notranslate' => 'bool',
'noimageindex' => 'bool',
'unavailable_after' => 'datetime',
);
?>
<table>
<?php
$x_robots_tag_value = get_option('hh_x_robots_tag_value');
if (!$x_robots_tag_value)
{
$x_robots_tag_value = array();
}
foreach ($items as $item => $type)
{
?>
<tr>
<td><label for="hh_x_robots_tag_value_<?php echo $item; ?>"><?php echo $item; ?></label></td>
<td><?php
switch ($type) {
case 'bool':
?><input type="checkbox" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
value="1"<?php checked(array_key_exists($item, $x_robots_tag_value), 1, true); ?>><?php
break;
case 'number':
?><input type="number" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"
size="6" min="-1" step="1"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
value="<?php echo array_key_exists($item, $x_robots_tag_value) && strlen($x_robots_tag_value[$item]) > 0 ? (int) $x_robots_tag_value[$item] : NULL; ?>"><?php
break;
case 'setting':
?><select class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>>
<option value="">---</option>
<?php
foreach (array('none', 'standard', 'large') as $k)
{
?><option value="<?php echo $k; ?>"<?php echo array_key_exists($item, $x_robots_tag_value) && $k == $x_robots_tag_value[$item] ? ' selected="selected"' : NULL; ?>><?php echo $k; ?></option><?php
}
?>
</select><?php
break;
case 'datetime':
?><input type="date" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
value="<?php echo array_key_exists($item, $x_robots_tag_value) && strlen($x_robots_tag_value[$item]) > 0 ? $x_robots_tag_value[$item] : NULL; ?>"><?php
break;
}
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-UA-Compatible
<p class="description"><?php _e('In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-UA-Compatible</legend>
<?php
$x_ua_compatible = get_option('hh_x_ua_compatible', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_ua_compatible" value="<?php echo $k; ?>"<?php checked($x_ua_compatible, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-uac' ); ?>
<?php do_settings_sections( 'http-headers-uac' ); ?>
<select name="hh_x_ua_compatible_value" class="http-header-value"<?php echo $x_ua_compatible == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('IE=7', 'IE=8', 'IE=9', 'IE=10', 'IE=edge', 'IE=edge,chrome=1');
$x_ua_compatible_value = get_option('hh_x_ua_compatible_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_ua_compatible_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-XSS-Protection
<p class="description"><?php _e("This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.", 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-XSS-Protection</legend>
<?php
$x_xxs_protection = get_option('hh_x_xxs_protection', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_xxs_protection" value="<?php echo $k; ?>"<?php checked($x_xxs_protection, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xss' ); ?>
<?php do_settings_sections( 'http-headers-xss' ); ?>
<select name="hh_x_xxs_protection_value" class="http-header-value"<?php echo $x_xxs_protection == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('0', '1', '1; mode=block', '1; report=');
$x_xxs_protection_value = get_option('hh_x_xxs_protection_value');
foreach ($items as $item)
{
?><option value="<?php echo $item; ?>"<?php selected($x_xxs_protection_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
<input type="text" name="hh_x_xxs_protection_uri" class="http-header-value" placeholder="Reporting URI" value="<?php echo esc_attr(get_option('hh_x_xxs_protection_uri')); ?>"<?php echo $x_xxs_protection == 1 && $x_xxs_protection_value == '1; report=' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file