Skip to content

Jeff Balicki / FP_Canada

Go to a project
Toggle navigation
Toggle navigation pinning
7a91fd51 by Jeff Balicki
Options

headers 

Signed-off-by: Jeff <jeff@gotenzing.com>
1 parent a0f557c1
Inline Side-by-side
Showing 73 changed files with 7924 additions and 847 deletions
<?php
/*
Plugin Name: Headers Security Advanced & HSTS WP
Plugin URI: https://www.tentacleplugins.com/
Description: Headers Security Advanced & HSTS WP - Simple, Light and Fast. The plugin uses advanced security rules that provide huge levels of protection and it is important that your site uses it. This step is important to submit your website and/or domain to an approved HSTS list. Google officially compiles this list and it is used by Chrome, Firefox, Opera, Safari, IE11 and Edge. You can forward your site to the official HSTS preload directory. Cross Site Request Forgery (CSRF) is a common attack with the installation of Headers Security Advanced & HSTS WP will help you mitigate CSRF on your Wordpress site.
Version: 4.8.96
Text Domain: headers-security-advanced-hsts-wp
Author: 🐙 Andrea Ferro, Augusto Bombana
Author URI: https://www.linkedin.com/in/andrea-ferro-55046186/
__
___( o)>
\ <_. )
`---' iron3
*/
function add_Headers_Security_Advanced_HSTS_WP_htaccess( $rules ) {
$HEadersSecurityAdvancedServerCheckA = $_SERVER['SERVER_NAME'];
$HEadersSecurityAdvancedCheckB = str_replace('www.','',$HEadersSecurityAdvancedServerCheckA);
$HEadersSecurityAdvancedServerCheck3B = $_SERVER['SERVER_NAME'];
$HEadersSecurityAdvancedCheckC03 = str_replace('.','',$HEadersSecurityAdvancedCheckB);
$content = <<<EOD
# Headers Security Advanced & HSTS WP - 4.8.96
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "no-referrer-when-downgrade"
Header always set Expect-CT "max-age=7776000, enforce"
Header set Access-Control-Allow-Origin "null"
Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
Header set Access-Control-Allow-Headers "Content-Type, Authorization"
Header set X-Content-Security-Policy "img-src *; media-src * data:;"
Header always set Content-Security-Policy "report-uri https://$HEadersSecurityAdvancedServerCheck3B"
Header set Cross-Origin-Embedder-Policy-Report-Only 'unsafe-none; report-to="default"'
Header set Cross-Origin-Embedder-Policy 'unsafe-none; report-to="default"'
Header set Cross-Origin-Opener-Policy-Report-Only 'same-origin; report-to="default"'
Header set Cross-Origin-Opener-Policy 'same-origin; report-to="default"'
Header set Cross-Origin-Resource-Policy 'cross-origin'
Header set strict-dynamic "https: 'self'; default-src 'self'"
Header always set X-Frame-Options "ALLOWALL"
Header always set Permissions-Policy "geolocation=(self), microphone=(), accelerometer=(), gyroscope=(), magnetometer=()"
Header set X-Permitted-Cross-Domain-Policies "none"
</IfModule>
# END Headers Security Advanced & HSTS WP\n\n
EOD;
return $content . $rules;
}
add_filter('mod_rewrite_rules', 'add_Headers_Security_Advanced_HSTS_WP_htaccess');
function Headers_Security_Advanced_HSTS_WP_enable_flush_rules() {
global $wp_rewrite;
$wp_rewrite->flush_rules();
}
register_activation_hook( __FILE__, 'Headers_Security_Advanced_HSTS_WP_enable_flush_rules' );
function Headers_Security_Advanced_HSTS_WP_deactivate() {
remove_filter('mod_rewrite_rules', 'add_Headers_Security_Advanced_HSTS_WP_htaccess');
global $wp_rewrite;
$wp_rewrite->flush_rules();
}
register_deactivation_hook( __FILE__, 'Headers_Security_Advanced_HSTS_WP_deactivate' );
function Headers_Security_Advanced_HSTS_WP_widgets() {
wp_add_dashboard_widget(
'wpexplorer_dashboard_widget',
'<img style="max-width:30px;" src=" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAACXBIWXMAAAsTAAALEwEAmpwYAAAF0WlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNy4xLWMwMDAgNzkuOWNjYzRkZTkzLCAyMDIyLzAzLzE0LTE0OjA3OjIyICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgMjMuMyAoTWFjaW50b3NoKSIgeG1wOkNyZWF0ZURhdGU9IjIwMjItMDMtMjlUMTY6Mjk6NDgrMDI6MDAiIHhtcDpNb2RpZnlEYXRlPSIyMDIyLTA0LTI4VDE3OjA2OjUyKzAyOjAwIiB4bXA6TWV0YWRhdGFEYXRlPSIyMDIyLTA0LTI4VDE3OjA2OjUyKzAyOjAwIiBkYzpmb3JtYXQ9ImltYWdlL3BuZyIgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo0YjcxODEyNy05ZjQ0LTRmNjItOWVmYS0xODVhYjFiMDBhNTEiIHhtcE1NOkRvY3VtZW50SUQ9ImFkb2JlOmRvY2lkOnBob3Rvc2hvcDozZWZmN2E3Ni1mMzVkLTgzNDItYTczYy0zMGMyM2NlMWU5M2YiIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo0ODhiNGRmZi1lY2ViLTRhY2QtODQ0OS02YjA5Mzc1MWE1MDgiPiA8eG1wTU06SGlzdG9yeT4gPHJkZjpTZXE+IDxyZGY6bGkgc3RFdnQ6YWN0aW9uPSJjcmVhdGVkIiBzdEV2dDppbnN0YW5jZUlEPSJ4bXAuaWlkOjQ4OGI0ZGZmLWVjZWItNGFjZC04NDQ5LTZiMDkzNzUxYTUwOCIgc3RFdnQ6d2hlbj0iMjAyMi0wMy0yOVQxNjoyOTo0OCswMjowMCIgc3RFdnQ6c29mdHdhcmVBZ2VudD0iQWRvYmUgUGhvdG9zaG9wIDIzLjMgKE1hY2ludG9zaCkiLz4gPHJkZjpsaSBzdEV2dDphY3Rpb249InNhdmVkIiBzdEV2dDppbnN0YW5jZUlEPSJ4bXAuaWlkOjRiNzE4MTI3LTlmNDQtNGY2Mi05ZWZhLTE4NWFiMWIwMGE1MSIgc3RFdnQ6d2hlbj0iMjAyMi0wNC0yOFQxNzowNjo1MiswMjowMCIgc3RFdnQ6c29mdHdhcmVBZ2VudD0iQWRvYmUgUGhvdG9zaG9wIDIzLjMgKE1hY2ludG9zaCkiIHN0RXZ0OmNoYW5nZWQ9Ii8iLz4gPC9yZGY6U2VxPiA8L3htcE1NOkhpc3Rvcnk+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+y7nmEAAADnhJREFUaIHd2nm8jtXaB/Dv8zx7INveZsqhDKUZlew6iSQhkqGckHqLU71p5khFp3KS6aCj4TRQUSqJROYMkZQ5SiIkGYqdmT08z/vH2uK8b9k79Q6fd30+92c9z33fa63rt65xXdcdSSQS/j+0JLBsKUuWsHVrTPahut6f+Gcbvq5n354SIkiKEEUkv4/l91FEI8SOvpf//+j+6DGxo96P5c8Z+5n7P42LHrlftOgu5SvPc0b9F2RUWCC9TK6qF1KuWj6QSIQiRTIs/LiH9yb2lEBq/uBI9H9qU4/dIgkO7Stlw/Iqvllxg7ptB6nd7G9EsgiYicWK+fTTh0yY2FMEqVGiUUT+Fyn/mRaNklqEpCTmv3q/dZ/0FksqzmEg8+fXN2RodwQu+D+sNwnEkiiaztSn7vHVRw04DGTcuGsRdOG4F4iTl0duHrm55GQfuXKP6nNzwvO8vDDmuMGkcCibJRPacVjZFy9pc1yz5SWIJ8iLhy1JTiUplSLJFE2maAqpKYHLeTnED4PJJpFDTi7RXBJRxIjFBHEuhEQkEhTPYMOiFkeA7NhR/KfxBTElHic3Ht5LTg6TnVSKqtU5qyZVTqVCRcpUoEw5Uk8I7+YcZNdOsr5n60a+W8f6VXy7mp1bydlHdg7JMSJJRGMFb2QsiQO7048ASSQOC9nPt4hAfG4ijMgoy6mV+GM9Gjah9oWUKBXe3bGdjJIkJbPpa7Z+S0oqRYpSsiypRTn5NNKuDff37OTzT1gxl1Vz2fIVB/eQd4iUlMDhX+RQ5KdHkUQiQSSS+Bc/cdgfRPJBZMdJilLxZBpk0uY6GlwZiNv2XeBSyVI81Y+lH/Jgf7Zv5eGbieRxaH94t8a57NpGzUzqNCKzESXL/ytti6cz701WzuHHLWF8kSIkJ+X7l6Nog0iMYVsiSQWyLzfBiZVo1YybOlPrAvbsDoRNn8Qj9/JAH/bu5G+P8Wgf9u/l9rbUrsM119P3Lg4e5IcsmrSh2tmkprJiQZgnKRYIK1KMqudy/hVsXMmMEXz6Lnu/D1JzDLk/Nkdy4lQ7hUFDuerqMGLcGBbM455utGpO3kHemkC7qzi9On8fQYvzKV2eERMZ9RxvDuPGu2l6HRu/YvoYvlnF/l3IDfRF4wHU2RfRqCPnNQ7rffkxrz3AuoUUSztOjuTi8ito2oLdu1izmvvuoF0nJk9g9ZfMmMfbI/l6I2/PYMBD7NjByGmMfZnBfRj4LJmXM/AvLJpCrXpc0pxyFUhOCXIejZDI48AeNq8jYxGVzqJGJmc35PM5AcgvtAJEC8WLh0X27uXdcRzYTcuWDBvEmZUoX5oRw7nxhrDDr4+g+yPs2UXfh+nei7oN6NSAlDSeeI1KVVmzgq+/IPfQkXgrIpjq3GwWzyGzMU1uDuFJAa1gIPG80J9UMViYkmUCqK3f0OI6pr7L/t10uZ9/PErxUtz2AG0bUuNUbrqXG+pTtDjPjePL5XS9mr3bqHQOaUUEU+qIMsci7E0EKSBfP34rkJzcI5OtWs0FF5O1g00baNiUkc9SrhTF05g1g+tvZMUnLFzA25OZ8CqrPmPcApYvoNstNLiCDkODyY4IVi+ROGIlI4gfosKpYe3c3N8ByMEDoZ81k9nzeOElDu7jxyxWLmXt55xRk+WLwo42bsXwIZx2IpmX0a0zra+nfGXaN6B+A54YzpwJvPE0WVtITQSfEU3kR9zxIHLX3M2J1YOoFeCoCwayf3+Ii1Z9Rsf2/DGT3g+RhcFPsGEr/+jCmpUhDKlclc8WcU5msFDfbab9nYzoF3a2+yCmjKJvzwD8ihaccVa+J4/nA0FeNhVrhDlzDgQ9+k1A9uwJVqhVa5o2ZuAgZs/lzGpsWscB1LucIb1CuLJvT9jBs89j3nQqluKU05g0ito1Oa027S6idCo9hnH6eaxeHJxmeimy9wXLdUIaFaqRl8uBvQWeiwoGkrUzOMASJbn1VuZ8wKjRrF1G9z7c34XsvUycRrcegRs/bKd+MwY/RJXTAhFbd9KiE2tXsSObG+/iwib0voFtX1CiDNvXU7YCaenhf5WaAdC+HwuMvY4NJJIPZPcuihWj7sV07UqZDB5/l3p1eeAxut0ViO14G3e0pVxFypZn/RekZ/DSk2SkUetipo2mYhrXduW5nny1jAFvs3YJz/6F2o1p0DbMV+Vctm9g744CgRybXzFBqbduocKJNGvEzOlc0YSMdEaO4q2RjB7DsyOY+z4TP6DXYGZPYPPGoDuvP0VGBjUv5r1XqFWbjPJMGh30p+JpjB/LQSyazIg+fPo+RdLYm8WerPwT6/FyJIYdO/lhW/j/5mtMeo9ej9G2JW+8zoOP0O8RzjyD5vVpegV/bEijOsGbn12LFwZxaSY7t5O1nVa3sPxDoslc1JSXH2XzSh4YFpR8949Uqh7W3LU9xHG/jSMR9uWyeUv43+FmXhrJGZWDiD3+CIP60f4mbr85EDH0Jfo9wLZvePx5sg+GUOf2v/L20yGMb9iG0YOodSGlT2T6aNr/Ow3/xO6dpJ3ASdXCmjs3s+t7osfe82M/jUaCo/pqHRKkJNNrAHOncMH5TJlFmeLBLK9dzqQ5LJjN8y8wYCjbNjFyBB1voXg6Y0dzWaMQ+a5cyA3dQ5+czAWNGd2P1wZw7vmUrxpo2LqeAzlkxBzr5HhsIIfHfTKPzz8L1uSSi+jcOUS6Uycy8ClOymD6JyH8uLUznW6kWVu6NA9Kfm8/urUlkc3dA3i1bzjdNelIn46cWZfSFRj/NFd1on1P0suydR3rFpESLTBMObZoJXBChC+/ZulyKp1MZiZz3ufadjz+MDdczztT+WgGXW6kdRseGshjXVm+lAEjmDmWebO57eFwLnnjdTrcx46tfL6ES69h2ezgR85rFCxVemnWLuaLRRQrfkxuFAyEcDLMibN4cfCumzcFoi6/lFmL+VM7etzJnfdwx308MYS+9/HOOG7vzh+qMLAn513A9V3p1TEYhmvvZMCtVDuHS1oydgjVz6PS6cFHwYYV7DsYMiYFkVngG3EkY+7UEKY0a0mt88N5/On+jJ/GiUUZO4Hq1bmvC+9NoHQSyz7iw/dDmDFoDK/056uVPDeF90eydi2DxzL7XbZk0aUD2zZw6XVsWcuK2RRPzSfi2K1w+dDUCF+uYcmi4OFnzeLmjiyYG+KuifPZv4PrrmbOVDrfQpEUln7MxnUMn8Gnsxk2mC49KfcH/tmbFh2pXINhf+Gq9sEBrvqIClWDg/xmVcgsFiI7VDggsSh743w4O4Qrl13GyDGM/yAchW/vSMc/UzadaYtp3prd8XDiGz4l6EKvrlzdio7d6NGO9BLc+ihD7w3OtmknJg/n9LpI8Pl89vwYjEIhWuEz1Gl47S0WLeTMc/huE22volV71q/hmaGMnMTMd+nciZMrMG4J+3ZxTyfqXsQj/6R3J75bz9/e5MOJfDiN6+9ny3o+X8QlrVk1n1kjKXpCockrPJDUGPsP8uqIEHtlXspZZ4Uj79TF/KEiHa/kwYdpWJ9xn7L8I27rSJ2Lg44M7sbiufR4KqRO+9zDNTdR61LGDOauIcGgzHmLbVnBeRYyDV04vhH0rUSUt8fQvAWt/8TgF3l/DB2asGgNtSrzxjvBoT12J+PGctO/cX9fHr2N98ZQqSRzJ7DyUy6+lJt7M/QuzsgMqaCFE5k+nNLp4eQYK9xe/7riRzRKPJeXnmHTRkqVZvxb4d7zzzBmdkiLXn1RyHn1f5o7enPvdcycxDWt2bePme+FbOSDzzN6IN9u4Pb+7PiOyS+GsCZWUMr0twCBtGSmzmfkcHIOMWIcoyYHf3P9Zdz575xXh8lLObkabTL5YgUvTKBdV7IPcca5DHiH6W+EHNeTbwel/mA0MydwQvqvJuvXA4knKBWhz+OMfTN43Z076Neb8hV5dzK9hvBMHzo0p+qpjFnI1k3c2oxzMxk0PojXK/14/DXKV2HeOJ7vTqnCK/jRrfA6cnSLxUiL8+DdlClDo2bMWBESFaOG8fLToar0cB+u7sCzj/Ha81zVip7/YPQQxr9I/7HUasDSWQy7JySsYykKVxb4PYAQ6h4//MgdnXhlLBfWY9u3zJpE82u5rQdbNtGxPt9t46H+XNWBJ+9g9SKenkaN2uH3k7eESLlEScdbLTt+IPEEJVP4fgc3teLvL9C4JROXhef3d2D8GC6sQ9+XQvR6W2NOqcGbK0kpysdTGPBntm+iVMn8CtbxVc0KLiv8VGY+6vnR5emkCAfz806PDqRNJ0qX5b3XObSP+i0Y+yILp9PhThq1ZXcWM95k6D3Ec8K5PhI/dnk66eh1/2sS+7cDiUZIjpCTw/44za7k3r9y7gXBEq1eFjx2684h/bpmGcP7htA+LSV470i84Dp7oYBEI4mQqjxOILF8zkSw8xDlT6DDrbTsQJUaIeO+fjVT3+Cd5/g+i3LFjxRfC/PBwC8CiTJsaz6QjBLZdu9K/omY4wFy+F5SLGQG9ySoWJwr24Rq08yxIewoESOtWMiw/5ovH34OSDyPImk5Bm9MCcpeu/Zcc2ZfXhilKrDF46E2WC4aso4jXw6Ll4hQNi0QEc8Xpd/SIlH2/0jVOh9y2CHWrzdCUlL8OMz3L7dEIsh/uWLhKlos/9z9O3yMEImEsCg3wen1XuUwkJo1Z2vSdIq8/Nr579USiX+9fpcWCWmn/buo2/IDFc/+gMN+pF69zUqX6uGbDcWs+Ky+vAQp+Sn+w5t4mI7E73xRAJMSR7q8vHBF4pxy/nxX3nWfk07fxGE/8tWaILeffFLBqJE9fLnmIlnfV5aXXTRfmROFVvb/js+ckkREkZp6QLH0TSqettAFrQeoUmeTpGTKVz/qM6f9+ylWbJvmLR6XMbuxhR83tDurVP73Wj8PJFIIIP95zPEAiYqIJkgvu1PlM2erXnea1GI7ZO8nuQT4D6tRb7pVw9zlAAAAAElFTkSuQmCC" />Headers Security Advanced & HSTS WP',
'Headers_Security_Advanced_HSTS_WP_widget_function'
);
}
add_action( 'wp_dashboard_setup', 'Headers_Security_Advanced_HSTS_WP_widgets' );
function Headers_Security_Advanced_HSTS_WP_widget_function() {
echo '<h2><span style="color:#0ca533;">👋 <b>Congratulations</b> you are safe,</span></h2><br><b>The Headers Security Advanced & HSTS WP</b> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything).<br /><br /><span style="color:#0ca533;"></span> <br />';
echo '<script type="text/javascript" src="https://cdnjs.buymeacoffee.com/1.0.0/button.prod.min.js" data-name="bmc-button" data-slug="tentacleplugins" data-color="#FFDD00" data-emoji="" data-font="Inter" data-text="Buy me a coffee" data-outline-color="#000000" data-font-color="#000000" data-coffee-color="#ffffff" ></script>';
}
function Headers_Security_Advanced_HSTS_WP_send_header() {
header( 'Strict-Transport-Security: max-age=63072000; includeSubDomains; preload' );
}
add_action( 'send_headers', 'Headers_Security_Advanced_HSTS_WP_send_header' );
function Headers_Security_Advanced_HSTS_WP_Headers( $headers ) {
$HEadersSecurityAdvancedServerCheck = $_SERVER['SERVER_NAME'];
$HEadersSecurityAdvancedCheck = str_replace('www.','',$HEadersSecurityAdvancedServerCheck);
$HEadersSecurityAdvancedServerCheck3 = $_SERVER['SERVER_NAME'];
$headers['X-XSS-Protection'] = '1; mode=block';
$headers['Expect-CT'] = 'max-age=7776000, enforce';
$headers['Access-Control-Allow-Origin'] = 'null';
$headers['Access-Control-Allow-Methods'] = 'GET,PUT,POST,DELETE';
$headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization';
$headers['X-Content-Security-Policy'] = 'default-src \'self\'; img-src *; media-src * data:;';
$headers['X-Content-Type-Options'] = 'nosniff';
$headers['Content-Security-Policy'] = "report-uri https://$HEadersSecurityAdvancedCheck";
$headers['Referrer-Policy'] = 'no-referrer-when-downgrade';
$headers['Cross-Origin-Embedder-Policy-Report-Only'] = 'require-corp; report-to="default"';
$headers['Cross-Origin-Embedder-Policy'] = 'unsafe-none; report-to="default"';
$headers['Cross-Origin-Opener-Policy-Report-Only'] = 'same-origin; report-to="default"';
$headers['Cross-Origin-Opener-Policy'] = 'same-origin; report-to="default"';
$headers['Cross-Origin-Resource-Policy'] = 'cross-origin';
$headers['strict-dynamic'] = "https: 'self'; default-src 'self'";
$headers['X-Frame-Options'] = 'ALLOWALL';
$headers['Permissions-Policy'] = "geolocation=(self), microphone=(), accelerometer=(), gyroscope=(), magnetometer=()";
$headers['Feature-Policy'] = "payment 'self'; display-capture 'self'";
$headers['X-Permitted-Cross-Domain-Policies'] = "none";
return $headers;
}
add_filter( 'wp_headers', 'Headers_Security_Advanced_HSTS_WP_Headers' );
defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
// Headers Security Advanced & HSTS WP - VERSION
if( ! defined( 'headers-security-advanced-hsts-wp-login-version' ) ) {
define( 'headers-security-advanced-hsts-wp-login-version', '4.3.0' );
}
// Headers Security Advanced & HSTS WP
if( ! defined( 'headers-security-advanced-hsts-wp-login-name' ) ) {
define( 'headers-security-advanced-hsts-wp-login-name', 'Headers Security Advanced & HSTS WP' );
}
// Headers Security Advanced & HSTS WP - DIR
if ( ! defined( 'headers_security_advanced_hsts_wp_login_path' ) ) {
define( 'headers_security_advanced_hsts_wp_login_path', plugin_dir_path( __FILE__ ) );
}
// Headers Security Advanced & HSTS WP - URI
if ( ! defined( 'headers-security-advanced-hsts-wp-base-uri' ) ) {
define( 'headers-security-advanced-hsts-wp-base-uri', plugin_dir_url( __FILE__ ) );
}
// Headers Security Advanced & HSTS WP - MENU
add_action( 'admin_menu', 'csrf_Headers_Security_Advanced_HSTS_WP_auth' );
function csrf_Headers_Security_Advanced_HSTS_WP_auth() {
add_options_page( 'Headers Security Advanced & HSTS WP', 'Headers Security Advanced & HSTS WP', 'manage_options', 'headers_security_advanced_hsts_wp_option_menu', 'csrf_Headers_Security_Advanced_HSTS_WP_options' );
}
function csrf_Headers_Security_Advanced_HSTS_WP_options() {
if ( !current_user_can( 'manage_options' ) ) {
wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
}
echo '<div class="wrap">';
echo '<h2><span style="color:#0ca533;">👋 <b>Congratulations</b> you are safe,</span></h2><br><b>The Headers Security Advanced & HSTS WP</b> project implements HTTP response headers that your site can use to increase the security of your website. <br /><br />The plug-in will automatically set up all Best Practices (you don’t have to think about anything).<br /><br />
<br /></div></div>';
echo '<script type="text/javascript" src="https://cdnjs.buymeacoffee.com/1.0.0/button.prod.min.js" data-name="bmc-button" data-slug="tentacleplugins" data-color="#FFDD00" data-emoji="" data-font="Inter" data-text="Buy me a coffee" data-outline-color="#000000" data-font-color="#000000" data-coffee-color="#ffffff" ></script>';
echo '</div>';
}
add_filter('plugin_action_links', 'Headers_Security_Advanced_HSTS_WP_hs_links', 10, 2);
function Headers_Security_Advanced_HSTS_WP_hs_links($links, $file) {
static $this_plugin;
if (!$this_plugin) {
$this_plugin = plugin_basename(__FILE__);
}
if ($file == $this_plugin) {
$settings_link = '<a href="https://www.buymeacoffee.com/tentacleplugins">Donate a coffee</a>';
array_unshift($links, $settings_link);
}
return $links;
}
?>
\ No newline at end of file
msgid ""
msgstr ""
"Project-Id-Version: Headers Security Advanced & HSTS WP\n"
"POT-Creation-Date: 2021-11-04 20:22+0000\n"
"PO-Revision-Date: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"X-Generator: Poedit 2.4.2\n"
"X-Poedit-Basepath: .\n"
"X-Poedit-KeywordsList: _e;__\n"
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
"Last-Translator: \n"
"Language: it\n"
"X-Poedit-SearchPath-0: ..\n"
#: ../includes/headers-security-advanced-hsts-admin-login.php:109
msgid "Please upgrade to the latest version of WordPress to activate"
msgstr "Effettua l’aggiornamento all’ultima versione di WordPress"
#. Plugin Name
#: ../includes/headers-security-advanced-hsts-admin-login.php:109
#: ../includes/headers-security-advanced-hsts-admin-login.php:141
#: ../includes/headers-security-advanced-hsts-admin-login.php:168
msgid "Headers Security Advanced & HSTS WP"
msgstr "Headers Security Advanced & HSTS WP"
#: ../includes/headers-security-advanced-hsts-admin-login.php:142
msgid ""
"This option allows you to set a networkwide default, which can be overridden "
"by individual sites. Simply go to to the site’s permalink settings to change "
"the url."
msgstr ""
"Questa opzione consente di impostare un valore predefinito per l’intera "
"rete, che può essere ignorato dai singoli siti. Basta andare alle "
"impostazioni permalink del sito per modificare l’URL."
#: ../includes/headers-security-advanced-hsts-admin-login.php:145
msgid "Networkwide default"
msgstr "Predefinito per l’intera rete"
#: ../includes/headers-security-advanced-hsts-admin-login.php:175
msgid "Login url"
msgstr "Url di accesso"
#: ../includes/headers-security-advanced-hsts-admin-login.php:183
msgid "Redirect URL"
msgstr "
#: ../includes/headers-security-advanced-hsts-admin-login.php:226
#, php-format
msgid ""
"To set a networkwide default, go to <a href=\"%s\">Network Settings</a>."
msgstr ""
"Per impostare una rete predefinita ampia, andate a <a href=\\”%s"
"\\”>Impostazioni di rete</a>."
#: ../includes/headers-security-advanced-hsts-admin-login.php.php:235
msgid "Use the slug name, example: "contact-me" - DO NOT USE the full website URL. If you leave the above field empty the plugin will add a redirect to the website homepage."
msgstr ""
#: ../includes/headers-security-advanced-hsts-admin-login.php:250
#, php-format
msgid ""
"Your login page is now here: <strong><a href=\"%1$s\">%2$s</a></strong>. "
"Bookmark this page!"
msgstr ""
"La tua pagina di accesso adesso si trova qui: <strong><a href=\\”%1$s\\”>"
"%2$s</a></strong>. Metti questa pagina nei preferiti!"
#: ../includes/headers-security-advanced-hsts-admin-login.php:256
#: ../includes/headers-security-advanced-hsts-admin-login.php:258
msgid "Settings"
msgstr "Impostazioni"
#: ../includes/headers-security-advanced-hsts-admin-login.php:275
msgid "This feature is not enabled."
msgstr "Questa funzione non è abilitata."
=== Plugin Name ===
Contributors: unicorn03, unicorn07
Donate link: https://tentacleplugins.com/
Tags: headers security, hsts, http headers, insecure content, force ssl, headers, login security, xss, clickjacking, mitm, cross origin, cross site, privacy, csp
Requires at least: 4.7
Tested up to: 6.0
Stable tag: 4.8.96
Requires PHP: 7.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP/HTTPS.
== Description ==
= ENGLISH =
**Headers Security Advanced & HSTS WP** is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.
The **Headers Security Advanced & HSTS WP** project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don't have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.
This plugin is developed by TentaclePlugins, we care about WordPress security and best practices.
Check out the best features of **Headers Security Advanced & HSTS WP:**
* HSA Limit Login to block brute force attacks.
* X-XSS-Protection
* Expect-CT
* Access-Control-Allow-Origin
* Access-Control-Allow-Methods
* Access-Control-Allow-Headers
* X-Content-Security-Policy
* X-Content-Type-Options
* X-Frame-Options
* X-Permitted-Cross-Domain-Policies
* X-Powered-By
* Content-Security-Policy
* Referrer-Policy
* HTTP Strict Transport Security / HSTS
* Content-Security-Policy
* Clear-Site-Data
* Cross-Origin-Embedder-Policy-Report-Only
* Cross-Origin-Opener-Policy-Report-Only
* Cross-Origin-Embedder-Policy
* Cross-Origin-Opener-Policy
* Cross-Origin-Resource-Policy
* Permissions-Policy
* Strict-dynamic
* Strict-Transport-Security
* FLoC (Federated Learning of Cohorts)
**Headers Security Advanced & HSTS WP** is based on **OWASP CSRF** to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).
HTTP security headers are a critical part of your website's security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.
We have implemented **FLoC (Federated Learning of Cohorts)**, using best practices. First, using **Headers Security Advanced & HSTS WP** prevents the browser from including your site in the "cohort calculation" on **FLoC (Federated Learning of Cohorts)**. This means that nothing can call document.interestCohort() to get the FLoC ID of the currently used client. Obviously, this does nothing outside of your currently visited site and does not "disable" FLoC on the client beyond that scope.
Even though **FLoC** is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special **“automatic blocking of FLoC”** feature, trying to always **offer the best tool with privacy protection and cyber security** as main targets and focus.
Analyze your site before and after using *Headers Security Advanced & HSTS WP* security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security / HSTS best practices.
* Check HTTP Security Headers on <a href="https://securityheaders.com/" target="_blank">securityheaders.com</a>
* Check HTTP Strict Transport Security / HSTS at <a href="https://hstspreload.org/" target="_blank">hstspreload.org</a>
* Check WebPageTest at <a href="https://www.webpagetest.org/" target="_blank">webpagetest.org</a>
* Check HSTS test website <a href="https://gf.dev/hsts-test/" target="_blank">gf.dev/hsts-test</a>
This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.
== Frequently Asked Questions ==
= How do you get an A+ grade? =
To earn an A+ grade, your site must issue all HTTP response headers that we check. This indicates a high level of commitment to improving the security of your visitors.
= What headers are recommended? =
Over an HTTP connection we get Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Via an HTTPS connection, 2 additional headers are checked for presence which are Strict-Transport-Security and Public-Key-Pins.
* Once the plug-in is activated it performs a test (before and after): <a href="https://securityheaders.com/" target="_blank">https://securityheaders.com/</a>
= Can the plugin create slowdowns? =
No, Headers Security Advanced & HSTS WP is Fast, Secure and does not affect the SEO and speed of your website.
= What is HSTS (Strict Transport Security)? =
It was created as a solution to force the browser to use secure connections when a site is running on HTTPS. It is a security header that is added to the web server and reflected in the response header as Strict-Transport-Security. HSTS is important because it addresses the following anomalies:
= Check before and after using Preload HSTS =
This step is important to submit your website and/or domain to an approved HSTS list. Google officially compiles this list and it is used by Chrome, Firefox, Opera, Safari, IE11 and Edge. You can forward your site to the official HSTS preload directory. ('https://hstspreload.org/')
= how to use HTTP Strict Transport Security (HSTS) =
If you want to use Preload HSTS for your site, there are a few requirements before you can activate it.
* Have a valid SSL certificate. You can't do any of this anyway without it.
* You must redirect all HTTP traffic to HTTPS (recommended via permanent 301 redirects). This means that your site should be HTTPS only.
* You need to serve all subdomains in HTTPS as well. If you have subdomains, you will need an SSL certificate.
The HSTS header on your base domain (for example: example.com) is already configured you just need to activate the plug-in.
If you want to check the HSTS status of your site, you can do so here: <a href="https://hstspreload.org/" target="_blank">https://hstspreload.org/</a>
= Can I report a bug or request a feature? =
You can report bugs or request new features right <a href="mailto:tentacleplugins.support@protonmail.com">click here !</a>
= Disable FLoC, Google's advertising technology =
FLoC is a mega tracker that monitors user activity on all sites, stores the information in the browser, and then uses machine learning to place users into cohorts with similar interests. This way, advertisers can target groups of people with similar interests. Plus, according to Google's own testing, FLoC achieves at least 95% more conversions than cookies.
= Who is disabling FLoC by Google? =
Scott Helme reported that as of May 3, already 967 of the first 1 million domains had disabled FLoC's interest-cohort in their Permissions-Policy header. That list included some big sites like The Guardian and IKEA.
== Installation ==
= ITALIAN =
1. Vai in Plugin 'Aggiungi nuovo'.
2. Cerca Headers Security Advanced & HSTS WP.
3. Cerca questo plugin, scaricalo e attivalo.
4. Vai in 'impostazioni' > 'Permalink'. Cambia il tuo url di login alla voce 'Security Url'.
5. Puoi cambiare questa opzione quando vuoi, Headers Security Advanced & HSTS WP viene impostato in automatico.
= ENGLISH =
1. Go to Plugins 'Add New'.
2. Search for Headers Security Advanced & HSTS WP.
3. Search for this plugin, download and activate it.
4. Go to 'settings' > 'Permalink'. Change your login url to 'Security Url'.
5. You can change this option whenever you want, Headers Security Advanced & HSTS WP is set automatically.
= FRANÇAIS =
1. Allez dans Plugins 'Add new'.
2. Recherchez Headers Security Advanced & HSTS WP.
3. Recherchez ce plugin, téléchargez-le et activez-le.
4. Allez dans "Paramètres" > "Lien permanent". Changez votre url de connexion en 'Security Url'.
5. Vous pouvez modifier cette option quand vous le souhaitez, Headers Security Advanced & HSTS WP est réglé automatiquement.
= DEUTSCH =
1. Gehen Sie zu Plugins 'Neu hinzufügen'.
2. Suchen Sie nach Headers Security Advanced & HSTS WP.
3. Suchen Sie nach diesem Plugin, laden Sie es herunter und aktivieren Sie es.
4. Gehen Sie zu "Einstellungen" > "Permalink". Ändern Sie Ihre Login-Url in 'Security Url'.
5. Sie können diese Option jederzeit ändern, Headers Security Advanced & HSTS WP wird automatisch eingestellt.
== Screenshots ==
1. Check HTTP Security Headers (AFTER)
2. Check HTTP Security Headers (BEFORE)
3. Check HTTP Strict Transport Security / HSTS (list)
4. Check WebPageTest (AFTER)
5. Check WebPageTest (BEFORE)
6. Setting on single site installation
7. Check HTTP Security Headers - Serpworx (AFTER)
8. Check HTTP Security Headers - Serpworx (BEFORE)
9. Site-wide security setting
== Changelog ==
= 4.8.96 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.96 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Fixed: Fixed issue that could show in own console log an error of (syntax error);
- Upgrade: Speeded up loading and compatibility with some third-party plugins;
- Upgrade: Updated some optimization functions of Wordpress version 6.0;
= 4.8.94 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.94 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Update: optimization and resolution external application compatibility;
- Fixed: solved problem with some headers and debug optimizations;
= 4.8.93 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.93 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Fixed: optimization and resolution external application compatibility;
- Fixed: solved problem with some headers and debug optimizations;
- Update: We fixed some issues that could occur with the "full screen" method;
= 4.8.92 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.90 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Fixed: Compatibility with version 6.0 of Wordpress
- Fixed: redirection errors could occur ERR_TOO_MANY_REDIRECTS
= 4.8.91 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.90 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- New: Compatibility with version 6.0 of Wordpress
- Update: We fixed some issues that could occur with the "full screen" method
= 4.8.90 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.90 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- New: compatibility Wordpress 6.0
= 4.8.89 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.89 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Fixed: We fixed an issue that could occur with a renamed version of a header parameter, now we have optimized the request;
= 4.8.88 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.88 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- New: Added New X-Permitted-Cross-Domain-Policies;
- New: Optimization with the Serpworx tool (Check Your Security Headers);
- Add: Added new "Feature-Policies" such as: push=(), vibrate=(), fullscreen();
- Fixed: We fixed a problem with the debug.log file that could show the following warning (PHP Notice: Undefined index);
= 4.8.86 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.86 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Fixed: We fixed a problem with the debug.log file that could show the following warning (PHP Notice: Undefined index);
- Fixed: fixed the problem with the wordpress widget, it could cause the wrong display of the favicon;
= 4.8.85 =
We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.85 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
- Fixed: We fixed a problem with the debug.log file that could show the following warning (PHP Notice: Undefined index);
= 4.8.6 =
We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.6 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
- Fixed: We have fixed an issue with the X-Frame-Options header;
= 4.8.3 =
We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.3 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
- Fixed: This is the latest version to fix and make compatible with themes, plugins that could create conflicts with Vimeo and Youtube implementation.
= 4.8.0 =
We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.0 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
- Fixed: We have fixed some issues with Vimeo viewing
= 4.7.30 =
We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.7.30 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
- Fixed: We found some bugs and now the plugin is more optimized and happy :-D
- Fixed: We have fixed some issues with Vimeo viewing
- Update: Wordpress 5.9
= 4.7.20 =
We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.7.20 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
- New: Wordpress 5.9
- Fixed: We've listened to your feedback and have momentarily disabled the ability to customize the url
= 4.7.15 =
We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.15 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
* Fixed: we have solved the error that was shown in QueryMonitor Undefined property
= 4.7.1 =
We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.1 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
* Fixed: "All the little beings that generated errors and bugs have been exterminated. We know we are very attentive to details"
* Update: "Third-party plugin optimization such as cache, cloudflare and redirects"
= 4.7.0 =
IMPORTANT: This update optimizes and fixes some issues that may occur with a cache manager.
We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this 4.7.0 version (we've improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on "update" and we'll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do :D we are crazy but we like this
* Update: "X Powered By"
* Update: Content Security Policy optimization (CSP Header) and internal testing with Chrome, Firefox, Safari, Edge
* Updated: "accelerometer block"
* Updated: "gyroscope block"
* Updated: "magnetometer block"
* Updated: "usb block"
\ No newline at end of file
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License.
\ No newline at end of file
......
=== HTTP Headers ===
Contributors: zinoui
Donate link: https://zinoui.com/donation
Tags: custom headers, http headers, headers, security, http header, header, cross domain, cors, xss, clickjacking, mitm, cross origin, cross site, privacy, p3p, hsts, referrer, csp, caching, compression, access control, authentication
Requires at least: 3.2
Tested up to: 5.7.1
Requires PHP: 5.3
Stable tag: 1.18.5
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html
HTTP Headers adds CORS & security HTTP headers to your website.
== Description ==
HTTP Headers gives your control over the http headers returned by your blog or website.
Headers supported by HTTP Headers includes:
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Max-Age
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
- Access-Control-Expose-Headers
- Age
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- Cache-Control
- Clear-Site-Data
- Connection
- Content-Encoding
- Content-Type
- Cross-Origin-Embedder-Policy
- Cross-Origin-Opener-Policy
- Cross-Origin-Resource-Policy
- Expect-CT
- Expires
- Feature-Policy
- NEL
- Permissions-Policy
- Pragma
- P3P
- Referrer-Policy
- Report-To
- Strict-Transport-Security
- Timing-Allow-Origin
- Vary
- WWW-Authenticate
- X-Content-Type-Options
- X-DNS-Prefetch-Control
- X-Download-Options
- X-Frame-Options
- X-Permitted-Cross-Domain-Policies
- X-Powered-By
- X-Robots-Tag
- X-UA-Compatible
- X-XSS-Protection
The [getting started tutorial](https://zinoui.com/blog/http-headers-for-wordpress) describes a typical configuration of this plugin.
== Installation ==
Upload the HTTP Headers plugin to your blog. Then activate it.
That's all.
== Frequently Asked Questions ==
= Why to use this plugin? =
Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.
= Who use these headers? =
These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.
== Screenshots ==
1. This screenshot shows up the dashboard with categories of the supported headers.
2. This screenshot shows up the headers of a chosen category and their current values.
3. This screenshot shows up the settings page where you can adjust the security headers.
4. This screenshot shows up the response headers returned by the web server.
== Upgrade Notice ==
Updates are on they way, so stay tuned at [@DimitarIvanov](https://twitter.com/DimitarIvanov)
== Changelog ==
= 1.18.5 =
*Release Date - 30th April, 2021*
* Configurable paths to files who store passwords for basic/digest auth
* Fixed issue with plugin activation, due missing file
= 1.18.4 =
*Release Date - 30th April, 2021*
* Initial value of X-Robots-Tag fixed
= 1.18.3 =
*Release Date - 30th April, 2021*
* Added "X-Robots-Tag" header
* Added "interest-cohort", "layout-animations", "legacy-image-formats", "oversized-images", and "wake-lock" directive to "Permissions-Policy" header
* Added "cross-origin" value to "Cross-Origin-Resource-Policy" header
* Added "navigate-to" and "prefetch-src" directives to "Content-Security-Policy" header
= 1.18.2 =
*Release Date - 24th April, 2021*
* Configurable paths to .htaccess and .user.ini files
= 1.18.1 =
*Release Date - 29th October, 2020*
* Added "allow-downloads" and "allow-top-navigation-by-user-activation" to "sandbox" directive, part of CSP
= 1.18.0 =
*Release Date - 20th September, 2020*
* Added "Permissions-Policy" header
* Fixed "Cookie Security"
= 1.17.0 =
*Release Date - 26th July, 2020*
* Added "Cross-Origin-Embedder-Policy" header
* Added "Cross-Origin-Opener-Policy" header
= 1.16.1 =
*Release Date - 23rd July, 2020*
* Fixed JS/CSS versioning
= 1.16.0 =
*Release Date - 23rd July, 2020*
* Added the "NEL" header
* Fixed the "Report-To" header
= 1.15.2 =
*Release Date - 18th June, 2020*
* Fixed a PHP Notice at "Expires" page
* Fixed comments in .user.ini file
= 1.15.1 =
*Release Date - 9th May, 2020*
* Fixed the "Access-Control-Allow-Origin" header
= 1.15.0 =
*Release Date - 26th January, 2020*
* Added the "Cross-Origin-Resource-Policy" header
* Removed the "Public-Key-Pins" header
= 1.14.2 =
*Release Date - 25th November, 2019*
* CORS headers updated (added "Vary: Origin")
= 1.14.1 =
*Release Date - 15th September, 2019*
* Simple filtering was replaced with Dynamic filtering
= 1.14.0 =
*Release Date - 1st September, 2019*
* Added the "Content-Type" header
* Fixed the "Access-Control-Allow-Credentials" header
* Improvement to "Access-Control-Allow-Headers" header
* Improvement to "Access-Control-Allow-Methods" header
* Improvement to "Access-Control-Expose-Headers" header
* Improvement to "Cache-Control" header
* Improvement to "Vary" header
= 1.13.4 =
*Release Date - 14th July, 2019*
* Added the "always" condition to Header (unset) directive
* Fixed the "import" function
* Fixed the "Access-Control-Allow-Origin" header
= 1.13.3 =
*Release Date - 16th June, 2019*
* Bugfix in "WWW-Authenticate" header
* Added support of Apache 2.4
= 1.13.2 =
*Release Date - 13th June, 2019*
* Bugfix in "Content-Encoding" header
* Bugfix in "Vary" header
= 1.13.1 =
*Release Date - 8th June, 2019*
* Added Brotli compression
= 1.13.0 =
*Release Date - 7th June, 2019*
* Added "SameSite" to Cookie Security
* Fixed import/export function
* Code refactoring
= 1.12.2 =
*Release Date - 5th April, 2019*
* UI improvement for Content-Security-Policy
* Fix for Access-Control-Allow-Headers
* Fix for Access-Control-Allow-Origin
* Fix for Feature-Policy
= 1.12.1 =
*Release Date - 9th January, 2019*
* Remove direct calls to cURL
= 1.12.0 =
*Release Date - 5th January, 2019*
* Better handling of activate/deactivate functions
= 1.11.0 =
*Release Date - 9th December, 2018*
* Added support of "Clear-Site-Data" header
= 1.10.5 =
*Release Date - 6th November, 2018*
* Hotfix: parallel work with third-party plugins
= 1.10.4 =
*Release Date - 30th September, 2018*
* Support of following Server APIs: CGI, FastCGI, PHP-FPM
* Error handling improvement
= 1.10.3 =
*Release Date - 8th August, 2018*
* HSTS improvement
* CORS improvement
= 1.10.2 =
*Release Date - 31st July, 2018*
* Export feature bug-fixed
= 1.10.1 =
*Release Date - 18th July, 2018*
* Feature-Policy header update: new features added
= 1.10.0 =
*Release Date - 17th July, 2018*
* Added support of "Feature-Policy" header
= 1.9.5 =
*Release Date - 12th July, 2018*
* CORS bugfix
= 1.9.4 =
*Release Date - 13th January, 2018*
* In-plugin security improvement
= 1.9.3 =
*Release Date - 10th January, 2018*
* Bug fix
= 1.9.2 =
*Release Date - 4th January, 2018*
* Security improvements
= 1.9.1 =
*Release Date - 27th December, 2017*
* Updated translations
= 1.9.0 =
*Release Date - 23th December, 2017*
* Added support of "Report-To" header
* Added support of translations
* Added support of Import/Export
* Updated "Content-Security-Policy" header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
* Updated "WWW-Authenticate" header (support multiple users)
* Updated "Access-Control" headers (added list of origins)
= 1.8.0 =
*Release Date - 31st August, 2017*
* Added support of "Timing-Allow-Origin" header
* Added support of "X-Download-Options" header
* Added support of "X-DNS-Prefetch-Control" header
* Added support of "X-Permitted-Cross-Domain-Policies" header
* Added support of Custom headers
= 1.7.1 =
*Release Date - 18th August, 2017*
* PHP notice bugfixed
= 1.7.0 =
*Release Date - 15th August, 2017*
* Added support of "Content-Security-Policy-Report-Only" header
* Added support of "Public-Key-Pins-Report-Only" header
* Added "1; report=<reporting-URI>" directive to the "X-XSS-Protection" header
* Added "Inspect headers" tool
* UI bugfixes
= 1.6.0 =
*Release Date - 5th August, 2017*
* Added support of "Expect-CT" header
= 1.5.0 =
*Release Date - 30th July, 2017*
* Added support of "Age" header
* Added support of "Cache-Control" header
* Added support of "Connection" header
* Added support of "Content-Encoding" header
* Added support of "Expires" header
* Added support of "Pragma" header
* Added support of "Vary" header
* Added support of "WWW-Authenticate" header
* Added support of "X-Powered-By" header
* Added support of "Secure" and "HttpOnly" cookies
= 1.4.0 =
*Release Date - 5th July, 2017*
* Added support of Apache (via htaccess) inclusion method
= 1.3.0 =
*Release Date - 3rd June, 2017*
* Added support of Content-Security-Policy header
* Added dashboard
= 1.2.0 =
*Release Date - 28th April, 2017*
* Added support of Referrer-Policy header
= 1.1.2 =
*Release Date - 13th February, 2017*
* Added support of 'preload' directive to HSTS header
= 1.1.1 =
*Release Date - 8th November, 2016*
* Fixed typo in the X-Frame-Options header
= 1.1.0 =
*Release Date - 20th May, 2016*
* Added support of P3P header
= 1.0.0 =
*Release Date - 10th May, 2016*
* Initial version
(function ($, undefined) {
$(function() {
"use strict";
$(document).on('change', 'select[name="hh_x_frame_options_value"]', function () {
var $el = $('input[name="hh_x_frame_options_domain"]'),
readOnly = $(this).find('option:selected').val() != 'allow-from';
if ($el.length) {
$el.prop('readOnly', readOnly).toggle(!readOnly);
}
}).on('change', 'select[name="hh_x_xxs_protection_value"]', function (e) {
var $el = $('input[name="hh_x_xxs_protection_uri"]'),
readOnly = $(this).find('option:selected').val() != '1; report=';
if ($el.length) {
$el.prop('readOnly', readOnly).toggle(!readOnly);
}
}).on('change', 'select[name="hh_x_powered_by_option"]', function () {
var $el = $('input[name="hh_x_powered_by_value"]'),
readOnly = $(this).find('option:selected').val() != 'set';
if ($el.length) {
$el.prop('readOnly', readOnly).toggle(!readOnly);
}
}).on("change", "input[name^='hh_vary_value[']", function () {
if (this.name === "hh_vary_value[*]") {
if (this.checked) {
$("input[name^='hh_vary_value[']").not(this).prop("checked", false);
}
} else {
if (this.checked) {
$("input[name='hh_vary_value[*]']").prop("checked", false);
}
}
}).on("change", "input[name^='hh_access_control_allow_methods_value[']", function () {
if (this.name === "hh_access_control_allow_methods_value[*]") {
if (this.checked) {
$("input[name^='hh_access_control_allow_methods_value[']").not(this).prop("checked", false);
}
} else {
if (this.checked) {
$("input[name='hh_access_control_allow_methods_value[*]']").prop("checked", false);
}
}
}).on('change', 'select[name="hh_access_control_allow_origin_value"]', function () {
var $el = $('input[name="hh_access_control_allow_origin_url"]'),
readOnly = $(this).find('option:selected').val() != 'origin';
if ($el.length) {
$el.prop('readOnly', readOnly);//.toggle(!readOnly);
}
if (readOnly) {
$(".hh-acao").addClass("hh-hidden");
} else {
$(".hh-acao").removeClass("hh-hidden");
}
}).on('change', 'select[name="hh_timing_allow_origin_value"]', function () {
var $el = $('input[name="hh_timing_allow_origin_url"]'),
readOnly = $(this).find('option:selected').val() != 'origin';
if ($el.length) {
$el.prop('readOnly', readOnly).toggle(!readOnly);
}
}).on('change', '.http-header', function () {
var $this = $(this),
$el = $this.closest('table').find('.http-header-value');
if (!$el.length) {
return;
}
if (Number($this.val()) === 1) {
$el.prop('readOnly', false).removeAttr('readonly').removeClass('readonly');
} else {
$el.prop('readOnly', true).addClass('readonly');
}
}).on('change', 'input[name="hh_x_frame_options"]', function () {
$('select[name="hh_x_frame_options_value"]').trigger('change');
}).on('change', 'input[name="hh_x_powered_by"]', function () {
$('select[name="hh_x_powered_by_option"]').trigger('change');
}).on('change', 'input[name="hh_access_control_allow_origin"]', function () {
$('select[name="hh_access_control_allow_origin_value"]').trigger('change');
}).on('change', 'input[name="hh_timing_allow_origin"]', function () {
$('select[name="hh_timing_allow_origin_value"]').trigger('change');
}).on('submit', '#frmIspect', function (e) {
e.preventDefault();
var $this = $(this),
$box = $('#hh-result').empty();
$.post($this.attr('action'), $this.serialize()).done(function (data) {
$box.html(data);
});
return false;
}).on('change', '#authentication', function () {
var $a = $('#box-authentication');
if (this.checked) {
$a.show();
} else {
$a.hide();
}
}).on('click', '#hh-btn-add-header', function () {
$(this).closest('tr').before('<tr> \
<td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name"></td> \
<td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="' + hh.lbl_value + '"></td> \
<td><button type="button" class="button button-small hh-btn-delete-header" title="' + hh.lbl_delete + '">x</button></td> \
</tr>');
}).on('click', '.hh-btn-add-endpoint', function () {
var $tr = $(this).closest("tr");
$tr.children("td").each(function() {
if ($(this).attr("rowspan") !== undefined) {
this.rowSpan = this.rowSpan + 1;
}
});
var name,
$clone = $tr.clone().removeClass("hh-tr-first hh-tr-group-start"),
$this = $(this),
index = Math.ceil(Math.random() * 9999);
if ($tr.hasClass("hh-tr-group-end")) {
name = $tr.find("input[name$='[url]']").attr("name");
} else {
name = $tr.nextAll(".hh-tr-group-end:eq(0)").find("input[name$='[url]']").attr("name");
}
var m = name.match(/\[(\d+)\]\[url\]$/),
index = Number(m[1]) + 1;
$clone.find("td").each(function() {
if ($(this).attr("rowspan") !== undefined) {
$(this).remove();
}
});
$clone.find('input[type="text"]').val("");
$clone.find('input[type="number"]').val("");
$clone.find("td:last").html('<button type="button" class="button hh-btn-delete-endpoint" title="' + hh.lbl_delete + '">' + hh.lbl_remove_endpoint + '</button>');
$clone.find(":input").each(function () {
this.name = this.name.replace('[endpoints][0]', '[endpoints][' + index + ']');
});
$clone.addClass("hh-tr-group-end");
if ($tr.hasClass("hh-tr-group-end")) {
$tr.removeClass("hh-tr-group-end");
$tr.after($clone);
} else {
$tr.nextAll(".hh-tr-group-end:eq(0)").removeClass("hh-tr-group-end").after($clone);
}
}).on('click', '#hh-btn-add-endpoint-group', function () {
var $this = $(this),
index = Math.ceil(Math.random() * 9999),
$table = $this.closest("table"),
$clone = $table.find("tr.hh-tr-first").eq(0).clone(),
name = $table.find("tr:nth-last-child(2)").find(":input:first").attr("name"),
m = name.match(/^hh_report_to_value\[(\d+)\]/),
index = Number(m[1]) + 1;
$clone.find("td").each(function() {
if ($(this).attr("rowspan") !== undefined) {
this.rowSpan = 1;
}
});
$clone.find('input[type="text"]').val("");
$clone.find('input[type="number"]').val("");
$clone.find('input[type="checkbox"]').prop("checked", false);
$clone.find("option:first").prop("selected", true);
$clone.find("td:last").html('<button type="button" class="button hh-btn-delete-endpoint-group" title="' + hh.lbl_delete + '">' + hh.lbl_remove_group + '</button>');
$clone.find(":input").each(function () {
this.name = this.name.replace('[0]', '[' + index + ']');
});
$clone.addClass("hh-tr-group-end").removeClass("hh-tr-first");
$this.closest('tr').before($clone);
}).on('click', '.hh-btn-delete-header, .hh-btn-delete-origin, .hh-btn-delete-user, .hh-btn-delete-ac', function () {
$(this).closest('tr').remove();
}).on('click', '.hh-btn-delete-endpoint', function() {
var $group,
$tr = $(this).closest("tr");
if ($tr.prev("tr").hasClass("hh-tr-group-start")) {
$group = $tr.prev("tr");
} else {
$group = $tr.prevUntil("tr.hh-tr-group-start").prev("tr");
}
$group.children("td").each(function() {
if (this.rowSpan > 1) {
this.rowSpan = this.rowSpan - 1;
}
});
if ($tr.hasClass("hh-tr-group-end")) {
$tr.prev("tr").addClass("hh-tr-group-end");
}
$tr.remove();
}).on('click', '.hh-btn-delete-endpoint-group', function () {
var rows = $(this).closest("td").attr("rowspan");
if (rows === undefined || rows < 2) {
$(this).closest('tr').remove();
} else {
$(this).closest('tr').nextAll("tr").addBack().slice(0, rows).remove();
}
}).on("click", ".hh-btn-add-ac", function () {
var $this = $(this);
$this.closest('tr').before('<tr> \
<td><input type="text" name="' + $this.data("name") + '" class="http-header-value" size="35" /></td> \
<td><button type="button" class="button button-small hh-btn-delete-ac" title="' + hh.lbl_delete + '">x</button></td> \
</tr>');
}).on("click", ".hh-btn-add-origin", function () {
$(this).closest('tr').before('<tr class="hh-acao"> \
<td>&nbsp;</td> \
<td><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" /></td> \
<td><button type="button" class="button button-small hh-btn-delete-origin" title="' + hh.lbl_delete + '">x</button></td> \
</tr>');
}).on("click", ".hh-btn-add-user", function () {
$(this).closest('tr').before('<tr> \
<td>&nbsp;</td> \
<td><input type="text" name="hh_www_authenticate_user[]" class="http-header-value" /></td> \
<td><input type="text" name="hh_www_authenticate_pswd[]" class="http-header-value" /></td> \
<td><button type="button" class="button button-small hh-btn-delete-user" title="' + hh.lbl_delete + '">x</button></td> \
</tr>');
}).on("click", ".hh-btn-import-choose", function () {
$("#hh-import-file").trigger("click");
}).on("change", "#hh-import-file", function () {
$("#hh-import-name").html(this.files[0].name);
}).on("change", 'select[name^="hh_feature_policy_value"]', function () {
var $this = $(this),
value = $this.find("option:selected").val(),
$input = $this.siblings('input[name^="hh_feature_policy_origin"]');
if (value === "'self'" || value === "origin(s)") {
$input.show();
} else {
$input.hide();
}
}).on("change", 'select[name^="hh_permissions_policy_value"]', function () {
var $this = $(this),
value = $this.find("option:selected").val(),
$input = $this.siblings('input[name^="hh_permissions_policy_origin"]');
if (value === "self" || value === "origin(s)") {
$input.show();
} else {
$input.hide();
}
}).on("change", 'input[name^="hh_content_security_policy_value"]', function () {
var $this = $(this);
if (this.checked) {
if (/\[\*\]$/.test(this.name)) {
$this.closest("td").find('input[type="checkbox"]').not(this).prop("checked", false);
$this.closest("p").siblings("p").hide();
} else {
$this.closest("td").find('input[type="checkbox"][name$="[*]"]').prop("checked", false);
}
} else {
if (/\[\*\]$/.test(this.name)) {
$this.closest("p").siblings("p").show();
}
}
}).on("change", 'input[type="checkbox"][name="hh_cookie_security_value[SameSite]"]', function () {
if (this.checked) {
$(".hh-csv-value")
.removeClass("hh-hidden")
.find('input[type="radio"]')
.prop("disabled", false)
.filter(":first")
.prop("checked", true);
} else {
$(".hh-csv-value")
.addClass("hh-hidden")
.find('input[type="radio"]')
.prop("disabled", true);
}
});
$('.hh-tabs').on('click', 'ul a', function (e) {
e.preventDefault();
var $this = $(this);
$($this.attr('href'))
.removeClass('hh-hidden').addClass('hh-tab-active').attr('aria-hidden', 'false').attr('aria-expanded', 'true')
.siblings('div').addClass('hh-hidden').removeClass('hh-tab-active').attr('aria-hidden', 'true').attr('aria-expanded', 'false');
$this.closest('li')
.addClass('hh-active').attr('aria-selected', 'true').attr('tabindex', 0)
.siblings('li').removeClass('hh-active').attr('aria-selected', 'false').attr('tabindex', -1);
}).each(function () {
var $this = $(this),
$ul = $this.children('ul').attr('role', 'tablist'),
$li = $ul.children('li').attr('role', 'tab')
.not(':first').attr('aria-selected', 'false').attr('tabindex', -1)
.end().eq(0).attr('aria-selected', 'true').attr('tabindex', 0)
.end(),
$a = $li.find('a').attr('role', 'presentation').attr('tabindex', -1),
$div = $this.children('div').attr('role', 'tabpanel')
.not(':first').attr('aria-hidden', 'true').attr('aria-expanded', 'false')
.end().eq(0).attr('aria-hidden', 'false').attr('aria-expanded', 'true')
.end();
$li.each(function (i) {
var $this = $(this),
id = 'hh-tabs-' + Math.ceil(Math.random() * 999999) + '-' + i,
$a = $this.attr('aria-labelledby', id).find('a').attr('id', id),
href = $a.attr('href');
$this.attr('aria-controls', href.substring(1)).attr('aria-labelledby', id);
$(href).attr('aria-labelledby', id);
});
});
});
})(jQuery);
\ No newline at end of file
select.readonly,
select[readonly] {
background-color: #eee;
}
.hh-table > tbody > tr > th,
.hh-table > tbody > tr > td,
.hh-table td{
vertical-align: top;
}
.hh-table tbody td.hh-td-inner{
padding: 0;
}
.hh-table > tbody > tr > th{
width: 35%;
}
.hh-table > tbody > tr > td:nth-child(2){
width: 10%;
}
.hh-table > tbody > tr > th .description{
font-weight: normal;
}
.hh-table .hh-center{
text-align: center;
}
.hh-table .hh-middle{
vertical-align: middle;
}
.hh-table .hh-p-sm td,
.hh-table .hh-p-sm th{
padding: 8px 5px;
}
.hh-bordered{
border-collapse: collapse;
}
.hh-bordered th,
.hh-bordered td{
border: dashed 1px #999;
}
.hh-panel{
background-color: #fff;
padding: .7em 2em 1em;
-webkit-box-shadow: 0 1px 1px rgba(0,0,0,.04);
-moz-box-shadow: 0 1px 1px rgba(0,0,0,.04);
box-shadow: 0 1px 1px rgba(0,0,0,.04);
border: 1px solid #e5e5e5;
margin: 20px 0 0;
}
.hh-index-table{
border-collapse: separate;
border-spacing: 0;
width: 100%;
}
.hh-index-table tbody{
border-left: solid 1px rgba(0,0,0,.1);
border-right: solid 1px rgba(0,0,0,.1);
}
.hh-index-table th{
background-color: #fff;
font-weight: normal;
padding: 8px 10px;
text-align: left;
}
.hh-index-table td{
background-color: #fff;
color: gray;
padding: 8px 10px;
}
.hh-index-table td:first-child{
border-left: 4px solid #fff;
}
.hh-index-table .active td{
background-color: #f7fcfe;
color: green;
}
.hh-index-table .active td:first-child{
border-left: 4px solid #00a0d2;
}
.hh-index-table td{
box-shadow: 0 -1px 0 rgba(0,0,0,.1);
}
.hh-index-table .hh-status{
text-align: center;
}
.hh-index-table .hh-status span{
display: inline-block;
border-radius: 3px;
padding: 2px 5px;
}
.hh-index-table .hh-status-on span{
background-color: green;
color: #fff;
}
.hh-index-table .hh-status-off span{
background-color: #aaa;
color: #fff;
}
.hh-notice{
background-color: #FFFFCC;
margin: 20px 0;
padding: 8px 10px;
}
.hh-breadcrumbs{
}
.hh-breadcrumbs li{
display: inline-block;
}
.hh-breadcrumbs li:not(:last-child):after {
content: "\00A0\00BB\00A0";
display: inline-block;
}
.hh-breadcrumbs li a{
}
.hh-highlight{
background-color: #333;
color: #fff;
font-weight: 400;
padding: 3px 7px;
}
.hh-results{
border-collapse: collapse;
width: 100%;
}
.hh-results thead th,
.hh-results tbody td{
border-top: solid 1px #e0e0e0;
padding: 5px 5px 5px 0;
text-align: left;
}
.hh-results thead th{
border: none;
}
.hh-results tbody tr td:first-child{
white-space: nowrap;
}
.hh-results tbody tr.hh-found td{
background-color: #f7fcfe;
}
.hh-results tbody tr.hh-found td:first-child{
color: green;
}
.form-field .form-label{
font-weight: bold;
}
.form-field .form-lbl{
display: inline-block;
margin: 0 10px 0 0;
}
.form-row .form-col-6{
float: left;
width: 50%;
}
.form-row:after{
clear: left;
content: '';
display: table;
zoom: 1;
}
.hh-tabs > ul{
margin-bottom: -1px;
}
.hh-tabs > ul:after{
content: '';
display: table;
clear: left;
zoom: 1;
}
.hh-tabs > ul > li{
background-color: #fff;
border: solid 1px #ccc;
border-bottom: none;
display: inline-block;
float: left;
margin: 0 5px 0 0;
padding: 0;
}
.hh-tabs > ul > li a{
color: #222;
display: inline-block;
padding: 5px 10px;
text-decoration: none;
}
.hh-tabs > ul > li.hh-active{
border: solid 1px #222;
border-bottom-color: #fff;
}
.hh-tabs .hh-tab-active{
background-color: #fff;
border: solid 1px #222;
padding: 20px;
}
.hh-textarea-manual{
width: 100%;
}
.hh-hidden{
display: none;
}
.hh-wrapper{
}
.hh-sidebar{
float: right;
width: 20%;
}
.hh-sidebar-inner{
background-color: #fff;
border: solid 1px #92D295;
padding: 15px;
}
.hh-sidebar-inner h3{
margin: 0;
}
.hh-categories{
float: left;
width: 80%;
}
.hh-categories *{
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
}
.hh-wrapper:after,
.hh-categories:after{
content: '';
clear: both;
display: table;
zoom: 1;
}
a.hh-category{
background-color: #fff;
border: solid 1px #92D295;
display: inline-block;
float: left;
font-size: 16px;
height: 168px;
margin: 0 3% 3% 0;
position: relative;
text-align: center;
text-decoration: none;
text-transform: uppercase;
width: 30%;
}
a.hh-category i {
background-color: #92D295;
display: inline-block;
height: 48px;
margin: 35px 0 0;
text-align: center;
width: 48px;
-webkit-transform: rotate(20deg);
-moz-transform: rotate(20deg);
-ms-transform: rotate(20deg);
-o-transform: rotate(20deg);
}
a.hh-category i:after {
background-color: #92D295;
content: "";
display: inline-block;
height: 48px;
width: 48px;
-webkit-transform: rotate(135deg);
-moz-transform: rotate(135deg);
-ms-transform: rotate(135deg);
-o-transform: rotate(135deg);
}
a.hh-category span{
display: block;
color: #fff;
font-size: 24px;
font-weight: 600;
text-transform: uppercase;
left: 0;
position: absolute;
top: 48px;
width: 100%;
}
a.hh-category strong{
display: block;
font-weight: normal;
margin: 20px 0 0;
}
a.hh-category:hover{
box-shadow: 0 0 3px #6EC271;
}
a.hh-category:hover i{
-webkit-transform: rotate(160deg);
-moz-transform: rotate(160deg);
-ms-transform: rotate(160deg);
-o-transform: rotate(160deg);
-webkit-transition: -webkit-transform 0.5s ease-out;
-moz-transition: -moz-transform 0.5s ease-out;
-o-transition: -o-transform 0.5s ease-out;
transition: transform 0.5s ease-out;
}
.hh-p{
margin: 0.5em 0;
}
.hh-csv-value {
padding-left: 25px;
}
@media (min-width: 1280px) {
a.hh-category{
max-width: 260px;
}
}
@media (max-width: 960px) {
a.hh-category{
margin: 0 5% 20px;
width: 40%;
}
.hh-categories{
width: 70%;
}
.hh-sidebar{
width: 30%;
}
}
@media (max-width: 768px) {
.hh-categories{
width: 65%;
}
.hh-sidebar{
width: 35%;
}
}
@media (max-width: 640px) {
a.hh-category{
float: none;
margin: 0 0 20px;
width: 100%;
}
.hh-categories{
width: 55%;
}
.hh-sidebar{
width: 40%;
}
}
@media (max-width: 468px) {
a.hh-category{
max-width: 260px;
}
.hh-categories,
.hh-sidebar{
float: none;
margin: 0 auto;
max-width: 250px;
width: 100%;
}
}
\ No newline at end of file
<?php
/*
Plugin Name: HTTP Headers
Plugin URI: https://zinoui.com/blog/http-headers-for-wordpress
Description: A plugin for HTTP headers management including security, access-control (CORS), caching, compression, and authentication.
Version: 1.18.5
Author: Dimitar Ivanov
Author URI: https://zinoui.com
License: GPLv2 or later
Text Domain: http-headers
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/copyleft/gpl.html>.
Copyright (c) 2017-2021 Zino UI
*/
if (!defined('ABSPATH')) {
exit;
}
$options = include dirname(__FILE__) . '/views/includes/options.inc.php';
foreach ($options as $option) {
if (get_option($option[0]) === false) {
add_option($option[0], $option[1], null, 'yes');
}
}
function build_csp_value($value) {
$csp = array();
foreach ($value as $key => $val)
{
if (is_array($val))
{
$source = NULL;
if (isset($val['source']))
{
$source = $val['source'];
unset($val['source']);
}
if (!empty($val))
{
$val = join(" ", array_keys($val));
if ($source)
{
$val .= " " . $source;
}
$csp[] = sprintf("%s %s", $key, $val);
} elseif ($source) {
$csp[] = sprintf("%s %s", $key, $source);
}
} else {
if (in_array($key, array('block-all-mixed-content', 'upgrade-insecure-requests')))
{
$csp[] = $key;
}
if (in_array($key, array('plugin-types', 'report-to')) && !empty($val))
{
$csp[] = sprintf("%s %s", $key, $val);
}
}
}
if (!$csp)
{
return NULL;
}
return join('; ', $csp);
}
function get_htaccess_filename() {
return get_option('hh_htaccess_path');
}
function get_user_ini_filename() {
return get_option('hh_user_ini_path');
}
function get_htpasswd_filename() {
return get_option('hh_htpasswd_path');
}
function get_htdigest_filename() {
return get_option('hh_htdigest_path');
}
function get_http_headers() {
$statuses = array();
$unset = array();
$headers = array();
$append = array();
if (get_option('hh_x_frame_options') == 1) {
$x_frame_options_value = strtoupper(get_option('hh_x_frame_options_value'));
if ($x_frame_options_value == 'ALLOW-FROM') {
$x_frame_options_value .= ' ' . get_option('hh_x_frame_options_domain');
}
$headers['X-Frame-Options'] = $x_frame_options_value;
}
if (get_option('hh_x_powered_by') == 1) {
if (get_option('hh_x_powered_by_option') == 'set') {
$headers['X-Powered-By'] = get_option('hh_x_powered_by_value');
} else {
$unset[] = 'X-Powered-By';
}
}
if (get_option('hh_x_xxs_protection') == 1) {
$headers['X-XSS-Protection'] = get_option('hh_x_xxs_protection_value');
if ($headers['X-XSS-Protection'] == '1; report=') {
$headers['X-XSS-Protection'] .= get_option('hh_x_xxs_protection_uri');
}
}
if (get_option('hh_x_content_type_options') == 1) {
$headers['X-Content-Type-Options'] = get_option('hh_x_content_type_options_value');
}
if (get_option('hh_x_download_options') == 1) {
$headers['X-Download-Options'] = get_option('hh_x_download_options_value');
}
if (get_option('hh_x_permitted_cross_domain_policies') == 1) {
$headers['X-Permitted-Cross-Domain-Policies'] = get_option('hh_x_permitted_cross_domain_policies_value');
}
if (get_option('hh_x_dns_prefetch_control') == 1) {
$headers['X-DNS-Prefetch-Control'] = get_option('hh_x_dns_prefetch_control_value');
}
if (get_option('hh_connection') == 1) {
$headers['Connection'] = get_option('hh_connection_value');
}
if (get_option('hh_pragma') == 1) {
$headers['Pragma'] = get_option('hh_pragma_value');
}
if (get_option('hh_age') == 1) {
$headers['Age'] = sprintf("%u", get_option('hh_age_value'));
}
if (get_option('hh_cache_control') == 1) {
$hh_cache_control_value = get_option('hh_cache_control_value', array());
$tmp = array();
foreach ($hh_cache_control_value as $k => $v) {
if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) {
if (strlen($v) > 0) {
$tmp[] = sprintf("%s=%u", $k, $v);
}
} else {
$tmp[] = $k;
}
}
$hh_cache_control_value = join(', ', $tmp);
$headers['Cache-Control'] = $hh_cache_control_value;
}
if (get_option('hh_strict_transport_security') == 1) {
$hh_strict_transport_security = array();
$hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
if ($hh_strict_transport_security_max_age !== false)
{
$hh_strict_transport_security[] = sprintf('max-age=%u', get_option('hh_strict_transport_security_max_age'));
if (get_option('hh_strict_transport_security_sub_domains'))
{
$hh_strict_transport_security[] = 'includeSubDomains';
}
if (get_option('hh_strict_transport_security_preload'))
{
$hh_strict_transport_security[] = 'preload';
}
} else {
$hh_strict_transport_security = array(get_option('hh_strict_transport_security_value'));
}
$headers['Strict-Transport-Security'] = join('; ', $hh_strict_transport_security);
}
if (get_option('hh_x_ua_compatible') == 1) {
$headers['X-UA-Compatible'] = get_option('hh_x_ua_compatible_value');
}
if (get_option('hh_content_security_policy') == 1)
{
$value = get_option('hh_content_security_policy_value');
$csp = build_csp_value($value);
if ($csp)
{
$csp_report_only = get_option('hh_content_security_policy_report_only');
$headers['Content-Security-Policy'.($csp_report_only ? '-Report-Only' : NULL)] = $csp;
}
}
if (get_option('hh_access_control_allow_origin') == 1)
{
$value = get_option('hh_access_control_allow_origin_value');
switch ($value)
{
case 'origin':
$value = get_option('hh_access_control_allow_origin_url', array());
if (is_scalar($value))
{
$value = array($value);
}
break;
}
if (!empty($value))
{
$headers['Access-Control-Allow-Origin'] = $value;
}
}
if (get_option('hh_access_control_allow_credentials') == 1)
{
$headers['Access-Control-Allow-Credentials'] = get_option('hh_access_control_allow_credentials_value');
}
if (get_option('hh_access_control_max_age') == 1)
{
$value = get_option('hh_access_control_max_age_value');
if (!empty($value))
{
$headers['Access-Control-Max-Age'] = intval($value);
}
}
if (get_option('hh_access_control_allow_methods') == 1)
{
$value = get_option('hh_access_control_allow_methods_value');
if (!empty($value))
{
$headers['Access-Control-Allow-Methods'] = join(', ', array_keys($value));
}
}
if (get_option('hh_access_control_allow_headers') == 1)
{
$tmp = array();
$value = get_option('hh_access_control_allow_headers_value');
if (!empty($value))
{
$tmp = array_merge($tmp, array_keys($value));
}
$custom = get_option('hh_access_control_allow_headers_custom');
if (!empty($custom))
{
$tmp = array_merge($tmp, $custom);
}
if ($tmp)
{
$tmp = array_filter($tmp, 'trim');
$tmp = array_unique($tmp);
$headers['Access-Control-Allow-Headers'] = join(', ', $tmp);
}
}
if (get_option('hh_access_control_expose_headers') == 1)
{
$tmp = array();
$value = get_option('hh_access_control_expose_headers_value');
if (!empty($value))
{
$tmp = array_merge($tmp, array_keys($value));
}
$custom = get_option('hh_access_control_expose_headers_custom');
if (!empty($custom))
{
$tmp = array_merge($tmp, $custom);
}
if ($tmp)
{
$tmp = array_filter($tmp, 'trim');
$tmp = array_unique($tmp);
$headers['Access-Control-Expose-Headers'] = join(', ', $tmp);
}
}
if (get_option('hh_p3p') == 1)
{
$value = get_option('hh_p3p_value');
if (!empty($value))
{
$headers['P3P'] = 'CP="' . join(' ', array_keys($value)) . '"';
}
}
if (get_option('hh_referrer_policy') == 1) {
$headers['Referrer-Policy'] = get_option('hh_referrer_policy_value');
}
if (get_option('hh_cross_origin_resource_policy') == 1) {
$headers['Cross-Origin-Resource-Policy'] = get_option('hh_cross_origin_resource_policy_value');
}
if (get_option('hh_cross_origin_embedder_policy') == 1) {
$headers['Cross-Origin-Embedder-Policy'] = get_option('hh_cross_origin_embedder_policy_value');
}
if (get_option('hh_cross_origin_opener_policy') == 1) {
$headers['Cross-Origin-Opener-Policy'] = get_option('hh_cross_origin_opener_policy_value');
}
if (get_option('hh_www_authenticate') == 1) {
switch (get_option('hh_www_authenticate_type')) {
case 'Basic':
if (!(isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
&& $_SERVER['PHP_AUTH_USER'] == get_option('hh_www_authenticate_user')
&& $_SERVER['PHP_AUTH_PW'] == get_option('hh_www_authenticate_pswd'))) {
$headers['WWW-Authenticate'] = sprintf("Basic realm='%s'", get_option('hh_www_authenticate_realm'));
$statuses['HTTP/1.1'] = '401 Unauthorized';
}
break;
case 'Digest':
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
$realm = get_option('hh_www_authenticate_realm');
$headers['WWW-Authenticate'] = sprintf("Digest realm='%s',qop='auth',nonce='%s',opaque='%s'",
$realm, uniqid(), md5($realm));
$statuses['HTTP/1.1'] = '401 Unauthorized';
}
break;
}
}
if (get_option('hh_vary') == 1)
{
$value = get_option('hh_vary_value');
if (!empty($value))
{
$append['Vary'] = join(', ', array_keys($value));
}
}
if (get_option('hh_expect_ct') == 1) {
$expect_ct_max_age = get_option('hh_expect_ct_max_age');
$expect_ct_report_uri = get_option('hh_expect_ct_report_uri');
if (!empty($expect_ct_report_uri) && !empty($expect_ct_max_age)) {
$expect_ct = array();
$expect_ct[] = sprintf("max-age=%u", $expect_ct_max_age);
if (get_option('hh_expect_ct_enforce') == 1) {
$expect_ct[] = "enforce";
}
$expect_ct[] = sprintf('report-uri="%s"', $expect_ct_report_uri);
$headers['Expect-CT'] = join(', ', $expect_ct);
}
}
if (get_option('hh_custom_headers') == 1) {
$custom_headers = get_option('hh_custom_headers_value');
if (isset($custom_headers['name'], $custom_headers['value']) && !empty($custom_headers['name'])) {
foreach ($custom_headers['name'] as $key => $name) {
$name = trim($name);
$value = trim($custom_headers['value'][$key]);
if (empty($name) || empty($value)) {
continue;
}
$headers[$name] = $value;
}
}
}
$value = get_http_header('report_to');
if ($value) {
$headers['Report-To'] = $value;
}
$value = get_http_header('nel');
if ($value) {
$headers['NEL'] = $value;
}
$value = get_http_header('feature_policy');
if ($value) {
$headers['Feature-Policy'] = $value;
}
$value = get_http_header('permissions_policy');
if ($value) {
$headers['Permissions-Policy'] = $value;
}
$value = get_http_header('x_robots_tag');
if ($value) {
$headers['X-Robots-Tag'] = $value;
}
return array($headers, $statuses, $unset, $append);
}
function get_http_header($header_name) {
$fn = sprintf('get_%s_header', $header_name);
if (!function_exists($fn)) {
return NULL;
}
return call_user_func($fn);
}
function get_report_to_header() {
if (get_option('hh_report_to') != 1) {
return NULL;
}
$report_to = get_option('hh_report_to_value');
$tmp = array();
foreach ($report_to as $item) {
$endpoints = array();
foreach ($item['endpoints'] as $endpoint) {
$endpoints[] = sprintf('{"url": "%s"%s%s}',
$endpoint['url'],
is_numeric($endpoint['priority']) ? sprintf(', "priority": %u', $endpoint['priority']) : NULL,
is_numeric($endpoint['weight']) ? sprintf(', "weight": %u', $endpoint['weight']) : NULL
);
}
$tmp[] = sprintf('{"max_age": %u%s%s, "endpoints": [%s]}',
$item['max_age'],
$item['group'] ? sprintf(', "group": "%s"', $item['group']) : NULL,
$item['include_subdomains'] ? sprintf(', "include_subdomains": true') : NULL,
join(", ", $endpoints)
);
}
return join(', ', $tmp);
}
function get_x_robots_tag_header() {
if (get_option('hh_x_robots_tag') != 1) {
return NULL;
}
$hh_x_robots_tag_value = get_option('hh_x_robots_tag_value', array());
$tmp = array();
foreach ($hh_x_robots_tag_value as $k => $v) {
if ($k == 'max-snippet') {
if (is_numeric($v) && $v >= -1) {
$tmp[] = "$k:$v";
}
} elseif ($k == 'max-image-preview') {
if (!empty($v)) {
$tmp[] = "$k:$v";
}
} elseif ($k == 'max-video-preview') {
if (is_numeric($v) && $v >= -1) {
$tmp[] = "$k:$v";
}
} elseif ($k == 'unavailable_after') {
if (!empty($v)) {
$tmp[] = "$k:$v";
}
} else {
$tmp[] = $k;
}
}
return join(', ', $tmp);
}
function get_nel_header() {
if (get_option('hh_nel') != 1) {
return NULL;
}
$nel = get_option('hh_nel_value', array());
return sprintf('{"report_to": "%s", "max_age": %u%s%s%s%s%s}',
@$nel['report_to'], @$nel['max_age'],
isset($nel['include_subdomains']) ? ', "include_subdomains": true' : NULL,
array_key_exists('success_fraction', $nel) && is_numeric($nel['success_fraction']) ? ', "success_fraction": '. $nel['success_fraction'] : NULL,
array_key_exists('failure_fraction', $nel) && is_numeric($nel['failure_fraction']) ? ', "failure_fraction": '. $nel['failure_fraction'] : NULL,
isset($nel['request_headers']) && !empty($nel['request_headers']) ? sprintf(', "request_headers": ["%s"]', join('", "', array_map('trim', explode(',', $nel['request_headers'])))) : NULL,
isset($nel['response_headers']) && !empty($nel['response_headers']) ? sprintf(', "response_headers": ["%s"]', join('", "', array_map('trim', explode(',', $nel['response_headers'])))) : NULL
);
}
function get_feature_policy_header() {
if (get_option('hh_feature_policy') != 1) {
return NULL;
}
$feature_policy_feature = get_option('hh_feature_policy_feature');
$feature_policy_value = get_option('hh_feature_policy_value');
$feature_policy_origin = get_option('hh_feature_policy_origin');
$tmp = array();
$feature_policy_feature = is_array($feature_policy_feature) ? $feature_policy_feature : array();
foreach (array_keys($feature_policy_feature) as $feature) {
$value = NULL;
switch ($feature_policy_value[$feature]) {
case '*':
case "'none'":
$value = $feature_policy_value[$feature];
break;
case "'self'":
$value = $feature_policy_value[$feature];
if (!empty($feature_policy_origin[$feature])) {
$value .= " " . $feature_policy_origin[$feature];
}
break;
case 'origin(s)':
$value = $feature_policy_origin[$feature];
break;
}
$tmp[] = sprintf("%s %s", $feature, $value);
}
return join('; ', $tmp);
}
function get_permissions_policy_header() {
if (get_option('hh_permissions_policy') != 1) {
return NULL;
}
$permissions_policy_feature = get_option('hh_permissions_policy_feature');
$permissions_policy_value = get_option('hh_permissions_policy_value');
$permissions_policy_origin = get_option('hh_permissions_policy_origin');
$tmp = array();
$permissions_policy_feature = is_array($permissions_policy_feature) ? $permissions_policy_feature : array();
foreach (array_keys($permissions_policy_feature) as $feature) {
$origins = NULL;
if (!empty($permissions_policy_origin[$feature]))
{
$origins = $permissions_policy_origin[$feature];
$origins = str_replace(array('"', "'"), '', $origins);
$origins = explode(' ', $origins);
$origins = array_filter($origins);
$origins = array_unique($origins);
$origins = '"' . join('" "', $origins) . '"';
}
$value = NULL;
switch ($permissions_policy_value[$feature]) {
case '*':
$value = '*';
break;
case "none":
$value = '()';
break;
case "self":
$value = 'self';
if ($origins)
{
$value .= ' ' . $origins;
}
$value = sprintf('(%s)', $value);
break;
case 'origin(s)':
$value = sprintf('(%s)', $origins);
break;
}
$tmp[] = sprintf('%s=%s', $feature, $value);
}
return join(', ', $tmp);
}
function http_digest_parse($txt) {
$txt = stripslashes($txt);
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
$data = array();
$keys = implode('|', array_keys($needed_parts));
$matches = null;
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
foreach ($matches as $m) {
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
unset($needed_parts[$m[1]]);
}
return $needed_parts ? false : $data;
}
function php_auth_digest() {
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || get_option('hh_www_authenticate_user') != $data['username']) {
die('Wrong Credentials!');
}
$A1 = md5($data['username'] . ':' . get_option('hh_www_authenticate_realm') . ':' . get_option('hh_www_authenticate_pswd'));
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
if ($data['response'] != $valid_response) {
die('Wrong Credentials!');
}
}
function php_content_encoding() {
if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
ob_start('ob_gzhandler');
} else {
ob_start();
}
}
function php_cookie_security_directives() {
$lines = array();
if (get_option('hh_cookie_security') == 1) {
$value = get_option('hh_cookie_security_value', array());
if (isset($value['HttpOnly'])) {
$lines[] = 'session.cookie_httponly = on';
}
if (isset($value['Secure'])) {
$lines[] = 'session.cookie_secure = on';
}
if (isset($value['SameSite']) && in_array($value['SameSite'], array('None', 'Lax', 'Strict'))) {
$lines[] = sprintf('session.cookie_samesite = "%s"', $value['SameSite']);
}
}
return $lines;
}
function http_headers() {
if (!is_php_mode()) {
return;
}
// PHP method below
list($headers, $statuses, $unset, $append) = get_http_headers();
$isCors = false;
foreach ($headers as $key => $value) {
if ($key == 'Access-Control-Allow-Origin') {
if (isset($_SERVER['HTTP_ORIGIN'])) {
if (in_array($value, array('*', 'null'))) {
$isCors = true;
header(sprintf("%s: *", $key));
}
if (is_array($value) && in_array($_SERVER['HTTP_ORIGIN'], $value)) {
$isCors = true;
header(sprintf("%s: %s", $key, $_SERVER['HTTP_ORIGIN']));
header("Vary: Origin", false);
}
}
continue;
}
if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) {
if ($isCors) {
header(sprintf("%s: %s", $key, $value));
}
continue;
}
header(sprintf("%s: %s", $key, $value));
}
foreach ($append as $key => $value) {
header(sprintf("%s: %s", $key, $value), false);
}
foreach ($unset as $header) {
if (function_exists('header_remove')) {
header_remove($header);
} else {
header("$header:");
}
}
foreach ($statuses as $key => $value) {
header(sprintf("%s %s", $key, $value));
exit;
}
if (get_option('hh_www_authenticate') == 1) {
php_auth_digest();
}
if (get_option('hh_content_encoding') == 1) {
php_content_encoding();
}
}
function http_headers_admin_add_page() {
add_options_page('HTTP Headers', 'HTTP Headers', 'manage_options', 'http-headers', 'http_headers_admin_page');
}
function http_headers_admin() {
register_setting('http-headers-mtd', 'hh_method');
register_setting('http-headers-mtd', 'hh_htaccess_path');
register_setting('http-headers-mtd', 'hh_user_ini_path');
register_setting('http-headers-mtd', 'hh_htpasswd_path');
register_setting('http-headers-mtd', 'hh_htdigest_path');
register_setting('http-headers-xfo', 'hh_x_frame_options');
register_setting('http-headers-xfo', 'hh_x_frame_options_value');
register_setting('http-headers-xfo', 'hh_x_frame_options_domain');
register_setting('http-headers-xss', 'hh_x_xxs_protection');
register_setting('http-headers-xss', 'hh_x_xxs_protection_value');
register_setting('http-headers-xss', 'hh_x_xxs_protection_uri');
register_setting('http-headers-cto', 'hh_x_content_type_options');
register_setting('http-headers-cto', 'hh_x_content_type_options_value');
register_setting('http-headers-sts', 'hh_strict_transport_security');
register_setting('http-headers-sts', 'hh_strict_transport_security_value'); //obsolete
register_setting('http-headers-sts', 'hh_strict_transport_security_max_age');
register_setting('http-headers-sts', 'hh_strict_transport_security_sub_domains');
register_setting('http-headers-sts', 'hh_strict_transport_security_preload');
register_setting('http-headers-uac', 'hh_x_ua_compatible');
register_setting('http-headers-uac', 'hh_x_ua_compatible_value');
register_setting('http-headers-p3p', 'hh_p3p');
register_setting('http-headers-p3p', 'hh_p3p_value');
register_setting('http-headers-rp', 'hh_referrer_policy');
register_setting('http-headers-rp', 'hh_referrer_policy_value');
register_setting('http-headers-csp', 'hh_content_security_policy');
register_setting('http-headers-csp', 'hh_content_security_policy_value');
register_setting('http-headers-csp', 'hh_content_security_policy_report_only');
register_setting('http-headers-acao', 'hh_access_control_allow_origin');
register_setting('http-headers-acao', 'hh_access_control_allow_origin_value');
register_setting('http-headers-acao', 'hh_access_control_allow_origin_url');
register_setting('http-headers-acac', 'hh_access_control_allow_credentials');
register_setting('http-headers-acac', 'hh_access_control_allow_credentials_value');
register_setting('http-headers-acam', 'hh_access_control_allow_methods');
register_setting('http-headers-acam', 'hh_access_control_allow_methods_value');
register_setting('http-headers-acah', 'hh_access_control_allow_headers');
register_setting('http-headers-acah', 'hh_access_control_allow_headers_value');
register_setting('http-headers-acah', 'hh_access_control_allow_headers_custom');
register_setting('http-headers-aceh', 'hh_access_control_expose_headers');
register_setting('http-headers-aceh', 'hh_access_control_expose_headers_value');
register_setting('http-headers-aceh', 'hh_access_control_expose_headers_custom');
register_setting('http-headers-acma', 'hh_access_control_max_age');
register_setting('http-headers-acma', 'hh_access_control_max_age_value');
register_setting('http-headers-ce', 'hh_content_encoding');
register_setting('http-headers-ce', 'hh_content_encoding_module');
register_setting('http-headers-ce', 'hh_content_encoding_value');
register_setting('http-headers-ce', 'hh_content_encoding_ext');
register_setting('http-headers-vary', 'hh_vary');
register_setting('http-headers-vary', 'hh_vary_value');
register_setting('http-headers-xpb', 'hh_x_powered_by');
register_setting('http-headers-xpb', 'hh_x_powered_by_option');
register_setting('http-headers-xpb', 'hh_x_powered_by_value');
register_setting('http-headers-wwa', 'hh_www_authenticate');
register_setting('http-headers-wwa', 'hh_www_authenticate_type');
register_setting('http-headers-wwa', 'hh_www_authenticate_realm');
register_setting('http-headers-wwa', 'hh_www_authenticate_user');
register_setting('http-headers-wwa', 'hh_www_authenticate_pswd');
register_setting('http-headers-cc', 'hh_cache_control');
register_setting('http-headers-cc', 'hh_cache_control_value');
register_setting('http-headers-age', 'hh_age');
register_setting('http-headers-age', 'hh_age_value');
register_setting('http-headers-pra', 'hh_pragma');
register_setting('http-headers-pra', 'hh_pragma_value');
register_setting('http-headers-exp', 'hh_expires');
register_setting('http-headers-exp', 'hh_expires_value');
register_setting('http-headers-exp', 'hh_expires_type');
register_setting('http-headers-con', 'hh_connection');
register_setting('http-headers-con', 'hh_connection_value');
register_setting('http-headers-cose', 'hh_cookie_security');
register_setting('http-headers-cose', 'hh_cookie_security_value');
register_setting('http-headers-ect', 'hh_expect_ct');
register_setting('http-headers-ect', 'hh_expect_ct_max_age');
register_setting('http-headers-ect', 'hh_expect_ct_report_uri');
register_setting('http-headers-ect', 'hh_expect_ct_enforce');
register_setting('http-headers-tao', 'hh_timing_allow_origin');
register_setting('http-headers-tao', 'hh_timing_allow_origin_value');
register_setting('http-headers-tao', 'hh_timing_allow_origin_url');
register_setting('http-headers-che', 'hh_custom_headers');
register_setting('http-headers-che', 'hh_custom_headers_value');
register_setting('http-headers-xdo', 'hh_x_download_options');
register_setting('http-headers-xdo', 'hh_x_download_options_value');
register_setting('http-headers-xpcd', 'hh_x_permitted_cross_domain_policies');
register_setting('http-headers-xpcd', 'hh_x_permitted_cross_domain_policies_value');
register_setting('http-headers-xdpc', 'hh_x_dns_prefetch_control');
register_setting('http-headers-xdpc', 'hh_x_dns_prefetch_control_value');
register_setting('http-headers-rt', 'hh_report_to');
register_setting('http-headers-rt', 'hh_report_to_value');
register_setting('http-headers-fp', 'hh_feature_policy');
register_setting('http-headers-fp', 'hh_feature_policy_value');
register_setting('http-headers-fp', 'hh_feature_policy_feature');
register_setting('http-headers-fp', 'hh_feature_policy_origin');
register_setting('http-headers-pp', 'hh_permissions_policy');
register_setting('http-headers-pp', 'hh_permissions_policy_value');
register_setting('http-headers-pp', 'hh_permissions_policy_feature');
register_setting('http-headers-pp', 'hh_permissions_policy_origin');
register_setting('http-headers-csd', 'hh_clear_site_data');
register_setting('http-headers-csd', 'hh_clear_site_data_value');
register_setting('http-headers-cty', 'hh_content_type');
register_setting('http-headers-cty', 'hh_content_type_value');
register_setting('http-headers-corp', 'hh_cross_origin_resource_policy');
register_setting('http-headers-corp', 'hh_cross_origin_resource_policy_value');
register_setting('http-headers-nel', 'hh_nel');
register_setting('http-headers-nel', 'hh_nel_value');
register_setting('http-headers-coep', 'hh_cross_origin_embedder_policy');
register_setting('http-headers-coep', 'hh_cross_origin_embedder_policy_value');
register_setting('http-headers-coop', 'hh_cross_origin_opener_policy');
register_setting('http-headers-coop', 'hh_cross_origin_opener_policy_value');
register_setting('http-headers-rob', 'hh_x_robots_tag');
register_setting('http-headers-rob', 'hh_x_robots_tag_value');
}
function http_headers_option($option) {
include_once ABSPATH . 'wp-admin/includes/admin.php';
require_once ABSPATH . WPINC . '/pluggable.php';
if (isset($_POST['hh_method']))
{
check_admin_referer('http-headers-mtd-options');
# When method is changed
http_headers_activate();
} elseif (is_apache_mode()) {
# When particular header is changed
switch (true) {
case array_key_exists('hh_www_authenticate', $_POST):
check_admin_referer('http-headers-wwa-options');
update_auth_credentials();
update_auth_directives();
break;
case array_key_exists('hh_content_encoding', $_POST):
check_admin_referer('http-headers-ce-options');
update_content_encoding_directives();
break;
case array_key_exists('hh_content_type', $_POST):
check_admin_referer('http-headers-cty-options');
update_content_type_directives();
break;
case array_key_exists('hh_expires', $_POST):
check_admin_referer('http-headers-exp-options');
update_expires_directives();
break;
case array_key_exists('hh_cookie_security', $_POST):
check_admin_referer('http-headers-cose-options');
update_cookie_security_directives();
break;
case array_key_exists('hh_timing_allow_origin', $_POST):
check_admin_referer('http-headers-tao-options');
update_timing_directives();
break;
case array_key_exists('option_page', $_POST) && strpos($_POST['option_page'], 'http-headers-') === 0:
check_admin_referer($_POST['option_page'].'-options');
update_headers_directives();
break;
}
}
}
function nginx_headers_directives() {
$lines = array();
list($headers, , $unset, $append) = get_http_headers();
foreach ($unset as $header) {
$lines[] = sprintf(' more_clear_headers "%s";', $header);
}
$cors = $cors_header = $cors_inner = $cors_footer = array();
$all = array();
foreach ($headers as $key => $value) {
if (in_array($key, array('WWW-Authenticate'))) {
continue;
}
if (in_array($key, array('X-Content-Type-Options'))) {
$all[] = sprintf('add_header %s %s always;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
continue;
}
if ($key == 'Access-Control-Allow-Origin' && is_array($value)) {
$cors_header[] = sprintf('if ($http_origin ~* ^(%s)$) {', str_replace('.', '\.', join('|', $value)));
$cors_footer[] = '}';
$cors_inner[] = ' add_header Access-Control-Allow-Origin "$http_origin";';
if (!in_array('*', $value))
{
$cors_inner[] = ' add_header Vary "Origin";';
}
continue;
}
if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) {
$cors_inner[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
continue;
}
$lines[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
}
foreach ($append as $key => $value) {
$lines[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
}
if (!empty($cors_inner))
{
$cors = array_merge(
$cors_header,
$cors_inner,
$cors_footer
);
}
if (!empty($lines)) {
$lines = array_merge(
$all,
$cors,
array('location ~* \.(php|html)$ {'),
$lines,
array('}')
);
}
return $lines;
}
function nginx_content_encoding_directives() {
$lines = array();
if (get_option('hh_content_encoding') == 1) {
$lines[] = 'gzip on;';
$content_encoding_value = get_option('hh_content_encoding_value');
if (!$content_encoding_value) {
$content_encoding_value = array();
}
$content_encoding_ext = get_option('hh_content_encoding_ext');
if (!$content_encoding_ext) {
$content_encoding_ext = array();
}
if (!empty($content_encoding_ext)) {
//$lines[] = sprintf('<FilesMatch "\.(%s)$">', join('|', array_keys($content_encoding_ext)));
}
if (!empty($content_encoding_value)) {
$lines[] = sprintf('gzip_types %s;', join(' ', array_keys($content_encoding_value)));
}
}
return $lines;
}
function nginx_content_type_directives() {
$lines = array();
if (get_option('hh_content_type') == 1) {
$values = get_option('hh_content_type_value', array());
foreach ($values as $ext => $media_type) {
$lines[] = sprintf("%s %s;", $media_type, $ext);
}
}
return $lines;
}
function nginx_expires_directives() {
$lines = array();
if (get_option('hh_expires') == 1) {
$types = get_option('hh_expires_type', array());
$values = get_option('hh_expires_value', array());
$lines[] = 'map $sent_http_content_type $expires {';
foreach (array_keys($types) as $type) {
list($base, $period, $suffix) = explode('_', $values[$type]);
if (in_array($base, array('access', 'modification'))) {
$lines[] = $type != 'default'
? sprintf(' %s %u%s;', $type, $period, $suffix[0])
: sprintf(' default %u%s;', $period, $suffix[0]);
} elseif ($base == 'invalid') {
$lines[] = $type != 'default'
? sprintf(' %s 0;', $type)
: sprintf(' default 0;');
}
}
$lines[] = '}';
$lines[] = 'expires $expires;';
}
return $lines;
}
function nginx_timing_directives() {
$lines = array();
if (get_option('hh_timing_allow_origin') == 1) {
$value = get_option('hh_timing_allow_origin_value');
switch ($value)
{
case 'origin':
$value = get_option('hh_timing_allow_origin_url');
break;
}
if (!empty($value))
{
$lines[] = 'location ~* \.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$ {';
$lines[] = sprintf(' add_header Timing-Allow-Origin "%s";', $value);
$lines[] = '}';
}
}
return $lines;
}
function nginx_auth_directives() {
$lines = array();
if (get_option('hh_www_authenticate') == 1) {
$type = get_option('hh_www_authenticate_type');
$file = $type == 'Basic' ? get_htpasswd_filename() : get_htdigest_filename();
$lines[] = sprintf('location ~ ^%s$ {', str_replace('.', '\.', basename($file)));
$lines[] = ' deny all;';
$lines[] = '}';
$lines[] = sprintf('location %s {', get_home_path());
if ($type == 'Basic') {
$lines[] = sprintf(' auth_basic "%s";', get_option('hh_www_authenticate_realm'));
$lines[] = sprintf(' auth_basic_user_file %s;', $file);
} else {
$lines[] = sprintf(' auth_digest "%s";', get_option('hh_www_authenticate_realm'));
$lines[] = sprintf(' auth_digest_user_file %s;', $file);
}
$lines[] = '}';
}
return $lines;
}
function nginx_auth_credentials() {
return apache_auth_credentials();
}
function nginx_cookie_security_directives() {
$lines = array();
//TODO
return $lines;
}
function nginx_check_requirements() {
//TODO scheduled for v2.0.0
return true;
}
function iis_headers_directives() {
//TODO scheduled for v2.0.0
}
function iis_content_encoding_directives() {
//TODO scheduled for v2.0.0
}
function iis_content_type_directives() {
//TODO scheduled for v2.0.0
}
function iis_expires_directives() {
//TODO scheduled for v2.0.0
}
function iis_timing_directives() {
//TODO scheduled for v2.0.0
}
function iis_auth_directives() {
//TODO scheduled for v2.0.0
}
function iis_auth_credentials() {
//TODO scheduled for v2.0.0
}
function iis_cookie_security_directives() {
//TODO scheduled for v2.0.0
}
function iis_check_requirements() {
//TODO scheduled for v2.0.0
return true;
}
function apache_headers_directives() {
$lines = array();
list($headers, , $unset, $append) = get_http_headers();
foreach ($unset as $header) {
$lines[] = sprintf(' Header always unset %s', $header);
$lines[] = sprintf(' Header unset %s', $header);
}
$all = array();
foreach ($headers as $key => $value) {
if (in_array($key, array('WWW-Authenticate'))) {
continue;
}
if (in_array($key, array('X-Content-Type-Options'))) {
$all[] = sprintf(' Header always set %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
continue;
}
if ($key == 'Strict-Transport-Security') {
$lines[] = sprintf(' Header set %s %s env=HTTPS', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
continue;
}
if ($key == 'Access-Control-Allow-Origin') {
$all[] = ' <IfModule mod_setenvif.c>';
if (!is_array($value)) {
if ($value) {
$value = array($value);
} else {
$value = array();
}
}
//$value[] = 'null';
if (is_array($value))
{
$all[] = sprintf(' SetEnvIf Origin "^(%s)$" CORS=$0', str_replace(array('.', '*'), array('\.', '.+'), join('|', $value)));
} else {
$all[] = ' SetEnvIf Origin "^(.+)$" CORS=$0';
}
$all[] = ' </IfModule>';
$all[] = ' Header set Access-Control-Allow-Origin %{CORS}e env=CORS';
if (!in_array('*', $value))
{
$all[] = ' Header append Vary "Origin" env=CORS';
}
continue;
}
if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) {
$all[] = sprintf(' Header set %s %s env=CORS', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
continue;
}
$lines[] = sprintf(' Header set %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
}
foreach ($append as $key => $value) {
$lines[] = sprintf(' Header append %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
}
if (!empty($lines) || !empty($all)) {
$lines = array_merge(
array('<IfModule mod_headers.c>'),
$all,
array(' <FilesMatch "\.(php|html)$">'),
$lines,
array(' </FilesMatch>', '</IfModule>')
);
}
return $lines;
}
function apache_content_encoding_directives() {
$lines = array();
if (get_option('hh_content_encoding') == 1) {
$content_encoding_module = get_option('hh_content_encoding_module');
$module = 'mod_deflate.c';
$filter = 'DEFLATE';
$accept_encoding = 'gzip';
if ($content_encoding_module == 'brotli') {
$module = 'mod_brotli.c';
$filter = 'BROTLI_COMPRESS';
$accept_encoding = 'br';
}
$content_encoding_value = get_option('hh_content_encoding_value');
if (!$content_encoding_value) {
$content_encoding_value = array();
}
$content_encoding_ext = get_option('hh_content_encoding_ext');
if (!$content_encoding_ext) {
$content_encoding_ext = array();
}
$type = join('|', array_keys($content_encoding_value));
$ext = join('|', array_keys($content_encoding_ext));
if (!empty($type) && !empty($ext)) {
$expression = sprintf('(%%{CONTENT_TYPE} =~ m#^(%1$s)# || %%{REQUEST_FILENAME} =~ /.(%2$s)$/)', $type, $ext);
} elseif (!empty($type)) {
$expression = sprintf('%%{CONTENT_TYPE} =~ m#^(%1$s)#', $type);
} elseif (!empty($ext)) {
$expression = sprintf('%%{REQUEST_FILENAME} =~ /.(%1$s)$/', $ext);
}
if (isset($expression)) {
$lines[] = '<IfModule mod_filter.c>';
$lines[] = ' FilterDeclare HttpHeaders';
if (in_array($content_encoding_module, array('brotli', 'deflate'))) {
$lines[] = sprintf('<IfModule %s>', $module);
$lines[] = sprintf(' FilterProvider HttpHeaders %1$s "%%{HTTP:Accept-Encoding} =~ /%2$s/ && %3$s"', $filter, $accept_encoding, $expression);
$lines[] = ' </IfModule>';
} else {
$lines[] = ' <IfModule mod_deflate.c>';
$lines[] = ' <IfModule !mod_brotli.c>';
$lines[] = sprintf(' FilterProvider HttpHeaders DEFLATE "%%{HTTP:Accept-Encoding} =~ /gzip/ && %1$s"', $expression);
$lines[] = ' </IfModule>';
$lines[] = ' </IfModule>';
$lines[] = ' <IfModule mod_brotli.c>';
$lines[] = sprintf(' FilterProvider HttpHeaders BROTLI_COMPRESS "%%{HTTP:Accept-Encoding} =~ /br/ && %1$s"', $expression);
$lines[] = ' </IfModule>';
}
$lines[] = ' FilterChain HttpHeaders';
$lines[] = '</IfModule>';
}
}
return $lines;
}
function apache_expires_directives() {
$lines = array();
if (get_option('hh_expires') == 1) {
$types = get_option('hh_expires_type', array());
$values = get_option('hh_expires_value', array());
$lines[] = '<IfModule mod_expires.c>';
$lines[] = ' ExpiresActive On';
foreach (array_keys($types) as $type) {
list($base, $period, $suffix) = explode('_', $values[$type]);
if (in_array($base, array('access', 'modification'))) {
$lines[] = $type != 'default'
? sprintf(' ExpiresByType %s "%s plus %u %s"', $type, $base, $period, $suffix)
: sprintf(' ExpiresDefault "%s plus %u %s"', $base, $period, $suffix);
} elseif ($base == 'invalid') {
$lines[] = $type != 'default'
? sprintf(' ExpiresByType %s A0', $type)
: sprintf(' ExpiresDefault A0');
}
}
$lines[] = '</IfModule>';
}
return $lines;
}
function apache_content_type_directives() {
$lines = array();
if (get_option('hh_content_type') == 1) {
$values = get_option('hh_content_type_value', array());
$lines[] = '<IfModule mod_mime.c>';
foreach ($values as $ext => $media_type) {
$lines[] = sprintf(" AddType %s .%s", $media_type, $ext);
}
$lines[] = '</IfModule>';
}
return $lines;
}
function apache_timing_directives() {
$lines = array();
if (get_option('hh_timing_allow_origin') == 1) {
$value = get_option('hh_timing_allow_origin_value');
switch ($value)
{
case 'origin':
$value = get_option('hh_timing_allow_origin_url');
break;
}
if (!empty($value))
{
$lines[] = '<IfModule mod_headers.c>';
$lines[] = ' <FilesMatch "\\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$">';
$lines[] = sprintf(' Header set Timing-Allow-Origin "%s"', $value);
$lines[] = ' </FilesMatch>';
$lines[] = '</IfModule>';
}
}
return $lines;
}
function apache_auth_directives() {
$lines = array();
if (get_option('hh_www_authenticate') == 1) {
$type = get_option('hh_www_authenticate_type');
$file = $type == 'Basic' ? get_htpasswd_filename() : get_htdigest_filename();
$lines[] = sprintf('<FilesMatch "^%s$">', str_replace('.', '\.', basename($file)));
$lines[] = ' <IfModule mod_authz_core.c>';
$lines[] = ' Require all denied';
$lines[] = ' </IfModule>';
$lines[] = ' <IfModule !mod_authz_core.c>';
$lines[] = ' Order deny,allow';
$lines[] = ' Deny from all';
$lines[] = ' </IfModule>';
$lines[] = '</FilesMatch>';
// no empty AuthName
$realm = get_option('hh_www_authenticate_realm'); // AuthName
$realm = ($realm == '') ? 'restricted area':$realm; // Empty => give fixed value
$lines[] = sprintf('<IfModule mod_auth_%s.c>', strtolower($type));
$lines[] = sprintf(' AuthType %s', get_option('hh_www_authenticate_type'));
$lines[] = sprintf(' AuthName "%s"', $realm);
$lines[] = sprintf(' AuthUserFile "%s"', $file);
$lines[] = ' Require valid-user';
$lines[] = '</IfModule>';
}
return $lines;
}
function apache_auth_credentials() {
if (get_option('hh_www_authenticate') == 1) {
$type = get_option('hh_www_authenticate_type');
$usernames = get_option('hh_www_authenticate_user', array());
$passwords = get_option('hh_www_authenticate_pswd', array());
if (!is_array($usernames)) {
$usernames = array($usernames);
}
if (!is_array($passwords)) {
$passwords = array($passwords);
}
$realm = get_option('hh_www_authenticate_realm');
$auth = array();
switch ($type) {
case 'Basic':
$ht_file = get_htpasswd_filename();
foreach ($usernames as $k => $user) {
$auth[] = sprintf('%s:{SHA}%s', $user, base64_encode(sha1($passwords[$k], true)));
}
break;
case 'Digest':
$ht_file = get_htdigest_filename();
foreach ($usernames as $k => $user) {
$auth[] = sprintf('%s:%s:%s', $user, $realm, md5($user.':'.$realm.':'.$passwords[$k]));
}
break;
}
$auth = join("\n", $auth);
return compact('ht_file', 'auth');
}
return false;
}
function apache_cookie_security_directives() {
$lines = array();
if (get_option('hh_cookie_security') == 1) {
$value = get_option('hh_cookie_security_value', array());
$str = '';
if (isset($value['HttpOnly'])) {
$str .= ';HttpOnly';
}
if (isset($value['Secure'])) {
$str .= ';Secure';
}
if (isset($value['SameSite']) && in_array($value['SameSite'], array('None', 'Lax', 'Strict'))) {
$str .= ';SameSite=' . $value['SameSite'];
}
if ($str) {
$lines[] = '<IfModule mod_headers.c>';
$lines[] = ' Header always edit Set-Cookie (.*) "$1'.$str.'"';
$lines[] = '</IfModule>';
}
}
return $lines;
}
function apache_check_requirements() {
return check_filename(get_htaccess_filename());
}
function update_headers_directives() {
$result = false;
if (is_apache_mode()) {
$lines = apache_headers_directives();
$result = insert_with_markers(get_htaccess_filename(), "HttpHeaders", $lines);
}
return $result;
}
function update_content_encoding_directives() {
$lines = array();
if (is_apache_mode()) {
$lines = apache_content_encoding_directives();
}
return insert_with_markers(get_htaccess_filename(), "HttpHeadersCompression", $lines);
}
function update_expires_directives() {
$lines = array();
if (is_apache_mode()) {
$lines = apache_expires_directives();
}
return insert_with_markers(get_htaccess_filename(), "HttpHeadersExpires", $lines);
}
function update_content_type_directives() {
$lines = array();
if (is_apache_mode()) {
$lines = apache_content_type_directives();
}
return insert_with_markers(get_htaccess_filename(), "HttpHeadersContentType", $lines);
}
function update_timing_directives() {
$lines = array();
if (is_apache_mode()) {
$lines = apache_timing_directives();
}
return insert_with_markers(get_htaccess_filename(), "HttpHeadersTiming", $lines);
}
function update_auth_directives() {
$lines = array();
if (is_apache_mode()) {
$lines = apache_auth_directives();
}
return insert_with_markers(get_htaccess_filename(), "HttpHeadersAuth", $lines);
}
function update_auth_credentials() {
if (is_apache_mode()) {
$credentials = apache_auth_credentials();
if (isset($credentials['ht_file']) && !empty($credentials['ht_file']))
{
return @file_put_contents($credentials['ht_file'], $credentials['auth'], LOCK_EX);
}
}
return false;
}
function update_cookie_security_directives() {
$lines = array();
$is_apache = is_apache_mode();
$htaccess = get_htaccess_filename();
$is_cgi = strpos(PHP_SAPI, 'cgi') !== false;
if ($is_cgi) {
$filename = get_user_ini_filename();
$lines = php_cookie_security_directives();
} elseif ($is_apache) {
$filename = $htaccess;
$lines = apache_cookie_security_directives();
}
if (!$is_apache) {
insert_with_markers($htaccess, "HttpHeadersCookieSecurity", array());
}
if ($is_cgi) {
return update_user_ini_filename($filename, "HttpHeadersCookieSecurity", $lines);
}
return insert_with_markers($filename, "HttpHeadersCookieSecurity", $lines);
}
function update_user_ini_filename($filename, $marker, $insertion) {
if (!is_array($insertion)) {
$insertion = explode("\n", $insertion);
}
$start_marker = "; BEGIN " . $marker;
$end_marker = "; END " . $marker;
$data = "";
if (is_file($filename)) {
$data = @file_get_contents($filename);
}
$string = $start_marker;
if ($insertion)
{
$string .= "\n".join("\n", $insertion);
}
$string .= "\n".$end_marker;
$pattern = '/'.$start_marker.'.*'.$end_marker.'/isU';
if (preg_match($pattern, $data)) {
$data = preg_replace($pattern, $string, $data);
} else {
$data .= "\n".$string;
}
$bytes = @file_put_contents($filename, $data, LOCK_EX);
return !!$bytes;
}
function is_php_mode() {
return get_option('hh_method') == 'php';
}
function is_apache_mode() {
return get_option('hh_method') == 'htaccess';
}
function is_samesite_supported() {
return version_compare(PHP_VERSION, '7.3.0', '>=');
}
function http_headers_text_domain() {
load_plugin_textdomain('http-headers', false, basename( dirname( __FILE__ ) ) . '/languages/');
}
function http_headers_settings_link( $links ) {
$url = get_admin_url() . 'options-general.php?page=http-headers';
$settings_link = '<a href="' . $url . '">' . __('Settings', 'http-headers') . '</a>';
array_unshift( $links, $settings_link );
return $links;
}
function http_headers_after_setup_theme() {
add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'http_headers_settings_link');
}
function http_headers_enqueue($hook) {
if ( 'http-headers.php' != $hook ) {
# FIXME
//return;
}
wp_enqueue_script('http_headers_admin_scripts', plugin_dir_url( __FILE__ ) . 'assets/scripts.js', array(), '1.16.1', true);
wp_localize_script('http_headers_admin_scripts', 'hh', array(
'lbl_delete' => __('Delete', 'http-headers'),
'lbl_value' => __('Value', 'http-headers'),
'lbl_remove_endpoint' => __('Remove endpoint', 'http-headers'),
'lbl_remove_group' => __('Remove group', 'http-headers'),
));
wp_enqueue_style('http_headers_admin_styles', plugin_dir_url( __FILE__ ) . 'assets/styles.css', array(), '1.16.1');
}
function http_headers_ajax_inspect() {
check_ajax_referer('inspect');
if (current_user_can('manage_options')) {
include 'views/ajax-inspect.php';
}
wp_die();
}
function http_headers_post_import() {
check_admin_referer('import');
global $wpdb;
if (!(isset($_FILES['file']['tmp_name'])
&& is_uploaded_file($_FILES['file']['tmp_name'])
&& $_FILES['file']['error'] == UPLOAD_ERR_OK
)) {
wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=ERR&code=100", get_admin_url()));
exit;
}
$string = @file_get_contents($_FILES['file']['tmp_name']);
if ($string === false) {
wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=ERR&code=101", get_admin_url()));
exit;
}
$arr = preg_split('/;(\s+)?\n/', $string);
foreach ($arr as $statement) {
$statement = preg_replace("/(INSERT\s*INTO\s*)[\w\_]+options/", '${1}'.$wpdb->options, $statement);
$wpdb->query($statement);
}
wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=OK", get_admin_url()));
exit;
}
function http_headers_post_export() {
check_admin_referer('export');
global $wpdb;
$options = include dirname(__FILE__) . '/views/includes/options.inc.php';
$opts = array();
foreach ($options as $option)
{
$opts[] = $option[0];
}
$statement = sprintf("SELECT * FROM %s WHERE option_name IN ('%s');", $wpdb->options, join("','", $opts));
$results = $wpdb->get_results($statement, ARRAY_A);
$sql = array();
$indexes = array();
foreach ($options as $option)
{
foreach ($results as $item)
{
if ($item['option_name'] == $option[0])
{
$indexes[$option[0]] = 1;
$value = str_replace("'", "''", $item['option_value']);
$query = array();
$query[] = sprintf("INSERT INTO %s (option_id, option_name, option_value, autoload)", $wpdb->options);
$query[] = sprintf("VALUES (NULL, '%s', '%s', '%s')", $item['option_name'], $value, $item['autoload']);
$query[] = sprintf("ON DUPLICATE KEY UPDATE option_value = '%s', autoload = '%s';", $value, $item['autoload']);
$sql[] = join("\n", $query);
break;
}
}
if (!isset($indexes[$option[0]]))
{
$query = array();
$query[] = sprintf("INSERT INTO %s (option_id, option_name, option_value, autoload)", $wpdb->options);
$query[] = sprintf("VALUES (NULL, '%s', '%s', 'yes')", $option[0], $option[1]);
$query[] = sprintf("ON DUPLICATE KEY UPDATE option_value = '%s', autoload = 'yes';", $option[1]);
$sql[] = join("\n", $query);
}
}
$sql = join("\n\n", $sql);
$length = function_exists('mb_strlen') ? mb_strlen($sql) : strlen($sql);
$name = sprintf('WP-HTTP-Headers-%u.sql', time());
# Send headers
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private', false);
header('Content-Transfer-Encoding: binary');
header('Content-Disposition: attachment; filename="'.$name.'";');
header('Content-Type: application/sql');
header('Content-Length: ' . $length);
echo $sql;
exit;
}
function check_filename($filename) {
if (!is_file($filename)) {
return -1;
}
clearstatcache();
if (!is_writable($filename)) {
return -2;
}
return true;
}
function get_web_server_filename() {
if (is_apache_mode()) {
return get_htaccess_filename();
}
return NULL;
}
function check_web_server_requirements() {
if (is_apache_mode()) {
return apache_check_requirements();
}
return true;
}
function check_php_requirements() {
if (strpos(PHP_SAPI, 'cgi') !== false) {
// cgi, cgi-fcgi, fpm-fcgi
return check_filename(get_user_ini_filename());
}
return true;
}
function http_headers_logout() {
if (get_option('hh_clear_site_data') == 1) {
$values = get_option('hh_clear_site_data_value', array());
$tmp = array_keys($values);
if ($tmp) {
header(sprintf('Clear-Site-Data: "%s"', join('", "', $tmp)));
}
}
}
function http_headers_activate() {
update_headers_directives();
update_auth_credentials();
update_auth_directives();
update_content_encoding_directives();
update_content_type_directives();
update_expires_directives();
update_cookie_security_directives();
update_timing_directives();
}
function http_headers_deactivate() {
$filename = get_htaccess_filename();
insert_with_markers($filename, "HttpHeaders", array());
insert_with_markers($filename, "HttpHeadersCompression", array());
insert_with_markers($filename, "HttpHeadersContentType", array());
insert_with_markers($filename, "HttpHeadersExpires", array());
insert_with_markers($filename, "HttpHeadersTiming", array());
insert_with_markers($filename, "HttpHeadersAuth", array());
insert_with_markers($filename, "HttpHeadersCookieSecurity", array());
}
register_activation_hook(__FILE__, 'http_headers_activate');
register_deactivation_hook(__FILE__, 'http_headers_deactivate');
add_action('wp_logout', 'http_headers_logout');
if ( is_admin() ){ // admin actions
add_action('admin_menu', 'http_headers_admin_add_page');
add_action('admin_init', 'http_headers_admin');
add_action("added_option", 'http_headers_option');
add_action("updated_option", 'http_headers_option');
add_action('admin_enqueue_scripts', 'http_headers_enqueue');
add_action('after_setup_theme', 'http_headers_after_setup_theme');
add_action('plugins_loaded', 'http_headers_text_domain');
add_action('wp_ajax_inspect', 'http_headers_ajax_inspect');
add_action('admin_post_import', 'http_headers_post_import');
add_action('admin_post_export', 'http_headers_post_export');
} else {
// non-admin enqueues, actions, and filters
add_action('send_headers', 'http_headers');
}
function http_headers_admin_page() {
include 'views/index.php';
}
\ No newline at end of file
msgid ""
msgstr ""
"Project-Id-Version: HTTP Headers in Bulgarian\n"
"POT-Creation-Date: 2017-17-12 19:26:00+02:00\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"MIME-Version: 1.0\n"
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/http-headers\n"
"PO-Revision-Date: 2017-17-12 19:26:00+02:00\n"
"Last-Translator: Dimitar Ivanov <biggie4life@gmail.com>\n"
"Language-Team: Dimitar Ivanov <biggie4life@gmail.com>\n"
#: views/includes/config.inc.php:2
msgid "Off"
msgstr "Изкл."
#: views/includes/config.inc.php:2
msgid "On"
msgstr "Вкл."
#: includes/config.inc.php:5
msgid "Security"
msgstr "Сигурност"
#: includes/config.inc.php:6
msgid "Access control"
msgstr "Контрол на достъпа"
#: includes/config.inc.php:7
msgid "Authentication"
msgstr "Удостоверяване"
#: includes/config.inc.php:8
msgid "Compression"
msgstr "Компресия"
#: includes/config.inc.php:10
msgid "Caching"
msgstr "Кеширане"
#: includes/config.inc.php:11
msgid "Miscellaneous"
msgstr "Общи"
#: includes/breadcrumbs.inc.php:2
msgid "Dashboard"
msgstr "Табло"
#: includes/breadcrumbs.inc.php:11
msgid "Advanced settings"
msgstr "Разширени настройки"
#: includes/breadcrumbs.inc.php:13
msgid "Inspect headers"
msgstr "Проверка на хедърите"
#: views/index.php:13
msgid "Error!"
msgstr "Грешка!"
#: views/index.php:16
msgid "The following file was not found. Please make sure the file exists and has write permissions:"
msgstr "Следният файл не бе намерен. Моля уверете се, че файла съществува и има права за писане:"
#: views/index.php:18
msgid "Please make sure the following file has write permissions:"
msgstr "Моля уверете се, че следният файл има права за писане:"
#: views/index.php:28
msgid "Warning!"
msgstr "Внимание!"
#: views/index.php:40
msgid "Quick links"
msgstr "Бързи връзки"
#: views/index.php:41
msgid "Getting started"
msgstr "Ръководство за начинаещи"
#: views/index.php:43
msgid "Manual setup"
msgstr "Ръчна настройка"
#: views/dashboard.php:47
msgid "Donate"
msgstr "Дари"
#: views/dashboard.php:34
msgid "Rate us"
msgstr "Оцени ни"
#: views/dashboard.php:35
msgid "Tell us what you think about this plugin"
msgstr "Кажете ни какво мислите за този плъгин"
#: views/dashboard.php:35
msgid "writing a review"
msgstr "като напишете ревю"
#: views/dashboard.php:36
msgid "Contribution"
msgstr "Принос"
#: views/dashboard.php:37
msgid "Help us to continue developing this plugin with a small donation."
msgstr "Помогнете ни да продължим да развиваме този плъгин с малко дарение."
#: views/category.php:8
msgid "Header"
msgstr "Хедър"
#: views/category.php:9
msgid "Value"
msgstr "Стойност"
#: views/category.php:10
msgid "Status"
msgstr "Статус"
#: views/category.php:230
msgid "Edit"
msgstr "Редактирай"
#: views/category.php:223
msgid "On"
msgstr "Вкл."
#: views/category.php:223
msgid "Off"
msgstr "Изкл."
#: views/advanced.php:10
msgid "Default mode"
msgstr "Режим по подразбиране"
#: views/advanced.php:11
msgid "Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method."
msgstr "Режима по подразбиране представлява технологията с която този плъгин изпраща хедърите. Използвайте PHP само ако никоя от останалите технологии не е налична."
#: views/advanced.php:20
msgid "Use PHP to send headers (deprecated)"
msgstr "PHP режим"
#: views/advanced.php:21
msgid "Use Apache (mod_headers) to send headers"
msgstr "Apache режим (препоръчва се)"
#: views/advanced.php:40
msgid "Export"
msgstr "Експорт"
#: views/advanced.php:41
msgid "Export the plugin current state of settings for later use if recovery needs."
msgstr "Експортирайте текущото състояние на настройките на плъгина за по-нататъшна употреба, ако е необходимо възстановяване."
#: views/advanced.php:46
msgid "Export settings"
msgstr "Експортирай настройките"
#: views/advanced.php:51
msgid "Import"
msgstr "Импорт"
#: views/advanced.php:52
msgid "Import a previously saved state of settings."
msgstr "Възстановяване на предварително запазено състояние на настройките."
#: views/advanced.php:58
msgid "Import settings"
msgstr "Импортирай"
#: views/advanced.php:58
msgid "Choose file..."
msgstr "Избери файл..."
#: views/access-control-allow-credentials.php:3
msgid "The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true."
msgstr "Access-Control-Allow-Credentials хедъра посочва дали в отговор на заявка може да се съдържат идентификационни данни."
#: views/access-control-allow-credentials.php:10
msgid "Read more at"
msgstr "Прочети повече на"
#: views/access-control-allow-credentials.php:11
msgid "MDN Web Docs"
msgstr "MDN Web Docs"
#: views/access-control-allow-headers.php:3
msgid "The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request."
msgstr "Access-Control-Allow-Headers хедъра се връща от сървъра в отговор на preflight заявка и информира браузъра за HTTP хедърите които могат да се използват в действителната заявка."
#: views/access-control-allow-methods.php:3
msgid "The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request."
msgstr "Access-Control-Allow-Methods хедъра се връща от сървъра в отговор на preflight заявка и информира браузъра за HTTP методите които могат да се използват в действителната заявка."
#: views/access-control-allow-origin.php:3
msgid "The Access-Control-Allow-Origin header indicates whether a resource can be shared."
msgstr "Access-Control-Allow-Origin хедъра посочва дали един ресурс (например шрифт) може да се ползва от външни origins и кои са позволените такива."
#: views/access-control-allow-origin.php:65
msgid "Add origin"
msgstr "Добави origin"
#: views/access-control-expose-headers.php:3
msgid "The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing."
msgstr "Access-Control-Expose-Headers хедъра носи информация за хедърите които браузърите биха могли да позволят достъп до тях."
#: views/access-control-max-age.php:3
msgid "The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached."
msgstr "Access-Control-Max-Age хедъра показва колко време резултатът от preflight искането може да бъде кеширан."
#: views/age.php:3
msgid "The Age header contains the time in seconds the object has been in a proxy cache."
msgstr "Age хедъра съдържа времето в секунди които обектът е бил в кеша на прокси сървъра. Приема само положителни цели числа и обикновено е близо до 0."
#: views/age.php:21
msgid "seconds"
msgstr "секунди"
#: views/cache-control.php:3
msgid "The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response."
msgstr "Cache-Control хедъра се използва за уточняване на директивите за механизмите на кеширане, както в исканията, така и в отговорите. Директивите за кеширането са еднопосочни, което означава, че дадена директива в искането не означава, че в отговора трябва да бъде върната същата директива."
#: views/connection.php:3
msgid "The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done."
msgstr "Connection хедъра контролира дали мрежовата връзка да остане отворена след завършване на текущата транзакция. Ако изпратената стойност е 'keep-alive', връзката е постоянна и не се затваря, което позволява да бъдат извършени последващите заявки към същия сървър."
#: views/content-encoding.php:3
msgid "Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs."
msgstr "Компресирането е важен начин за увеличаване на ефективността на един уеб сайт. За някои документи, намаляването на размера им до 70% понижава нуждата от по-висок капацитет на честотната лента."
#: views/content-encoding.php:28
msgid "Module"
msgstr "Модул"
#: views/content-encoding.php:53
msgid "By content type"
msgstr "По съдържание"
#: views/content-encoding.php:98
msgid "By extension"
msgstr "По разширение"
#: views/content-security-policy.php:6
msgid "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
msgstr "Content Security Policy (CSP) хедъра е допълнителен слой за сигурност, който помага за откриването и смекчаването на определени видове атаки, включително Cross Site Scripting (XSS) и атаки с инжектиране на данни. Тези атаки се използват за всичко, от кражбата на данни до site defacement (частична или пълна подмяна на сайта) или разпространението на злонамерен софтуер."
#: views/content-security-policy.php:32
msgid "Directive"
msgstr "Директива"
#: views/content-security-policy.php:12
msgid "for reporting-only purposes"
msgstr "генерира само отчет/доклад"
#: views/content-type.php:8
msgid "The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff."
msgstr "Content-Type хедъра се използва за посочване на типа медия на ресурса. В отговорите на сървъра, Content-Type хедъра казва на клиента какъв всъщност е типа на върнатото съдържание. Браузърите ще направят MIME проврека в някои случаи и не е задължително да следват стойността на този хедър; за да се предотврати това поведение, хедъра X-Content-Type-Options може да бъде настроен с nosniff стойността."
#: views/cookie-security.php:8
msgid "A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol."
msgstr "Сигурните (Secure) 'бисквитки' се изпращат към сървъра само при криптирани заявки чрез HTTPS протокола."
#: views/cookie-security.php:9
msgid "To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server."
msgstr "За да се предотвратят атаки между сървъри (XSS), HttpOnly 'бисквитките' са недостъпни за JavaScript's Document.cookie API; те се изпращат само до сървъра."
#: views/cookie-security.php:10
msgid "SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks."
msgstr "SameSite не позволява на браузъра да изпраща 'бисквитката' заедно с cross-site заявки. Основната цел е да се намали рискът от изтичане на информация от различни източници. Също така осигурява известна защита срещу CSRF атаки."
#: views/cookie-security.php:45
msgid "(PHP 7.3+ only)"
msgstr "(поддържа се само от PHP 7.3+)"
#: views/cross-origin-resource-policy.php:8
msgid "The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource."
msgstr "HTTP Cross-Origin-Resource-Policy хедъра изразява желание браузърът да блокира no-cors cross-origin/cross-site заявки за даден ресурс."
#: views/cross-origin-embedder-policy.php:8
msgid "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)."
msgstr "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)."
#: views/cross-origin-opener-policy.php:8
msgid "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents."
msgstr "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents."
#: views/cross-origin-opener-policy.php:9
msgid "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks."
msgstr "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks."
#: views/cross-origin-opener-policy.php:10
msgid "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations."
msgstr "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations."
#: views/custom-headers.php:3
msgid "Common non-standard response fields:"
msgstr "Често срещани нестандартни хедъри:"
#: views/custom-headers.php:73
msgid "Add header"
msgstr "Добави хедър"
#: views/custom-headers.php:66
msgid "Delete"
msgstr "Изтрий"
#: views/expect-ct.php:3
msgid "Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs."
msgstr "Expect-CT е хедър, който позволява на сайтовете да се включат в отчитането и/или изпълнението на изискванията за прозрачност на сертификатите, което пречи на използването на невалидни сертификати за този сайт да останат незабелязани. Когато даден сайт активира заглавката Expect-CT, те искат Chrome да провери дали всеки сертификат за този сайт фигурира в обществени CT регистри."
#: views/expires.php:3
msgid "The Expires header contains the date/time after which the response is considered stale."
msgstr "Expires хедъра съдържа датата и времето след което отговорът се счита за остарял."
#: views/expires.php:4
msgid "Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired."
msgstr "Невалидни дати, като стойноста 0, представляват дата в миналото и означават, че ресурсът вече е изтекъл."
#: views/expires.php:5
msgid "If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored."
msgstr "Ако в отговора има 'Cache-Control' хедър с една от директивите 'max-age' или 's-max-age', тогава Expires хедъра се игнорира."
#: views/expires.php:6
msgid "* Works only in Apache mode"
msgstr "* Работи само в режим Apache"
#: views/feature-policy.php:8
msgid "With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser's default behavior for certain features."
msgstr "С Feature Policy хедъра се присъединявате към набор от правила, които браузърът може да прилага по отношение на конкретни функции, използвани в сайта Ви. Тези правила ограничават какви API може да има достъп до сайта или да променя поведението му по подразбиране за определени функции."
#: views/p3p.php:3
msgid "The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users."
msgstr "P3P е протокол, позволяващ на уебсайтовете да декларират предназначението на информацията, която събират за уеб потребителите."
#: views/pragma.php:3
msgid "The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present."
msgstr "Pragma хедъра, част от HTTP/1.0 протокола, е специфичен за внедряване, който може да има различни ефекти по веригата на заявка-отговор. Използва се за обратна съвместимост с HTTP/1.0 кеширане, където Cache-Control хедъра, част от HTTP/1.1 протокола, все още не е налице."
#: views/referrer-policy.php:3
msgid "The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made."
msgstr "Referrer-Policy хедъра указва коя референтна информация, изпратена в Referer хедъра, трябва да бъде включена при направени заявки."
#: views/nel.php:8
msgid "Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers."
msgstr "Network Error Logging е механизъм, който може да бъде конфигуриран чрез NEL хедъра. Този експериментален хедър позволява на уебсайтовете и приложенията да се включат, за да получават отчети за неуспешни (и по желание успешни) мрежови заявки от поддържащи браузъри."
#: views/report-to.php:3
msgid "The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin."
msgstr "Report-To хедъра казва на потребителския агент (браузър) да съхранява крайните точки за отчитане за даден origin."
#: views/report-to.php:110
msgid "Add endpoint"
msgstr "Добави крайна точка"
#: views/report-to.php:114
msgid "Remove endpoint"
msgstr "Премахни крайна точка"
#: views/report-to.php:126
msgid "Remove group"
msgstr "Премахни група"
#: views/report-to.php:171
msgid "Add endpoint group"
msgstr "Добави група"
#: views/strict-transport-security.php:3
msgid "HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings."
msgstr "HTTP Strict-Transport-Security (HSTS) налага сигурни (HTTP over SSL/TLS) връзки към сървъра. Това намалява въздействието на бъгове в уеб приложенията, изтичащи сесийни данни чрез 'бисквитки' и външни връзки и защитава срещу атаки от вида 'човек-в-средата' (Man-in-the-middle). HSTS също така забранява възможността потребителят да пренебрегва предупрежденията за преговори по SSL."
#: views/timing-allow-origin.php:3
msgid "The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources."
msgstr "Timing-Allow-Origin хедъра показва дали даден ресурс предоставя пълната информация за времето. SEO инструментите използват Resource Timing API, за да анализират скоростта и теглото на ресурсите на уеб страниците."
#: views/vary.php:3
msgid "The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm."
msgstr "Vary хедъра определя как да се сравняват хедърите на бъдещите заявки, за да се реши дали може да се използва кеширана заявка, а не да се поиска нова от сървъра. Той се използва от сървъра, за да посочи кои хедъри използва при избора на представяне на ресурс в алгоритъма за договаряне на съдържание."
#: views/www-authenticate.php:3
msgid "HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header."
msgstr "HTTP поддържа няколко механизма за удостоверяване, за да контролира достъпа до страници и други ресурси. Всички тези механизми се основават на използването на 401 кода на състоянието и на WWW-Authenticate хедъра."
#: views/www-authenticate.php:79
msgid "Add user"
msgstr "Добави потребител"
#: views/www-authenticate.php:43
msgid "Username"
msgstr "Потребител"
#: views/www-authenticate.php:44
msgid "Password"
msgstr "Парола"
#: views/x-content-type-options.php:3
msgid "Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files."
msgstr "Предотвратява Internet Explorer и Google Chrome от MIME-sniffing на отговор извън обявения тип съдържание. Това важи и за Google Chrome, когато изтегляте разширения. Това намалява излагането на атаки за изтегляне и страници, показващи качено от потребителите съдържание, което чрез подходящо име може да бъде третирано от MSIE като изпълним или динамичен HTML файл."
#: views/x-dns-prefetch-control.php:3
msgid "The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth."
msgstr "X-DNS-Prefetch-Control хедъра контролира предварителното изтегляне на DNS - функция, чрез която браузърите проактивно преобразуват домейн име към IP адрес и на двете: линкове, които потребителят може да последва, както и URL адреси за елементите, посочени от документа, включително изображения, CSS, JavaScript и т.н."
#: views/x-dns-prefetch-control.php:4
msgid "This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link."
msgstr "Това предварително зареждане се извършва във фонов режим, така че DNS е вероятно да бъде resolved до момента, в който са необходими референтните елементи. Това намалява латентността, когато потребителят кликне върху връзка."
#: views/x-download-options.php:3
msgid "For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site's security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection."
msgstr "За уеб приложения, които трябва да обслужват ненадеждни HTML файлове, Microsoft IE въведе механизъм за предотвратяване на несигурното съдържание от компрометиране на сигурността на сайта ви. Когато X-Download-Options хедъра е налице със стойността noopen, потребителят е възпрепятстван да отваря директно файл за изтегляне; вместо това те трябва първо да запазят файла локално. Когато локално запазеният файл се отвори по-късно, той вече не се изпълнява в контекста за сигурност на вашия сайт, което помага да се предотврати инжектирането на скриптове."
#: views/x-frame-options.php:3
msgid "This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks."
msgstr "Този хедър може за се използва за индикация дали е позволено на браузъра да зарежда страница в &lt;frame&gt;, &lt;iframe&gt; или &lt;object&gt;. Използвайте този хедър за да избегнете clickjacking атаки."
#: views/x-permitted-cross-domain-policies.php:3
msgid "A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains."
msgstr "Файла полица за кръстосани домейни е XML документ, който предоставя на уеб клиент като Adobe Flash Player или Adobe Acrobat разрешение за обработка на данни между домейни."
#: views/x-powered-by.php:3
msgid "Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version."
msgstr "Определя технологията (например ASP.NET, PHP, JBoss, Express), поддържаща уеб приложението, т.е. скрипт езика. Препоръчително е да го премахнете или да предоставите подвеждаща информация, за да отклоните хакери, които биха могли да се насочат към определена технология/версия."
#: views/x-robots-tag.php:8
msgid 'The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.'
msgstr 'X-Robots-Tag HTTP хедъра се използва, за да покаже как да се индексира уеб страница в резултатите от публичната търсачка. Хедъра е ефективно еквивалентен на <code>&lt;meta name="robots" content="..."&gt;</code>.'
#: views/x-robots-tag.php:11
msgid "Google Search Central"
msgstr "Google Search Central"
#: views/x-ua-compatible.php:3
msgid "In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser."
msgstr "В някои случаи може да е необходимо да ограничите уеб страница до режим на документи, поддържан от по-стара версия на Windows Internet Explorer. X-UA-Compatible хедъра позволява на уеб страницата да се показва така, сякаш е била разглеждана от по-ранна версия на браузъра."
#: views/x-xss-protection.php:3
msgid "This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user."
msgstr "Този хедър активира вградения филтър за Cross-site scripting (XSS) в най-новите уеб браузъри. Обикновено това е активирано по подразбиране така, че ролята на този хедър е да активира отново филтъра за този конкретен уебсайт, ако е бил деактивиран от потребителя."
#: views/inspect.php:19
msgid "Use this tool to inspect the HTTP headers of your website or your competitor's website."
msgstr "Използвайте този инструмент, за да проверите HTTP хедърите на уебсайта си или уебсайта на вашия конкурент."
#: views/inspect.php:35
msgid "Auth Type"
msgstr "Тип удостоверяване"
#: views/inspect.php:52
msgid "Inspect"
msgstr "Провери"
#: views/ajax.php:123
msgid "Category"
msgstr "Категория"
#: views/ajax.php:118
msgid "Missing headers"
msgstr "Липсващи хедъри"
#: views/ajax.php:72
msgid "Response headers"
msgstr "Хедъри в отговора"
#: views/ajax.php:45
msgid "HTTP status"
msgstr "HTTP статус"
#: views/ajax.php:17
msgid "URL malformed"
msgstr "Неправилен URL"
#: http-headers.php:1110
msgid "Settings"
msgstr "Настройки"
\ No newline at end of file
# Copyright (C) 2017 HTTP Headers
# This file is distributed under the same license as the HTTP Headers package.
msgid ""
msgstr ""
"Project-Id-Version: HTTP Headers\n"
"POT-Creation-Date: 2017-17-12 19:26:00+02:00\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"MIME-Version: 1.0\n"
"Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/http-headers\n"
"PO-Revision-Date: 2017-17-12 19:26:00+02:00\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
#: views/includes/config.inc.php:2
msgid "Off"
msgstr ""
#: views/includes/config.inc.php:2
msgid "On"
msgstr ""
#: views/includes/config.inc.php:5
msgid "Security"
msgstr ""
#: views/includes/config.inc.php:6
msgid "Access control"
msgstr ""
#: views/includes/config.inc.php:7
msgid "Authentication"
msgstr ""
#: views/includes/config.inc.php:8
msgid "Compression"
msgstr ""
#: views/includes/config.inc.php:9
msgid "Caching"
msgstr ""
#: views/includes/config.inc.php:10
msgid "Miscellaneous"
msgstr ""
#: views/includes/breadcrumbs.inc.php:2
msgid "Dashboard"
msgstr ""
#: views/includes/breadcrumbs.inc.php:11
msgid "Advanced settings"
msgstr ""
#: views/includes/breadcrumbs.inc.php:13
msgid "Inspect headers"
msgstr ""
#: views/index.php:13
msgid "Error!"
msgstr ""
#: views/index.php:16
msgid "The following file was not found. Please make sure the file exists and has write permissions:"
msgstr ""
#: views/index.php:18
msgid "Please make sure the following file has write permissions:"
msgstr ""
#: views/index.php:28
msgid "Warning!"
msgstr ""
#: views/index.php:40
msgid "Quick links"
msgstr ""
#: views/index.php:41
msgid "Getting started"
msgstr ""
#: views/index.php:43
msgid "Manual setup"
msgstr ""
#: views/dashboard.php:47
msgid "Donate"
msgstr ""
#: views/dashboard.php:34
msgid "Rate us"
msgstr ""
#: views/dashboard.php:35
msgid "Tell us what you think about this plugin"
msgstr ""
#: views/dashboard.php:35
msgid "writing a review"
msgstr ""
#: views/dashboard.php:36
msgid "Contribution"
msgstr ""
#: views/dashboard.php:37
msgid "Help us to continue developing this plugin with a small donation."
msgstr ""
#: views/category.php:8
msgid "Header"
msgstr ""
#: views/category.php:9
msgid "Value"
msgstr ""
#: views/category.php:10
msgid "Status"
msgstr ""
#: views/category.php:230
msgid "Edit"
msgstr ""
#: views/category.php:223
msgid "On"
msgstr ""
#: views/category.php:223
msgid "Off"
msgstr ""
#: views/advanced.php:10
msgid "Default mode"
msgstr ""
#: views/advanced.php:11
msgid "Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method."
msgstr ""
#: views/advanced.php:20
msgid "Use PHP to send headers (deprecated)"
msgstr ""
#: views/advanced.php:21
msgid "Use Apache (mod_headers) to send headers"
msgstr ""
#: views/advanced.php:40
msgid "Export"
msgstr ""
#: views/advanced.php:41
msgid "Export the plugin current state of settings for later use if recovery needs."
msgstr ""
#: views/advanced.php:46
msgid "Export settings"
msgstr ""
#: views/advanced.php:51
msgid "Import"
msgstr ""
#: views/advanced.php:52
msgid "Import a previously saved state of settings."
msgstr ""
#: views/advanced.php:58
msgid "Import settings"
msgstr ""
#: views/advanced.php:58
msgid "Choose file..."
msgstr ""
#: views/access-control-allow-credentials.php:3
msgid "The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true."
msgstr ""
#: views/access-control-allow-credentials.php:10
msgid "Read more at"
msgstr ""
#: views/access-control-allow-credentials.php:11
msgid "MDN Web Docs"
msgstr ""
#: views/access-control-allow-headers.php:3
msgid "The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request."
msgstr ""
#: views/access-control-allow-methods.php:3
msgid "The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request."
msgstr ""
#: views/access-control-allow-origin.php:3
msgid "The Access-Control-Allow-Origin header indicates whether a resource can be shared."
msgstr ""
#: views/access-control-allow-origin.php:65
msgid "Add origin"
msgstr ""
#: views/access-control-expose-headers.php:3
msgid "The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing."
msgstr ""
#: views/access-control-max-age.php:3
msgid "The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached."
msgstr ""
#: views/age.php:3
msgid "The Age header contains the time in seconds the object has been in a proxy cache."
msgstr ""
#: views/age.php:21
msgid "seconds"
msgstr ""
#: views/cache-control.php:3
msgid "The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response."
msgstr ""
#: views/connection.php:3
msgid "The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done."
msgstr ""
#: views/content-encoding.php:3
msgid "Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs."
msgstr ""
#: views/content-encoding.php:28
msgid "Module"
msgstr ""
#: views/content-encoding.php:53
msgid "By content type"
msgstr ""
#: views/content-encoding.php:98
msgid "By extension"
msgstr ""
#: views/content-security-policy.php:6
msgid "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
msgstr ""
#: views/content-security-policy.php:32
msgid "Directive"
msgstr ""
#: views/content-security-policy.php:12
msgid "for reporting-only purposes"
msgstr ""
#: views/content-type.php:8
msgid "The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff."
msgstr ""
#: views/cookie-security.php:8
msgid "A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol."
msgstr ""
#: views/cookie-security.php:9
msgid "To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server."
msgstr ""
#: views/cookie-security.php:10
msgid "SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks."
msgstr ""
#: views/cookie-security.php:45
msgid "(PHP 7.3+ only)"
msgstr ""
#: views/cross-origin-resource-policy.php:8
msgid "The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource."
msgstr ""
#: views/cross-origin-embedder-policy.php:8
msgid "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)."
msgstr ""
#: views/cross-origin-opener-policy.php:8
msgid "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents."
msgstr ""
#: views/cross-origin-opener-policy.php:9
msgid "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks."
msgstr ""
#: views/cross-origin-opener-policy.php:10
msgid "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations."
msgstr ""
#: views/custom-headers.php:3
msgid "Common non-standard response fields:"
msgstr ""
#: views/custom-headers.php:73
msgid "Add header"
msgstr ""
#: views/custom-headers.php:66
msgid "Delete"
msgstr ""
#: views/expect-ct.php:3
msgid "Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs."
msgstr ""
#: views/expires.php:3
msgid "The Expires header contains the date/time after which the response is considered stale."
msgstr ""
#: views/expires.php:4
msgid "Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired."
msgstr ""
#: views/expires.php:5
msgid "If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored."
msgstr ""
#: views/expires.php:6
msgid "* Works only in Apache mode"
msgstr ""
#: views/feature-policy.php:8
msgid "With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser's default behavior for certain features."
msgstr ""
#: views/p3p.php:3
msgid "The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users."
msgstr ""
#: views/pragma.php:3
msgid "The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present."
msgstr ""
#: views/referrer-policy.php:3
msgid "The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made."
msgstr ""
#: views/nel.php:8
msgid "Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers."
msgstr ""
#: views/report-to.php:3
msgid "The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin."
msgstr ""
#: views/report-to.php:110
msgid "Add endpoint"
msgstr ""
#: views/report-to.php:114
msgid "Remove endpoint"
msgstr ""
#: views/report-to.php:126
msgid "Remove group"
msgstr ""
#: views/report-to.php:171
msgid "Add endpoint group"
msgstr ""
#: views/strict-transport-security.php:3
msgid "HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings."
msgstr ""
#: views/timing-allow-origin.php:3
msgid "The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources."
msgstr ""
#: views/vary.php:3
msgid "The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm."
msgstr ""
#: views/www-authenticate.php:3
msgid "HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header."
msgstr ""
#: views/www-authenticate.php:79
msgid "Add user"
msgstr ""
#: views/www-authenticate.php:43
msgid "Username"
msgstr ""
#: views/www-authenticate.php:44
msgid "Password"
msgstr ""
#: views/x-content-type-options.php:3
msgid "Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files."
msgstr ""
#: views/x-dns-prefetch-control.php:3
msgid "The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth."
msgstr ""
#: views/x-dns-prefetch-control.php:4
msgid "This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link."
msgstr ""
#: views/x-download-options.php:3
msgid "For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site’s security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection."
msgstr ""
#: views/x-frame-options.php:3
msgid "This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks."
msgstr ""
#: views/x-permitted-cross-domain-policies.php:3
msgid "A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains."
msgstr ""
#: views/x-powered-by.php:3
msgid "Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version."
msgstr ""
#: views/x-robots-tag.php:8
msgid 'The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.'
msgstr ""
#: views/x-robots-tag.php:11
msgid "Google Search Central"
msgstr ""
#: views/x-ua-compatible.php:3
msgid "In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser."
msgstr ""
#: views/x-xss-protection.php:3
msgid "This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user."
msgstr ""
#: views/inspect.php:19
msgid "Use this tool to inspect the HTTP headers of your website or your competitor's website."
msgstr ""
#: views/inspect.php:35
msgid "Auth Type"
msgstr ""
#: views/inspect.php:52
msgid "Inspect"
msgstr ""
#: views/ajax.php:123
msgid "Category"
msgstr ""
#: views/inspect.php:52
msgid "Inspect"
msgstr ""
#: views/ajax.php:118
msgid "Missing headers"
msgstr ""
#: views/ajax.php:72
msgid "Response headers"
msgstr ""
#: views/ajax.php:45
msgid "HTTP Status"
msgstr ""
#: views/ajax.php:17
msgid "URL malformed"
msgstr ""
#: http-headers.php:1110
msgid "Settings"
msgstr ""
\ No newline at end of file
<?php
// If uninstall is not called from WordPress, exit
if ( !defined( 'WP_UNINSTALL_PLUGIN' ) ) {
exit();
}
$options = include dirname(__FILE__) . '/views/includes/options.inc.php';
foreach ($options as $option)
{
delete_option( $option[0] );
}
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Credentials
<p class="description"><?php _e('The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Credentials</legend>
<?php
$access_control_allow_credentials = get_option('hh_access_control_allow_credentials', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_credentials" value="<?php echo $k; ?>"<?php checked($access_control_allow_credentials, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acac' ); ?>
<?php do_settings_sections( 'http-headers-acac' ); ?>
<select name="hh_access_control_allow_credentials_value" class="http-header-value"<?php echo $access_control_allow_credentials == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('true');
$access_control_allow_credentials_value = get_option('hh_access_control_allow_credentials_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($access_control_allow_credentials_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Headers
<p class="description"><?php _e('The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Credentials</legend>
<?php
$access_control_allow_headers = get_option('hh_access_control_allow_headers', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_headers" value="<?php echo $k; ?>"<?php checked($access_control_allow_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acah' ); ?>
<?php do_settings_sections( 'http-headers-acah' ); ?>
<table><tbody><tr>
<?php
$access_control_allow_headers_value = get_option('hh_access_control_allow_headers_value');
if (!$access_control_allow_headers_value)
{
$access_control_allow_headers_value = array();
}
$i = 0;
array_unshift($headers_list, '*');
foreach ($headers_list as $item) {
if (in_array($item, $cors_safe_request_headers)) {
continue;
}
if ($i % 3 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_access_control_allow_headers_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_allow_headers_value) ? NULL : ' checked'; ?><?php echo $access_control_allow_headers == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
$i += 1;
}
?>
</tr></tbody></table>
<table><tbody>
<?php
$access_control_allow_headers_custom = get_option('hh_access_control_allow_headers_custom');
if (is_array($access_control_allow_headers_custom))
{
foreach ($access_control_allow_headers_custom as $header)
{
?>
<tr>
<td><input type="text" name="hh_access_control_allow_headers_custom[]"
class="http-header-value" size="35"
value="<?php echo esc_attr($header); ?>"<?php echo $access_control_allow_headers == 1 ? NULL : ' readonly'; ?> />
</td>
<td>
<button type="button" class="button button-small hh-btn-delete-ac"
title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button>
</td>
</tr>
<?php
}
}
?>
<tr>
<td colspan="2">
<button type="button" class="button hh-btn-add-ac" data-name="hh_access_control_allow_headers_custom[]">+ <?php _e('Add header', 'http-headers'); ?></button>
</td>
</tr>
</tbody></table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Methods
<p class="description"><?php _e('The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Methods</legend>
<?php
$access_control_allow_methods = get_option('hh_access_control_allow_methods', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_methods" value="<?php echo $k; ?>"<?php checked($access_control_allow_methods, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acam' ); ?>
<?php do_settings_sections( 'http-headers-acam' ); ?>
<?php
$items = array('*', 'GET', 'POST', 'OPTIONS', 'HEAD', 'PUT', 'DELETE', 'TRACE', 'CONNECT', 'PATCH');
$access_control_allow_methods_value = get_option('hh_access_control_allow_methods_value');
if (!$access_control_allow_methods_value)
{
$access_control_allow_methods_value = array();
}
foreach ($items as $item)
{
?><p><label><input type="checkbox" class="http-header-value" name="hh_access_control_allow_methods_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_allow_methods_value) ? NULL : ' checked'; ?><?php echo $access_control_allow_methods == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></p><?php
}
?>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Allow-Origin
<p class="description"><?php _e('The Access-Control-Allow-Origin header indicates whether a resource can be shared.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Allow-Origin</legend>
<?php
$access_control_allow_origin = get_option('hh_access_control_allow_origin', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_origin" value="<?php echo $k; ?>"<?php checked($access_control_allow_origin, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acao' ); ?>
<?php do_settings_sections( 'http-headers-acao' ); ?>
<?php
$access_control_allow_origin_url = get_option('hh_access_control_allow_origin_url');
if (is_scalar($access_control_allow_origin_url))
{
$access_control_allow_origin_url = array($access_control_allow_origin_url);
}
if (!is_array($access_control_allow_origin_url))
{
$access_control_allow_origin_url = array(NULL);
}
?>
<table>
<tr>
<td>
<select name="hh_access_control_allow_origin_value" class="http-header-value"<?php echo $access_control_allow_origin == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('*', 'origin', 'null');
$access_control_allow_origin_value = get_option('hh_access_control_allow_origin_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($access_control_allow_origin_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
<td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>"><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr(@$access_control_allow_origin_url[0]); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
<td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">&nbsp;</td>
</tr>
<?php
foreach ($access_control_allow_origin_url as $i => $url)
{
if ($i == 0)
{
continue;
}
?>
<tr class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
<td>&nbsp;</td>
<td><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr($url); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
<td><button type="button" class="button button-small hh-btn-delete-origin" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
</tr>
<?php
}
?>
<tr class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
<td>&nbsp;</td>
<td><button type="button" class="button hh-btn-add-origin">+ <?php _e('Add origin', 'http-headers'); ?></button></td>
<td>&nbsp;</td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Expose-Headers
<p class="description"><?php _e('The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Expose-Headers</legend>
<?php
$access_control_expose_headers = get_option('hh_access_control_expose_headers', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_expose_headers" value="<?php echo $k; ?>"<?php checked($access_control_expose_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-aceh' ); ?>
<?php do_settings_sections( 'http-headers-aceh' ); ?>
<?php
$access_control_expose_headers_value = get_option('hh_access_control_expose_headers_value');
if (!$access_control_expose_headers_value)
{
$access_control_expose_headers_value = array();
}
?>
<table><tbody><tr>
<?php
$i = 0;
array_unshift($headers_list, '*');
foreach ($headers_list as $item) {
if (in_array($item, $cors_safe_response_headers) || in_array($item, $cors_safe_request_headers))
{
continue;
}
if ($i % 3 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_access_control_expose_headers_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_expose_headers_value) ? NULL : ' checked'; ?><?php echo $access_control_expose_headers == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
$i += 1;
}
?>
</tr>
</tbody></table>
<table><tbody>
<?php
$access_control_expose_headers_custom = get_option('hh_access_control_expose_headers_custom');
if (is_array($access_control_expose_headers_custom))
{
foreach ($access_control_expose_headers_custom as $header)
{
?>
<tr>
<td><input type="text" name="hh_access_control_expose_headers_custom[]" class="http-header-value" size="35" value="<?php echo esc_attr($header); ?>"<?php echo $access_control_expose_headers == 1 ? NULL : ' readonly'; ?> /></td>
<td><button type="button" class="button button-small hh-btn-delete-ac" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
</tr>
<?php
}
}
?>
<tr>
<td colspan="2">
<button type="button" class="button hh-btn-add-ac" data-name="hh_access_control_expose_headers_custom[]">+ <?php _e('Add header', 'http-headers'); ?></button>
</td>
</tr>
</tbody></table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Access-Control-Max-Age
<p class="description"><?php _e('The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Access-Control-Max-Age</legend>
<?php
$access_control_max_age = get_option('hh_access_control_max_age', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_access_control_max_age" value="<?php echo $k; ?>"<?php checked($access_control_max_age, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-acma' ); ?>
<?php do_settings_sections( 'http-headers-acma' ); ?>
<input type="text" name="hh_access_control_max_age_value" class="http-header-value" value="<?php echo esc_attr(get_option('hh_access_control_max_age_value')); ?>"<?php echo $access_control_max_age == 1 ? NULL : ' checked'; ?>>
<?php _e('seconds', 'http-headers'); ?>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<form method="post" action="options.php" accept-charset="utf-8">
<?php settings_fields( 'http-headers-mtd' ); ?>
<?php do_settings_sections( 'http-headers-mtd' ); ?>
<div style="overflow: hidden">
<div style="float: left; width: 49%">
<table class="hh-index-table">
<thead>
<tr>
<th>Directive</th>
<th>Value</th>
</tr>
</thead>
<tbody>
<tr class="active">
<td>PHP version</td>
<td><?php echo PHP_VERSION; ?></td>
</tr>
<tr class="active">
<td>Server Software</td>
<td><?php echo getenv('SERVER_SOFTWARE'); ?></td>
</tr>
<tr class="active">
<td>Server API</td>
<td><?php echo PHP_SAPI; ?></td>
</tr>
<tr class="active">
<td>user_ini.filename</td>
<td><?php echo ini_get('user_ini.filename'); ?></td>
</tr>
</tbody>
</table>
</div>
<section class="hh-panel" style="float: right; width: 49%; box-sizing: border-box; margin: 0">
<table style="width: 100%">
<thead>
<tr>
<th colspan="2" style="text-align: left"><?php _e('Setup Location', 'http-headers'); ?></th>
</tr>
</thead>
<tbody>
<tr>
<td>Location of <code>.htaccess</code></td>
<td><input type="text" name="hh_htaccess_path" placeholder="<?php echo get_home_path(); ?>.htaccess" style="width: 100%" value="<?php echo get_option('hh_htaccess_path'); ?>"></td>
</tr>
<tr>
<td>Location of <code>.user.ini</code></td>
<td><input type="text" name="hh_user_ini_path" placeholder="<?php echo get_home_path(); ?>.user.ini" style="width: 100%" value="<?php echo get_option('hh_user_ini_path'); ?>"></td>
</tr>
<tr>
<td>Location of <code>.hh-htpasswd</code></td>
<td><input type="text" name="hh_htpasswd_path" placeholder="<?php echo get_home_path(); ?>.hh-htpasswd" style="width: 100%" value="<?php echo get_option('hh_htpasswd_path'); ?>"></td>
</tr>
<tr>
<td>Location of <code>.hh-htdigest</code></td>
<td><input type="text" name="hh_htdigest_path" placeholder="<?php echo get_home_path(); ?>.hh-htdigest" style="width: 100%" value="<?php echo get_option('hh_htdigest_path'); ?>"></td>
</tr>
<tr>
<td></td>
<td><?php submit_button(null, 'primary', null, false); ?></td>
</tr>
</tbody>
</table>
</section>
</div>
<section class="hh-panel">
<table class="form-table hh-table">
<tbody>
<tr valign="top">
<th scope="row"><?php _e('Default mode', 'http-headers'); ?>
<p class="description"><?php _e('Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method.', 'http-headers'); ?></p>
</th>
<td>&nbsp;</td>
<td>
<fieldset>
<?php
$items = array(
'php' => __('Use PHP to send headers (deprecated)', 'http-headers'),
'htaccess' => __('Use Apache (mod_headers) to send headers', 'http-headers'),
);
$method = get_option('hh_method');
foreach ($items as $key => $val) {
?><p><label><input type="radio" name="hh_method" value="<?php echo $key; ?>"<?php checked($method, $key, true); ?>><?php echo $val; ?></label></p><?php
}
?>
</fieldset>
</td>
</tr>
</tbody>
</table>
<?php submit_button(); ?>
</section>
</form>
<section class="hh-panel">
<table class="form-table hh-table">
<tbody>
<tr valign="top">
<th scope="row"><?php _e('Export', 'http-headers'); ?>
<p class="description"><?php _e('Export the plugin current state of settings for later use if recovery needs.', 'http-headers'); ?></p>
</th>
<td>&nbsp;</td>
<td>
<fieldset>
<form method="post" action="<?php echo admin_url('admin-post.php'); ?>" target="_blank">
<?php wp_nonce_field('export'); ?>
<input type="hidden" name="action" value="export">
<button type="submit" class="button button-primary"><?php _e('Export settings', 'http-headers'); ?></button>
</form>
</fieldset>
</td>
</tr>
<tr valign="top">
<th scope="row"><?php _e('Import', 'http-headers'); ?>
<p class="description"><?php _e('Import a previously saved state of settings.', 'http-headers'); ?></p>
</th>
<td>&nbsp;</td>
<td>
<fieldset>
<form method="post" action="<?php echo admin_url('admin-post.php'); ?>" enctype="multipart/form-data">
<?php wp_nonce_field('import'); ?>
<input type="hidden" name="action" value="import">
<input type="file" name="file" id="hh-import-file" class="hh-hidden">
<div class="button-group">
<button type="button" class="button hh-btn-import-choose"><?php _e('Choose file...', 'http-headers'); ?></button>
<button type="submit" class="button button-primary"><?php _e('Import settings', 'http-headers'); ?></button>
</div>
<p id="hh-import-name"></p>
</form>
</fieldset>
</td>
</tr>
</tbody>
</table>
</section>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Age
<p class="description"><?php _e('The Age header contains the time in seconds the object has been in a proxy cache.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Age"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Age</legend>
<?php
$age = get_option('hh_age', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_age" value="<?php echo $k; ?>"<?php checked($age, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-age' ); ?>
<?php do_settings_sections( 'http-headers-age' ); ?>
<input type="text" name="hh_age_value" class="http-header-value" size="5" value="<?php echo esc_attr(get_option('hh_age_value')); ?>"<?php echo $age == 1 ? NULL : ' checked'; ?>>
<?php _e('seconds', 'http-headers'); ?>
</td>
</tr>
\ No newline at end of file
<?php
if (!(isset($_POST['url']) && preg_match('|^https?://|', $_POST['url'])))
{
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('URL malformed', 'http-headers'); ?></span></h3>
</section>
<?php
exit;
}
include 'includes/config.inc.php';
$args = array();
if (isset($_POST['authentication'], $_POST['username'], $_POST['password'])
&& !empty($_POST['username'])
&& !empty($_POST['password'])
)
{
$args['headers'] = array(
'Authorization' => sprintf('Basic %s', base64_encode($_POST['username'] .':'. $_POST['password']))
);
}
$response = wp_remote_head($_POST['url'], $args);
$status = wp_remote_retrieve_response_code($response);
$dictionary = wp_remote_retrieve_headers($response);
$responseHeaders = $dictionary ? $dictionary->getAll() : array();
if ($status !== 200)
{
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('HTTP Status', 'http-headers'); ?>: <?php echo $status; ?></span></h3>
<p><?php
switch ($status)
{
case 400:
echo 'Bad Request';
break;
case 401:
echo 'Unauthorized';
break;
case 403:
echo 'Forbidden';
break;
case 404:
echo 'Not Found';
break;
case 405:
echo 'Method Not Allowed';
break;
default:
}
?></p>
</section>
<?php
exit;
}
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('Response headers', 'http-headers'); ?></span></h3>
<table class="hh-results">
<thead>
<tr>
<th style="width: 30%"><?php _e('Header', 'http-headers'); ?></th>
<th><?php _e('Value', 'http-headers'); ?></th>
</tr>
</thead>
<tbody>
<?php
$reportOnly = array('content-security-policy-report-only');
foreach ($responseHeaders as $k => $v)
{
$k = strtolower($k);
$found = in_array($k, $reportOnly);
$v = is_array($v) ? join(", ", $v) : $v;
?>
<tr<?php echo array_key_exists($k, $headers) || $found ? ' class="hh-found"' : NULL; ?>>
<td><?php echo htmlspecialchars($k); ?></td>
<td><?php echo htmlspecialchars($v); ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</section>
<?php
$special = array('content-security-policy');
$exclude = array('custom-headers', 'cookie-security', 'x-powered-by');
$missing = array();
foreach ($headers as $k => $v)
{
if (!array_key_exists($k, $responseHeaders)
&& !in_array($k, $exclude)
&& !(in_array($k, $special) && array_key_exists($k . '-report-only', $responseHeaders) ))
{
$missing[$k] = @$categories[$v[2]];
}
}
if (!empty($missing))
{
asort($missing);
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('Missing headers', 'http-headers'); ?></span></h3>
<table class="hh-results">
<thead>
<tr>
<th style="width: 30%"><?php _e('Header', 'http-headers'); ?></th>
<th><?php _e('Category', 'http-headers'); ?></th>
</tr>
</thead>
<tbody>
<?php
foreach ($missing as $k => $v)
{
?>
<tr>
<td><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;header=<?php echo htmlspecialchars($k); ?>"><?php echo $k; ?></a></td>
<td><?php echo $v; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</section>
<?php
}
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cache-Control
<p class="description"><?php _e('The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cache-Control</legend>
<?php
$cache_control = get_option('hh_cache_control', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cache_control" value="<?php echo $k; ?>"<?php checked($cache_control, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-cc' ); ?>
<?php do_settings_sections( 'http-headers-cc' ); ?>
<?php
$items = array(
'must-revalidate' => 'bool',
'no-cache' => 'bool',
'no-store' => 'bool',
'no-transform' => 'bool',
'public' => 'bool',
'private' => 'bool',
'proxy-revalidate' => 'bool',
'max-age' => 'int',
's-maxage' => 'int',
'immutable' => 'bool',
'stale-while-revalidate' => 'int',
'stale-if-error' => 'int',
);
?>
<table>
<?php
$cache_control_value = get_option('hh_cache_control_value');
if (!$cache_control_value)
{
$cache_control_value = array();
}
foreach ($items as $item => $type)
{
?>
<tr>
<td><label for="hh_cache_control_value_<?php echo $item; ?>"><?php echo $item; ?></label></td>
<td><?php
switch ($type) {
case 'bool':
?><input type="checkbox" class="http-header-value" name="hh_cache_control_value[<?php echo $item; ?>]" id="hh_cache_control_value_<?php echo $item; ?>" value="1"<?php checked(array_key_exists($item, $cache_control_value), 1, true); ?>><?php
break;
case 'int':
?><input type="text" class="http-header-value" name="hh_cache_control_value[<?php echo $item; ?>]" id="hh_cache_control_value_<?php echo $item; ?>" size="6" value="<?php echo array_key_exists($item, $cache_control_value) && strlen($cache_control_value[$item]) > 0 ? (int) $cache_control_value[$item] : NULL; ?>"> <?php _e('seconds', 'http-headers');
break;
}
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<table class="hh-index-table">
<thead>
<tr>
<th><?php _e('Header', 'http-headers'); ?></th>
<th style="width: 45%"><?php _e('Value', 'http-headers'); ?></th>
<th class="hh-status"><?php _e('Status', 'http-headers'); ?></th>
<th></th>
</tr>
</thead>
<tbody>
<?php
foreach ($headers as $index => $item)
{
if (@$_GET['category'] != $item[2])
{
continue;
}
$key = $item[1];
$option = get_option($key, 0);
$isOn = (int) $option === 1;
$value = NULL;
if ($isOn)
{
$value = get_option($key .'_value');
switch ($key)
{
case 'hh_age':
$value = (int) $value;
break;
case 'hh_p3p':
if (!empty($value))
{
$value = sprintf('CP="%s"', join(' ', array_keys($value)));
}
break;
case 'hh_x_xxs_protection':
if ($value == '1; report=') {
$value .= get_option('hh_x_xxs_protection_uri');
}
break;
case 'hh_x_powered_by':
if (get_option('hh_x_powered_by_option') == 'unset') {
$value = '[Unset]';
}
break;
case 'hh_x_frame_options':
$value = strtoupper($value);
if ($value == 'ALLOW-FROM')
{
$value .= ' ' . get_option('hh_x_frame_options_domain');
}
break;
case 'hh_strict_transport_security':
$tmp = array();
$hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
if ($hh_strict_transport_security_max_age !== false)
{
$tmp[] = sprintf('max-age=%u', $hh_strict_transport_security_max_age);
if (get_option('hh_strict_transport_security_sub_domains'))
{
$tmp[] = 'includeSubDomains';
}
if (get_option('hh_strict_transport_security_preload'))
{
$tmp[] = 'preload';
}
} else {
$tmp = array(get_option('hh_strict_transport_security_value'));
}
if (!empty($tmp))
{
$value = join('; ', $tmp);
}
break;
case 'hh_timing_allow_origin':
if ($value == 'origin')
{
$value = get_option('hh_timing_allow_origin_url');
}
break;
case 'hh_access_control_allow_origin':
if ($value == 'origin')
{
$value = join('<br>', get_option('hh_access_control_allow_origin_url', array()));
}
break;
case 'hh_access_control_expose_headers':
case 'hh_access_control_allow_headers':
case 'hh_access_control_allow_methods':
$value = join(', ', array_keys($value));
break;
case 'hh_content_security_policy':
$value = build_csp_value($value);
if (get_option('hh_content_security_policy_report_only')) {
$item[0] .= '-Report-Only';
}
break;
case 'hh_content_encoding':
$value = !$value ? null : join(', ', array_keys($value));
$ext = get_option('hh_content_encoding_ext');
if (!empty($ext)) {
$ext = join(', ', array_keys($ext));
$value .= (!empty($value) ? '<br>' : null) . $ext;
}
$module = get_option('hh_content_encoding_module');
switch ($module) {
case 'brotli_deflate':
$enc = 'br, gzip';
break;
case 'brotli':
$enc = 'br';
break;
case 'deflate':
default:
$enc = 'gzip';
break;
}
$value = !empty($value) ? sprintf('%s (%s)', $enc, $value) : $enc;
break;
case 'hh_vary':
$value = !$value ? null : join(', ', array_keys($value));
break;
case 'hh_www_authenticate':
$value = get_option('hh_www_authenticate_type');
break;
case 'hh_cache_control':
$tmp = array();
foreach ($value as $k => $v) {
if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) {
if (strlen($v) > 0) {
$tmp[] = sprintf("%s=%u", $k, $v);
}
} else {
$tmp[] = $k;
}
}
$value = join(', ', $tmp);
break;
case 'hh_expires':
$tmp = array();
$types = get_option('hh_expires_type', array());
foreach ($types as $type => $whatever) {
list($base, $period, $suffix) = explode('_', $value[$type]);
if (in_array($base, array('access', 'modification'))) {
$tmp[] = $type != 'default'
? sprintf('%s = "%s plus %u %s"', $type, $base, $period, $suffix)
: sprintf('default = "%s plus %u %s"', $base, $period, $suffix);
} elseif ($base == 'invalid') {
$tmp[] = $type != 'default'
? sprintf('%s = A0', $type)
: sprintf('default = A0');
}
}
$value = join('<br>', $tmp);
break;
case 'hh_cookie_security':
if (is_array($value)) {
if (isset($value['SameSite']) && !is_samesite_supported()) {
unset($value['SameSite']);
}
}
$value = is_array($value) && !empty($value)
? '&#10004; ' . join(' &#10004; ', array_keys($value))
: NULL;
break;
case 'hh_expect_ct':
$tmp = array();
$tmp[] = sprintf('max-age=%u', get_option('hh_expect_ct_max_age'));
if (get_option('hh_expect_ct_enforce') == 1) {
$tmp[] = 'enforce';
}
$tmp[] = sprintf('report-uri="%s"', get_option('hh_expect_ct_report_uri'));
$value = join(', ', $tmp);
break;
case 'hh_custom_headers':
$_names = array($item[0]);
$_values = array('&nbsp;');
foreach ($value['name'] as $key => $name)
{
if (!empty($name) && !empty($value['value'][$key]))
{
$_names[] = '<p class="hh-p">&nbsp;&nbsp;&nbsp;&nbsp;'.$name.'</p>';
$_values[] = '<p class="hh-p">'.$value['value'][$key].'</p>';
}
}
$item[0] = join('', $_names);
$value = join('', $_values);
break;
case 'hh_report_to':
$value = get_http_header('report_to');
break;
case 'hh_nel':
$value = get_http_header('nel');
break;
case 'hh_feature_policy':
$value = get_http_header('feature_policy');
break;
case 'hh_permissions_policy':
$value = get_http_header('permissions_policy');
break;
case 'hh_x_robots_tag':
$value = get_http_header('x_robots_tag');
break;
case 'hh_clear_site_data':
$value = '"' . join('", "', array_keys($value)) . '"';
break;
case 'hh_content_type':
$tmp = array();
foreach ($value as $key => $val) {
$tmp[] = sprintf(".%s => %s", $key, $val);
}
$value = join("<br>", $tmp);
break;
default:
$value = !is_array($value) ? $value : join(', ', $value);
}
}
$status = $isOn ? __('On', 'http-headers') : __('Off', 'http-headers');
?>
<tr<?php echo $isOn ? ' class="active"' : NULL; ?>>
<td><?php echo $item[0]; ?></td>
<td><?php echo $value; ?></td>
<td class="hh-status hh-status-<?php echo $isOn ? 'on' : 'off'; ?>"><span><?php echo $status; ?></span></td>
<td><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&header=<?php
echo $index; ?>"><?php _e('Edit', 'http-headers'); ?></a></td>
</tr>
<?php
}
?>
</tbody>
</table>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Clear-Site-Data
<p class="description"><?php _e('The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored locally by a browser for their origins.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Clear-Site-Data</legend>
<?php
$clear_site_data = get_option('hh_clear_site_data', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_clear_site_data" value="<?php echo $k; ?>"<?php checked($clear_site_data, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-csd' ); ?>
<?php do_settings_sections( 'http-headers-csd' ); ?>
<?php
$items = array(
'cache' => 'bool',
'cookies' => 'bool',
'storage' => 'bool',
'executionContexts' => 'bool',
'*' => 'bool',
);
?>
<table>
<?php
$clear_site_data_value = get_option('hh_clear_site_data_value');
if (!$clear_site_data_value)
{
$clear_site_data_value = array();
}
foreach ($items as $item => $type)
{
?>
<tr>
<td><label for="hh_clear_site_data_value_<?php echo $item; ?>">"<?php echo $item; ?>"</label></td>
<td><?php
switch ($type) {
case 'bool':
?><input type="checkbox" class="http-header-value" name="hh_clear_site_data_value[<?php echo $item; ?>]" id="hh_clear_site_data_value_<?php echo $item; ?>" value="1"<?php checked(array_key_exists($item, $clear_site_data_value), 1, true); ?>><?php
break;
}
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Connection
<p class="description"><?php _e('The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Connection</legend>
<?php
$connection = get_option('hh_connection', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_connection" value="<?php echo $k; ?>"<?php checked($connection, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-con' ); ?>
<?php do_settings_sections( 'http-headers-con' ); ?>
<select name="hh_connection_value" class="http-header-value"<?php echo $connection == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('keep-alive', 'close');
$connection_value = get_option('hh_connection_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($connection_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Content-Encoding
<p class="description"><?php _e('Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Content-Encoding</legend>
<?php
$content_encoding = get_option('hh_content_encoding', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_content_encoding" value="<?php echo $k; ?>"<?php checked($content_encoding, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-ce' ); ?>
<?php do_settings_sections( 'http-headers-ce' ); ?>
<table>
<tbody>
<tr>
<th colspan="2"><?php _e('Module', 'http-headers'); ?></th>
</tr>
<?php
$content_encoding_module = get_option('hh_content_encoding_module');
?>
<tr>
<td colspan="2" class="hh-td-inner">
<table style="width: 100%">
<tbody>
<tr>
<td>
<label><input type="radio" name="hh_content_encoding_module" value="deflate"<?php echo $content_encoding_module == 'deflate' || !$content_encoding_module ? ' checked' : NULL; ?>> <?php _e('DEFLATE', 'http-headers'); ?></label>
</td>
<td>
<label><input type="radio" name="hh_content_encoding_module" value="brotli"<?php checked($content_encoding_module, 'brotli'); ?>> <?php _e('BROTLI', 'http-headers'); ?></label>
</td>
<td>
<label><input type="radio" name="hh_content_encoding_module" value="brotli_deflate"<?php checked($content_encoding_module, 'brotli_deflate'); ?>> <?php _e('BROTLI; DEFLATE', 'http-headers'); ?></label>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<th colspan="2"><?php _e('By content type', 'http-headers'); ?></th>
</tr><tr>
<?php
$items = array(
'application/javascript',
'application/x-javascript',
'application/json',
'application/ld+json',
'application/manifest+json',
'application/rdf+xml',
'application/rss+xml',
'application/schema+json',
'application/vnd.geo+json',
'application/x-web-app-manifest+json',
'application/vnd.ms-fontobject',
'application/x-font-ttf',
'application/xhtml+xml',
'application/xml',
'font/opentype',
'font/eot',
'image/bmp',
'image/svg+xml',
'image/x-icon',
'image/vnd.microsoft.icon',
'text/javascript',
'text/css',
'text/html',
'text/plain',
'text/x-component',
'text/xml',
);
$content_encoding_value = get_option('hh_content_encoding_value');
if (!$content_encoding_value) {
$content_encoding_value = array();
}
foreach ($items as $i => $item) {
if ($i > 0 && $i % 2 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_content_encoding_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $content_encoding_value) ? NULL : ' checked'; ?><?php echo $content_encoding == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?>
</tr>
<tr>
<th colspan="2"><?php _e('By extension', 'http-headers'); ?></th>
</tr>
<tr>
<?php
$content_encoding_ext = get_option('hh_content_encoding_ext');
if (!$content_encoding_ext) {
$content_encoding_ext = array();
}
$items = array('php', 'html', 'js', 'css', 'json', 'xml', 'svg', 'txt', 'bmp', 'ico', 'ttf', 'otf', 'eot');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 2 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_content_encoding_ext[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $content_encoding_ext) ? NULL : ' checked'; ?><?php echo $content_encoding == 1 ? NULL : ' readonly'; ?> /> *.<?php echo $item; ?></label></td><?php
}
?>
</tr>
</tbody></table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
$content_security_policy = get_option('hh_content_security_policy', 0);
?>
<tr valign="top">
<th scope="row">Content Security Policy
<p class="description"><?php _e('Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.', 'http-headers'); ?></p>
<p>
<label><input type="checkbox" class="http-header-value"
name="hh_content_security_policy_report_only" value="1"
<?php checked(get_option('hh_content_security_policy_report_only'), 1, true); ?>
<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?> /> "Report-Only" (<?php _e('for reporting-only purposes', 'http-headers'); ?>)</label>
</p>
<hr>
<p class="description">Useful tools:</p>
<p class="description">
<a target="_blank" href="https://zinoui.com/tools/sri-generator">SRI Hash Generator</a>
- generates subresource integrity hashes using a cryptographic algorithm.
</p>
<p class="description">
<a target="_blank" href="https://zinoui.com/tools/csp-hash">CSP Hash Generator</a>
- generates CSP hashes to use in script-src and style-src directives.
</p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Content-Security-Policy</legend>
<?php
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_content_security_policy" value="<?php echo $k; ?>"<?php checked($content_security_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-csp' ); ?>
<?php do_settings_sections( 'http-headers-csp' ); ?>
<table>
<tbody>
<tr>
<td><strong><?php _e('Directive', 'http-headers'); ?></strong></td>
<td><strong><?php _e('Value', 'http-headers'); ?></strong></td>
</tr>
<?php
$directives = array(
'default-src',
'script-src',
'style-src',
'img-src',
'connect-src',
'font-src',
'media-src',
'report-uri',
'child-src',
'form-action',
'frame-ancestors',
'object-src',
'frame-src',
'worker-src',
'manifest-src',
'navigate-to',
'prefetch-src',
'base-uri',
'plugin-types',
'report-to',
'sandbox',
'require-sri-for',
'block-all-mixed-content',
'upgrade-insecure-requests',
);
$csp_value = get_option('hh_content_security_policy_value');
foreach ($directives as $item)
{
?>
<tr>
<td><?php echo $item; ?></td>
<td>
<?php
if ($item == 'sandbox')
{
include 'includes/csp-sandbox.inc.php';
} elseif (in_array($item, array('block-all-mixed-content', 'upgrade-insecure-requests'))) {
include 'includes/csp-inc.inc.php';
} elseif (in_array($item, array('report-to', 'plugin-types'))) {
include 'includes/csp-text.inc.php';
} elseif ($item == 'require-sri-for') {
include 'includes/csp-sri.inc.php';
} else {
include 'includes/csp-src.inc.php';
}
?>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Content-Type
<p class="description"><?php _e('The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Content-Type</legend>
<?php
$content_type = get_option('hh_content_type', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_content_type" value="<?php echo $k; ?>"<?php checked($content_type, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields('http-headers-cty'); ?>
<?php do_settings_sections('http-headers-cty'); ?>
<?php
$content_type_value = get_option('hh_content_type_value');
if (!$content_type_value) {
$content_type_value = array();
}
$map = array(
'eot' => 'application/vnd.ms-fontobject',
'otf' => 'application/x-font-opentype',
'svg' => 'image/svg+xml',
'ttf' => 'application/x-font-ttf',
'woff' => 'application/font-woff',
'woff2' => 'application/font-woff2',
'jsonp' => 'application/javascript',
);
?>
<table>
<tbody>
<tr>
<td></td>
<td><strong><?php _e('Extension', 'http-headers'); ?></strong></td>
<td><strong><?php _e('Media type', 'http-headers'); ?></strong></td>
</tr>
<?php
foreach ($map as $ext => $media_type)
{
?>
<tr>
<td>
<input type="checkbox" class="http-header-value"
name="hh_content_type_value[<?php echo $ext; ?>]"
value="<?php echo $media_type; ?>"<?php
echo !(array_key_exists($ext, $content_type_value) && $content_type_value[$ext] == $media_type) ? NULL : ' checked';
echo $content_type == 1 ? NULL : ' readonly'; ?>></td>
<td>.<?php echo $ext; ?></td>
<td><?php echo $media_type; ?></td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cookie security
<p class="description"><?php _e('A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol.', 'http-headers'); ?></p>
<p class="description"><?php _e("To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server.", 'http-headers'); ?></p>
<p class="description"><?php _e('SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cookie security</legend>
<?php
$cookie_security = get_option('hh_cookie_security', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cookie_security" value="<?php echo $k; ?>"<?php checked($cookie_security, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-cose' ); ?>
<?php do_settings_sections( 'http-headers-cose' ); ?>
<?php
$items = array('Secure', 'HttpOnly', 'SameSite');
$cookie_security_value = get_option('hh_cookie_security_value');
foreach ($items as $item)
{
$is_checked = is_array($cookie_security_value) && array_key_exists($item, $cookie_security_value);
?>
<p>
<label><input type="checkbox"
class="http-header-value"
name="hh_cookie_security_value[<?php echo $item; ?>]"
value="1"<?php echo !$is_checked ? NULL : ' checked'; ?><?php echo $cookie_security == 1 ? NULL : ' readonly'; ?>> <?php echo $item; ?><?php
?></label>
</p>
<?php
if ($item == 'SameSite')
{
foreach (array('None', 'Lax', 'Strict') as $s_val)
{
?>
<p class="hh-csv-value<?php echo !$is_checked ? ' hh-hidden' : NULL; ?>">
<label><input type="radio"
class="http-header-value"
name="hh_cookie_security_value[SameSite]"
value="<?php echo $s_val; ?>"<?php echo !is_array($cookie_security_value) || !array_key_exists($item, $cookie_security_value) || $cookie_security_value[$item] != $s_val ? NULL : ' checked'; ?><?php echo $cookie_security == 1 ? NULL : ' readonly'; ?>> <?php echo $s_val; ?></label>
</p>
<?php
}
}
}
?>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cross-Origin-Embedder-Policy
<p class="description"><?php _e("The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).", 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cross-Origin-Embedder-Policy</legend>
<?php
$cross_origin_embedder_policy = get_option('hh_cross_origin_embedder_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cross_origin_embedder_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_embedder_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-coep' ); ?>
<?php do_settings_sections( 'http-headers-coep' ); ?>
<select name="hh_cross_origin_embedder_policy_value" class="http-header-value"<?php echo $cross_origin_embedder_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('unsafe-none', 'require-corp');
$cross_origin_embedder_policy_value = get_option('hh_cross_origin_embedder_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($cross_origin_embedder_policy_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cross-Origin-Opener-Policy
<p class="description"><?php _e('The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.', 'http-headers'); ?></p>
<p class="description"><?php _e("COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks.", 'http-headers'); ?></p>
<p class="description"><?php _e('If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cross-Origin-Opener-Policy</legend>
<?php
$cross_origin_opener_policy = get_option('hh_cross_origin_opener_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cross_origin_opener_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_opener_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-coop' ); ?>
<?php do_settings_sections( 'http-headers-coop' ); ?>
<select name="hh_cross_origin_opener_policy_value" class="http-header-value"<?php echo $cross_origin_opener_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('unsafe-none', 'same-origin-allow-popups', 'same-origin');
$cross_origin_opener_policy_value = get_option('hh_cross_origin_opener_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($cross_origin_opener_policy_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Cross-Origin-Resource-Policy
<p class="description"><?php _e('The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Cross-Origin-Resource-Policy</legend>
<?php
$cross_origin_resource_policy = get_option('hh_cross_origin_resource_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_cross_origin_resource_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_resource_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-corp' ); ?>
<?php do_settings_sections( 'http-headers-corp' ); ?>
<select name="hh_cross_origin_resource_policy_value" class="http-header-value"<?php echo $cross_origin_resource_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('same-site', 'same-origin', 'cross-origin');
$cross_origin_resource_policy_value = get_option('hh_cross_origin_resource_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($cross_origin_resource_policy_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Custom headers
<p class="description"><?php _e('Common non-standard response fields:', 'http-headers'); ?>
<br>X-Pingback
<br>X-Cache
<br>X-Edge-Location
<br>X-HTTP-Method-Override
<br>X-Csrf-Token
<br>X-Request-ID
<br>X-Correlation-ID
<br>X-Content-Duration
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Custom headers</legend>
<?php
$custom_headers = get_option('hh_custom_headers', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_custom_headers" value="<?php echo $k; ?>"<?php checked($custom_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-che' ); ?>
<?php do_settings_sections( 'http-headers-che' ); ?>
<?php
$custom_headers_value = get_option('hh_custom_headers_value');
if (!$custom_headers_value) {
$custom_headers_value = array();
}
?>
<table>
<thead>
<tr>
<th><?php _e('Header', 'http-headers'); ?></th>
<th><?php _e('Value', 'http-headers'); ?></th>
<th></th>
</tr>
</thead>
<tbody>
<?php
if (empty($custom_headers_value))
{
?>
<tr>
<td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name"></td>
<td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="<?php esc_attr_e('Value', 'http-headers'); ?>"></td>
<td></td>
</tr>
<?php
} else {
foreach ($custom_headers_value['name'] as $key => $name)
{
if (empty($name) || empty($custom_headers_value['value'][$key]))
{
continue;
}
?>
<tr>
<td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name" value="<?php echo esc_attr($name); ?>"<?php echo $custom_headers == 1 ? NULL : ' readonly'; ?>></td>
<td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="<?php esc_attr_e('Value', 'http-headers'); ?>" value="<?php echo esc_attr($custom_headers_value['value'][$key]); ?>"<?php echo $custom_headers == 1 ? NULL : ' readonly'; ?>></td>
<td><button type="button" class="button button-small hh-btn-delete-header" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
</tr>
<?php
}
}
?>
<tr>
<td colspan="3"><button type="button" class="button" id="hh-btn-add-header">+ <?php _e('Add header', 'http-headers'); ?></button></td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
?>
<div class="hh-wrapper">
<div class="hh-categories">
<?php
$tmp = array();
foreach ($headers as $item)
{
if (!isset($tmp[$item[2]]))
{
$tmp[$item[2]] = array('total' => 0, 'on' => 0);
}
$tmp[$item[2]]['total'] += 1;
if (get_option($item[1]) == 1)
{
$tmp[$item[2]]['on'] += 1;
}
}
foreach ($categories as $key => $val)
{
?>
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;category=<?php echo $key; ?>" class="hh-category">
<i></i>
<span><?php echo $key[0]; ?></span>
<strong><?php echo $val; ?></strong>(<?php printf('%u/%u', @$tmp[$key]['on'], @$tmp[$key]['total']); ?>)</a>
<?php
}
?>
</div>
<div class="hh-sidebar">
<div class="hh-sidebar-inner">
<h3><?php _e('Rate us', 'http-headers'); ?></h3>
<p><?php _e('Tell us what you think about this plugin', 'http-headers'); ?> <a href="https://wordpress.org/support/plugin/http-headers/reviews/?rate=5#new-post"><?php _e('writing a review', 'http-headers'); ?></a>.</p>
<h3><?php _e('Contribution', 'http-headers'); ?></h3>
<p><?php _e('Help us to continue developing this plugin with a small donation.', 'http-headers'); ?></p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="biggie@abv.bg">
<input type="hidden" name="item_name" value="HTTP Headers Donation">
<input type="hidden" name="no_shipping" value="1">
<input type="hidden" name="lc" value="US">
<input type="hidden" name="currency_code" value="USD">
<input type="hidden" name="item_number" value="">
$ <input type="text" name="amount" value="5" size="3">
<button type="submit" class="button"><?php _e('Donate', 'http-headers'); ?></button>
</form>
</div>
</div>
</div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Expect-CT
<p class="description"><?php _e('Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Expect-CT</legend>
<?php
$expect_ct = get_option('hh_expect_ct', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_expect_ct" value="<?php echo $k; ?>"<?php checked($expect_ct, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-ect' ); ?>
<?php do_settings_sections( 'http-headers-ect' ); ?>
<table>
<tr>
<td>max-age:</td>
<td><select name="hh_expect_ct_max_age" class="http-header-value"<?php echo $expect_ct == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year');
$expect_ct_max_age = get_option('hh_expect_ct_max_age');
foreach ($items as $key => $item) {
?><option value="<?php echo $key; ?>"<?php selected($expect_ct_max_age, $key); ?>><?php echo $item; ?></option><?php
}
?>
</select></td>
</tr>
<tr>
<td>report-uri:</td>
<td><input type="text" class="http-header-value" name="hh_expect_ct_report_uri" value="<?php echo esc_attr(get_option('hh_expect_ct_report_uri')); ?>" placeholder="https://example.com/ct-report"<?php echo $expect_ct == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
<tr>
<td>enforce:</td>
<td><input type="checkbox" class="http-header-value" name="hh_expect_ct_enforce" value="1"<?php checked(get_option('hh_expect_ct_enforce'), 1, true); ?><?php echo $expect_ct == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Expires
<p class="description"><?php _e('The Expires header contains the date/time after which the response is considered stale.', 'http-headers'); ?></p>
<p class="description"><?php _e('Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired.', 'http-headers'); ?></p>
<p class="description"><?php _e("If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored.", 'http-headers'); ?></p>
<p class="description"><?php _e('* Works only in Apache mode', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Expires</legend>
<?php
$expires = get_option('hh_expires', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_expires" value="<?php echo $k; ?>"<?php checked($expires, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-exp' ); ?>
<?php do_settings_sections( 'http-headers-exp' ); ?>
<table>
<?php
$types = array(
'default',
'text/css',
'text/javascript',
'text/plain',
'image/gif',
'image/png',
'image/jpeg',
'image/x-icon',
'application/x-javascript',
'application/javascript',
'application/x-icon',
);
$items = array(
'invalid_0_date' => '0 (invalid date)',
'access_1_hour' => 'Access +1 hour',
'access_6_hours' => 'Access +6 hours',
'access_12_hours' => 'Access +12 hours',
'access_1_day' => 'Access +1 day',
'access_3_days' => 'Access +3 days',
'access_1_week' => 'Access +1 week',
'access_2_weeks' => 'Access +2 weeks',
'access_1_month' => 'Access +1 month',
'access_3_months' => 'Access +3 months',
'access_6_months' => 'Access +6 months',
'access_1_year' => 'Access +1 year',
'modification_1_hour' => 'Modification +1 hour',
'modification_6_hours' => 'Modification +6 hours',
'modification_12_hours' => 'Modification +12 hours',
'modification_1_day' => 'Modification +1 day',
'modification_3_days' => 'Modification +3 days',
'modification_1_week' => 'Modification +1 week',
'modification_2_weeks' => 'Modification +2 weeks',
'modification_1_month' => 'Modification +1 month',
'modification_3_months' => 'Modification +3 months',
'modification_6_months' => 'Modification +6 months',
'modification_1_year' => 'Modification +1 year',
);
$expires_value = get_option('hh_expires_value');
$expires_type = get_option('hh_expires_type');
if (!$expires_value)
{
$expires_value = array();
}
if (!$expires_type)
{
$expires_type = array();
}
foreach ($types as $type) {
?>
<tr>
<td><input type="checkbox" class="http-header-value" name="hh_expires_type[<?php echo $type; ?>]" value="1"<?php echo !is_array($expires_type) || !array_key_exists($type, $expires_type) ? NULL : ' checked'; ?><?php echo $expires == 1 ? NULL : ' readonly'; ?>></td>
<td><?php echo $type; ?></td>
<td>
<select class="http-header-value" name="hh_expires_value[<?php echo $type; ?>]"<?php echo $expires == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($items as $k => $v) {
$val_type = !empty($expires_value[$type]) ? $expires_value[$type] : '';
?><option value="<?php echo $k; ?>"<?php selected($val_type, $k); ?>><?php echo $v; ?></option><?php
}
?>
</select>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Feature-Policy
<p class="description"><?php _e('With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser\'s default behavior for certain features.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Feature-Policy</legend>
<?php
$feature_policy = get_option('hh_feature_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_feature_policy" value="<?php echo $k; ?>"<?php checked($feature_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-fp' ); ?>
<?php do_settings_sections( 'http-headers-fp' ); ?>
<table>
<tbody>
<?php
$features = array(
'accelerometer',
'ambient-light-sensor',
'autoplay',
'camera',
'cookie',
'docwrite',
'domain',
'encrypted-media',
'fullscreen',
'geolocation',
'gyroscope',
'magnetometer',
'microphone',
'midi',
'payment',
'picture-in-picture',
'speaker',
'sync-script',
'sync-xhr',
'unsized-media',
'usb',
'vertical-scroll',
'vibrate',
'vr',
);
$origins = array("'self'", "'none'", '*', 'origin(s)');
$feature_policy_value = get_option('hh_feature_policy_value');
$feature_policy_feature = get_option('hh_feature_policy_feature');
$feature_policy_origin = get_option('hh_feature_policy_origin');
if (!$feature_policy_value)
{
$feature_policy_value = array();
}
if (!$feature_policy_feature)
{
$feature_policy_feature = array();
}
if (!$feature_policy_origin)
{
$feature_policy_origin = array();
}
foreach ($features as $feature)
{
?>
<tr>
<td><input type="checkbox" name="hh_feature_policy_feature[<?php echo $feature; ?>]" class="http-header-value"
value="1"<?php echo !is_array($feature_policy_feature) || !array_key_exists($feature, $feature_policy_feature) ? NULL : ' checked'; ?><?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>></td>
<td><?php echo $feature; ?></td>
<td>
<select name="hh_feature_policy_value[<?php echo $feature; ?>]"
class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($origins as $origin)
{
?><option value="<?php echo $origin; ?>"<?php selected(@$feature_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
}
?>
</select>
<input type="text" name="hh_feature_policy_origin[<?php echo $feature; ?>]"
value="<?php echo @$feature_policy_origin[$feature]; ?>" size="30"<?php echo isset($feature_policy_value[$feature]) && in_array($feature_policy_value[$feature], array('origin(s)', "'self'")) ? NULL : ' style="display: none"'; ?>
class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<section class="hh-panel">
<form method="post" action="options.php">
<table class="form-table hh-table">
<tbody>
<?php
$header_file = sprintf('%s/%s.php', dirname(__FILE__), basename($_GET['header']));
if (is_file($header_file))
{
include $header_file;
}
?>
</tbody>
</table>
<?php submit_button(); ?>
</form>
</section>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<ul class="hh-breadcrumbs">
<li><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers"><?php _e('Dashboard', 'http-headers'); ?></a></li>
<?php
if (isset($_GET['category']))
{
?><li><?php echo @$categories[$_GET['category']]; ?></li><?php
} elseif (isset($_GET['header'])) {
?><li><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;category=<?php echo htmlspecialchars($headers[$_GET['header']][2]); ?>"><?php echo @$categories[$headers[$_GET['header']][2]]; ?></a></li><?php
?><li><?php echo @$headers[$_GET['header']][0]; ?></li><?php
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'advanced') {
?><li><?php _e('Advanced settings', 'http-headers'); ?></li><?php
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'manual') {
?><li><?php _e('Manual setup', 'http-headers'); ?></li><?php
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'inspect') {
?><li><?php _e('Inspect headers', 'http-headers'); ?></li><?php
}
?>
</ul>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
$bools = array(
0 => __('Off', 'http-headers'),
1 => __('On', 'http-headers'),
);
$categories = array(
'security' => __('Security', 'http-headers'),
'access-control' => __('Access control', 'http-headers'),
'authentication' => __('Authentication', 'http-headers'),
'compression' => __('Compression', 'http-headers'),
'caching' => __('Caching', 'http-headers'),
'misc' => __('Miscellaneous', 'http-headers'),
);
$headers = array(
'x-frame-options' => array('X-Frame-Options', 'hh_x_frame_options', 'security'),
'x-xss-protection' => array('X-XSS-Protection', 'hh_x_xxs_protection', 'security'),
'x-content-type-options' => array('X-Content-Type-Options', 'hh_x_content_type_options', 'security'),
'x-ua-compatible' => array('X-UA-Compatible', 'hh_x_ua_compatible', 'misc'),
'strict-transport-security' => array('Strict-Transport-Security', 'hh_strict_transport_security', 'security'),
'p3p' => array('P3P', 'hh_p3p', 'access-control'),
'referrer-policy' => array('Referrer-Policy', 'hh_referrer_policy', 'security'),
'content-security-policy' => array('Content-Security-Policy', 'hh_content_security_policy', 'security'),
'access-control-allow-origin' => array('Access-Control-Allow-Origin', 'hh_access_control_allow_origin', 'access-control'),
'access-control-allow-credentials' => array('Access-Control-Allow-Credentials', 'hh_access_control_allow_credentials', 'access-control'),
'access-control-max-age' => array('Access-Control-Max-Age', 'hh_access_control_max_age', 'access-control'),
'access-control-allow-methods' => array('Access-Control-Allow-Methods', 'hh_access_control_allow_methods', 'access-control'),
'access-control-allow-headers' => array('Access-Control-Allow-Headers', 'hh_access_control_allow_headers', 'access-control'),
'access-control-expose-headers' => array('Access-Control-Expose-Headers', 'hh_access_control_expose_headers', 'access-control'),
'content-encoding' => array('Content-Encoding', 'hh_content_encoding', 'compression'),
'vary' => array('Vary', 'hh_vary', 'compression'),
'x-powered-by' => array('X-Powered-By', 'hh_x_powered_by', 'misc'),
'www-authenticate' => array('WWW-Authenticate', 'hh_www_authenticate', 'authentication'),
'cache-control' => array('Cache-Control', 'hh_cache_control', 'caching'),
'expires' => array('Expires', 'hh_expires', 'caching'),
'pragma' => array('Pragma', 'hh_pragma', 'caching'),
'age' => array('Age', 'hh_age', 'caching'),
'connection' => array('Connection', 'hh_connection', 'misc'),
'cookie-security' => array('Cookie security', 'hh_cookie_security', 'security'),
'expect-ct' => array('Expect-CT', 'hh_expect_ct', 'security'),
'timing-allow-origin' => array('Timing-Allow-Origin', 'hh_timing_allow_origin', 'access-control'),
'custom-headers' => array('Custom headers', 'hh_custom_headers', 'misc'),
'x-dns-prefetch-control' => array('X-DNS-Prefetch-Control', 'hh_x_dns_prefetch_control', 'security'),
'x-download-options' => array('X-Download-Options', 'hh_x_download_options', 'security'),
'x-permitted-cross-domain-policies' => array('X-Permitted-Cross-Domain-Policies', 'hh_x_permitted_cross_domain_policies', 'security'),
'report-to' => array('Report-To', 'hh_report_to', 'security'),
'feature-policy' => array('Feature-Policy', 'hh_feature_policy', 'security'),
'permissions-policy' => array('Permissions-Policy', 'hh_permissions_policy', 'security'),
'clear-site-data' => array('Clear-Site-Data', 'hh_clear_site_data', 'security'),
'content-type' => array('Content-Type', 'hh_content_type', 'misc'),
'cross-origin-resource-policy' => array('Cross-Origin-Resource-Policy', 'hh_cross_origin_resource_policy', 'security'),
'nel' => array('NEL', 'hh_nel', 'misc'),
'cross-origin-embedder-policy' => array('Cross-Origin-Embedder-Policy', 'hh_cross_origin_embedder_policy', 'security'),
'cross-origin-opener-policy' => array('Cross-Origin-Opener-Policy', 'hh_cross_origin_opener_policy', 'security'),
'x-robots-tag' => array('X-Robots-Tag', 'hh_x_robots_tag', 'misc'),
);
$headers_list = array(
'Accept',
'Accept-Charset',
'Accept-Encoding',
'Accept-Language',
'Accept-Datetime',
'Authorization',
'Cache-Control',
'Connection',
'Permanent',
'Cookie',
'Content-Length',
'Content-MD5',
'Content-Type',
'Date',
'Expect',
'Forwarded',
'From',
'Host',
'Permanent',
'If-Match',
'If-Modified-Since',
'If-None-Match',
'If-Range',
'If-Unmodified-Since',
'Max-Forwards',
'Origin',
'Pragma',
'Proxy-Authorization',
'Range',
'Referer',
'TE',
'User-Agent',
'Upgrade',
'Via',
'Warning',
'X-Requested-With',
'DNT',
'X-Forwarded-For',
'X-Forwarded-Host',
'X-Forwarded-Proto',
'Front-End-Https',
'X-Http-Method-Override',
'X-ATT-DeviceId',
'X-Wap-Profile',
'Proxy-Connection',
'X-UIDH',
'X-Csrf-Token',
'X-PINGOTHER',
'X-WP-Nonce',
);
$cors_safe_request_headers = array(
'Accept',
'Accept-Language',
'Content-Language',
'Content-Type',
);
$cors_safe_response_headers = array(
'Cache-Control',
'Content-Language',
'Content-Type',
'Expires',
'Last-Modified',
'Pragma',
);
\ No newline at end of file
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>]"
value="1"<?php echo isset($csp_value[$item]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
\ No newline at end of file
<?php
$sandbox = array(
'allow-forms',
'allow-same-origin',
'allow-scripts',
'allow-popups',
'allow-modals',
'allow-downloads',
'allow-orientation-lock',
'allow-pointer-lock',
'allow-presentation',
'allow-popups-to-escape-sandbox',
'allow-top-navigation',
'allow-top-navigation-by-user-activation',
);
foreach ($sandbox as $origin)
{
?>
<p>
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
id="csp-<?php echo $item; ?>-<?php echo $origin; ?>"
value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<label for="csp-<?php echo $item; ?>-<?php echo $origin; ?>"><?php echo $origin; ?></label>
</p>
<?php
}
?>
\ No newline at end of file
<?php
$origins = array(
'wildcard' => '*',
'self' => "'self'",
'none' => "'none'",
'unsafe-inline' => "'unsafe-inline'",
'unsafe-eval' => "'unsafe-eval'",
'strict-dynamic' => "'strict-dynamic'",
'report-sample' => "'report-sample'",
'http' => 'http:',
'https' => 'https:',
'data' => 'data:',
'mediastream' => 'mediastream:',
'blob' => 'blob:',
'filesystem' => 'filesystem:',
);
foreach ($origins as $k => $origin)
{
?>
<p<?php echo $origin == '*' || !isset($csp_value[$item]['*']) ? NULL : ' style="display: none"'; ?>>
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
id="csp-<?php echo $item; ?>-<?php echo $k; ?>"
value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<label for="csp-<?php echo $item; ?>-<?php echo $k; ?>"><?php echo $origin; ?></label>
</p>
<?php
}
switch ($item) {
case 'script-src':
$host_sources = array(
'js.example.com',
'http://js.example.com',
'https://js.example.com',
);
break;
case 'style-src':
$host_sources = array(
'css.example.com',
'http://css.example.com',
'https://css.example.com',
);
break;
case 'img-src':
$host_sources = array(
'img.example.com',
'http://img.example.com',
'https://img.example.com',
);
break;
case 'font-src':
$host_sources = array(
'font.example.com',
'http://font.example.com',
'https://font.example.com',
);
break;
case 'default-src':
$host_sources = array(
'http://*.example.com',
'mail.example.com:443',
'https://assets.example.com',
'cdn.example.com',
);
break;
default:
$host_sources = array(
'https://store.example.com',
'store.example.com',
'*.example.com',
);
}
shuffle($host_sources);
?>
<p<?php echo !isset($csp_value[$item]['*']) ? NULL : ' style="display: none"'; ?>>
<input type="text"
name="hh_content_security_policy_value[<?php echo $item; ?>][source]"
class="http-header-value"
size="40"
placeholder="<?php echo $host_sources[0]; ?>"
value="<?php echo esc_attr(@$csp_value[$item]['source']); ?>"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>
</p>
\ No newline at end of file
<?php
$origins = array(
'script',
'style',
);
foreach ($origins as $origin)
{
?>
<p>
<input type="checkbox"
name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
id="csp-<?php echo $item; ?>-<?php echo $origin; ?>"
value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<label for="csp-<?php echo $item; ?>-<?php echo $origin; ?>"><?php echo $origin; ?></label>
</p>
<?php
}
?>
\ No newline at end of file
<input type="text" name="hh_content_security_policy_value[<?php echo $item; ?>]" class="http-header-value" size="40"
value="<?php echo esc_attr(@$csp_value[$item]); ?>"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
<?php
if ($item == 'plugin-types')
{
?>
<br>
<em>Example: application/x-shockwave-flash application/x-java-applet</em>
<?php
}
?>
\ No newline at end of file
<?php
return array(
array('hh_method', 'htaccess'),
array('hh_htaccess_path', str_replace('\\', '/', ABSPATH) . '.htaccess'),
array('hh_user_ini_path', str_replace('\\', '/', ABSPATH) . '.user.ini'),
array('hh_htpasswd_path', str_replace('\\', '/', ABSPATH) . '.hh-htpasswd'),
array('hh_htdigest_path', str_replace('\\', '/', ABSPATH) . '.hh-htdigest'),
array('hh_x_frame_options', 0),
array('hh_x_frame_options_value', ''),
array('hh_x_frame_options_domain', ''),
array('hh_x_xxs_protection', 0),
array('hh_x_xxs_protection_value', ''),
array('hh_x_xxs_protection_uri', ''),
array('hh_x_content_type_options', 0),
array('hh_x_content_type_options_value', ''),
array('hh_strict_transport_security', 0),
array('hh_strict_transport_security_value', ''), //obsolete
array('hh_strict_transport_security_max_age', ''),
array('hh_strict_transport_security_sub_domains', ''),
array('hh_strict_transport_security_preload', ''),
array('hh_public_key_pins', 0),
array('hh_public_key_pins_sha256_1', ''),
array('hh_public_key_pins_sha256_2', ''),
array('hh_public_key_pins_max_age', ''),
array('hh_public_key_pins_sub_domains', ''),
array('hh_public_key_pins_report_uri', ''),
array('hh_public_key_pins_report_only', ''),
array('hh_x_ua_compatible', 0),
array('hh_x_ua_compatible_value', ''),
array('hh_p3p', 0),
array('hh_p3p_value', ''),
array('hh_referrer_policy', 0),
array('hh_referrer_policy_value', ''),
array('hh_content_security_policy', 0),
array('hh_content_security_policy_value', ''),
array('hh_content_security_policy_report_only', ''),
array('hh_access_control_allow_origin', 0),
array('hh_access_control_allow_origin_value', ''),
array('hh_access_control_allow_origin_url', ''),
array('hh_access_control_allow_credentials', 0),
array('hh_access_control_allow_credentials_value', ''),
array('hh_access_control_allow_methods', 0),
array('hh_access_control_allow_methods_value', ''),
array('hh_access_control_allow_headers', 0),
array('hh_access_control_allow_headers_value', ''),
array('hh_access_control_allow_headers_custom', ''),
array('hh_access_control_expose_headers', 0),
array('hh_access_control_expose_headers_value', ''),
array('hh_access_control_expose_headers_custom', ''),
array('hh_access_control_max_age', 0),
array('hh_access_control_max_age_value', ''),
array('hh_content_encoding', 0),
array('hh_content_encoding_module', ''),
array('hh_content_encoding_value', ''),
array('hh_content_encoding_ext', ''),
array('hh_vary', 0),
array('hh_vary_value', ''),
array('hh_x_powered_by', 0),
array('hh_x_powered_by_option', ''),
array('hh_x_powered_by_value', ''),
array('hh_www_authenticate', 0),
array('hh_www_authenticate_type', ''),
array('hh_www_authenticate_realm', ''),
array('hh_www_authenticate_user', ''),
array('hh_www_authenticate_pswd', ''),
array('hh_cache_control', 0),
array('hh_cache_control_value', ''),
array('hh_age', 0),
array('hh_age_value', ''),
array('hh_pragma', 0),
array('hh_pragma_value', ''),
array('hh_expires', 0),
array('hh_expires_value', ''),
array('hh_expires_type', ''),
array('hh_connection', 0),
array('hh_connection_value', ''),
array('hh_cookie_security', 0),
array('hh_cookie_security_value', ''),
array('hh_expect_ct', 0),
array('hh_expect_ct_max_age', ''),
array('hh_expect_ct_report_uri', ''),
array('hh_expect_ct_enforce', ''),
array('hh_timing_allow_origin', 0),
array('hh_timing_allow_origin_value', ''),
array('hh_timing_allow_origin_url', ''),
array('hh_x_permitted_cross_domain_policies', 0),
array('hh_x_permitted_cross_domain_policies_value', ''),
array('hh_x_download_options', 0),
array('hh_x_download_options_value', ''),
array('hh_x_dns_prefetch_control', 0),
array('hh_x_dns_prefetch_control_value', ''),
array('hh_custom_headers', 0),
array('hh_custom_headers_value', ''),
array('hh_report_to', 0),
array('hh_report_to_value', ''),
array('hh_feature_policy', 0),
array('hh_feature_policy_feature', ''),
array('hh_feature_policy_origin', ''),
array('hh_feature_policy_value', ''),
array('hh_permissions_policy', 0),
array('hh_permissions_policy_feature', ''),
array('hh_permissions_policy_origin', ''),
array('hh_permissions_policy_value', ''),
array('hh_clear_site_data', 0),
array('hh_clear_site_data_value', ''),
array('hh_content_type', 0),
array('hh_content_type_value', ''),
array('hh_content_nel', 0),
array('hh_content_nel_value', ''),
array('hh_x_robots_tag', 0),
array('hh_x_robots_tag_value', ''),
);
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<div class="wrap">
<h1>HTTP Headers</h1>
<?php
$check = check_web_server_requirements();
if ($check !== true) {
?>
<div class="notice notice-error">
<h2><?php _e('Error!', 'http-headers'); ?></h2>
<?php
if ($check == -1) {
?><p><?php _e('The following file was not found. Please make sure the file exists and has write permissions:', 'http-headers'); ?> <code><?php echo get_web_server_filename(); ?></code></p><?php
} elseif ($check == -2) {
?><p><?php _e('Please make sure the following file has write permissions:', 'http-headers'); ?> <code><?php echo get_web_server_filename(); ?></code></p><?php
}
?>
</div>
<?php
}
$check = check_php_requirements();
if ($check !== true) {
?>
<div class="notice notice-warning">
<h2><?php _e('Warning!', 'http-headers'); ?></h2>
<?php
if ($check == -1) {
?><p><?php _e('The following file was not found. Please make sure the file exists and has write permissions:', 'http-headers'); ?> <code><?php echo get_user_ini_filename(); ?></code></p><?php
} elseif ($check == -2) {
?><p><?php _e('Please make sure the following file has write permissions:', 'http-headers'); ?> <code><?php echo get_user_ini_filename(); ?></code></p><?php
}
?>
</div>
<?php
}
?>
<p><?php _e('Quick links', 'http-headers'); ?>:
<a href="https://zinoui.com/blog/http-headers-for-wordpress" target="_blank" title="HTTP Headers"><?php _e('Getting started', 'http-headers'); ?></a>,
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=advanced"><?php _e('Advanced settings', 'http-headers'); ?></a>,
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=manual"><?php _e('Manual setup', 'http-headers'); ?></a>,
<a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=inspect"><?php _e('Inspect headers', 'http-headers'); ?></a>
</p>
<?php
if (isset($_GET['header']) && !empty($_GET['header']))
{
include dirname(__FILE__) . '/header.php';
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'advanced') {
include dirname(__FILE__) . '/advanced.php';
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'manual') {
include dirname(__FILE__) . '/manual.php';
} elseif (isset($_GET['tab']) && $_GET['tab'] == 'inspect') {
include dirname(__FILE__) . '/inspect.php';
} elseif (isset($_GET['category'])) {
include dirname(__FILE__) . '/category.php';
} else {
include dirname(__FILE__) . '/dashboard.php';
}
?>
</div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/config.inc.php';
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<section class="hh-panel">
<h3><span class="hh-highlight"><?php _e('Inspect headers', 'http-headers'); ?></span></h3>
<p><?php _e("Use this tool to inspect the HTTP headers of your website or your competitor's website.", 'http-headers'); ?></p>
<div class="form-wrap">
<form action="<?php echo admin_url('admin-ajax.php'); ?>" method="get" id="frmIspect">
<?php wp_nonce_field('inspect'); ?>
<input type="hidden" name="action" value="inspect">
<div class="form-row">
<div class="form-field form-col-6">
<label class="form-label">URL:</label>
<input type="text" name="url" size="40" placeholder="<?php echo home_url('/'); ?>" value="<?php echo home_url('/'); ?>">
</div>
<div class="form-field form-col-6">
<label class="form-label">&nbsp;</label>
<label><input type="checkbox" name="authentication" id="authentication"><?php _e('Authentication', 'http-headers'); ?></label>
</div>
</div>
<div id="box-authentication" style="display: none">
<div class="form-row">
<div class="form-field form-col-6">
<label class="form-label" for="username"><?php _e('Username', 'http-headers'); ?>:</label>
<input type="text" name="username">
</div>
<div class="form-field form-col-6">
<label class="form-label" for="password"><?php _e('Password', 'http-headers'); ?>:</label>
<input type="text" name="password">
</div>
</div>
</div>
<?php submit_button(__('Inspect', 'http-headers')); ?>
</form>
</div>
</section>
<div id="hh-result"></div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
?>
<div class="hh-tabs">
<ul>
<li class="hh-active"><a href="#hh-tab-1">Apache</a></li>
<li><a href="#hh-tab-2">Nginx</a></li>
</ul>
<div id="hh-tab-1" class="hh-tab-active">
<h3><span class="hh-highlight"><?php echo get_htaccess_filename(); ?></span></h3>
<textarea class="hh-textarea-manual" rows="20" readonly><?php
$lines = apache_headers_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_auth_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_content_encoding_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_expires_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_cookie_security_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = apache_timing_directives();
echo join("\n", $lines);
?></textarea>
<?php
$credentials = apache_auth_credentials();
if ($credentials)
{
?>
<h3><span class="hh-highlight"><?php echo $credentials['ht_file']; ?></span></h3>
<textarea class="hh-textarea-manual" rows="5" readonly><?php
echo $credentials['auth'];
?></textarea><?php
}
?>
</div>
<div id="hh-tab-2" class="hh-hidden">
<textarea class="hh-textarea-manual" rows="20" readonly><?php
$lines = nginx_headers_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_auth_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_content_encoding_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_expires_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_cookie_security_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
$lines = nginx_timing_directives();
if ($lines)
{
echo join("\n", $lines);
echo "\n\n";
}
?></textarea>
<?php
$credentials = nginx_auth_credentials();
if ($credentials)
{
?>
<h3><span class="hh-highlight"><?php echo $credentials['ht_file']; ?></span></h3>
<textarea class="hh-textarea-manual" rows="5" readonly><?php
echo $credentials['auth'];
?></textarea><?php
}
?>
</div>
</div>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">NEL
<p class="description"><?php _e('Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">NEL</legend>
<?php
$nel = get_option('hh_nel', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_nel" value="<?php echo $k; ?>"<?php checked($nel, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-nel' ); ?>
<?php do_settings_sections( 'http-headers-nel' ); ?>
<?php
$nel_value = get_option('hh_nel_value', array());
$report_to = isset($nel_value['report_to']) ? $nel_value['report_to'] : NULL;
$max_age = isset($nel_value['max_age']) ? $nel_value['max_age'] : NULL;
$include_subdomains = isset($nel_value['include_subdomains']) ? $nel_value['include_subdomains'] : NULL;
$success_fraction = isset($nel_value['success_fraction']) ? $nel_value['success_fraction'] : NULL;
$failure_fraction = isset($nel_value['failure_fraction']) ? $nel_value['failure_fraction'] : NULL;
$request_headers = isset($nel_value['request_headers']) ? $nel_value['request_headers'] : NULL;
$response_headers = isset($nel_value['response_headers']) ? $nel_value['response_headers'] : NULL;
?>
<table>
<tr>
<td>report_to:</td>
<td><input type="text" class="http-header-value" name="hh_nel_value[report_to]" value="<?php echo esc_attr($report_to); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
<tr>
<td>max_age:</td>
<td><select name="hh_nel_value[max_age]" class="http-header-value"<?php echo $nel == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year');
foreach ($items as $key => $item) {
?><option value="<?php echo $key; ?>"<?php selected($max_age, $key); ?>><?php echo $item; ?></option><?php
}
?>
</select></td>
</tr>
<tr>
<td>include_subdomains:</td>
<td><input type="checkbox" class="http-header-value" name="hh_nel_value[include_subdomains]" value="1"<?php checked($include_subdomains, 1, true); ?><?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
<tr>
<td>success_fraction:</td>
<td><input type="number" class="http-header-value" name="hh_nel_value[success_fraction]" value="<?php echo esc_attr($success_fraction); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?> min="0.0" max="1.0" step="0.1"></td>
</tr>
<tr>
<td>failure_fraction:</td>
<td><input type="number" class="http-header-value" name="hh_nel_value[failure_fraction]" value="<?php echo esc_attr($failure_fraction); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?> min="0.0" max="1.0" step="0.1"></td>
</tr>
<tr>
<td>request_headers:</td>
<td><input type="text" class="http-header-value" name="hh_nel_value[request_headers]" value="<?php echo esc_attr($request_headers); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
<tr>
<td>response_headers:</td>
<td><input type="text" class="http-header-value" name="hh_nel_value[response_headers]" value="<?php echo esc_attr($response_headers); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">P3P
<p class="description"><?php _e('The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">P3P</legend>
<?php
$p3p = get_option('hh_p3p', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_p3p" value="<?php echo $k; ?>"<?php checked($p3p, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-p3p' ); ?>
<?php do_settings_sections( 'http-headers-p3p' ); ?>
<?php
$p3p_value = get_option('hh_p3p_value');
if (!$p3p_value)
{
$p3p_value = array();
}
$in_creq = array('ADM', 'DEV', 'TAI', 'PSA', 'PSD', 'IVA', 'IVD', 'CON', 'HIS', 'TEL', 'OTP', 'DEL', 'SAM', 'UNR', 'PUB', 'OTR',);
$creq = array('a', 'i', 'o');
?>
<table>
<tbody>
<tr>
<td>Compact ACCESS</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('NOI', 'ALL', 'CAO', 'IDC', 'OTI', 'NON');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact DISPUTES</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('DSP');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact REMEDIES</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('COR', 'MON', 'LAW');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact NON-IDENTIFIABLE</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('NID');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact PURPOSE</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('CUR', 'ADM', 'DEV', 'TAI', 'PSA', 'PSD', 'IVA', 'IVD', 'CON', 'HIS', 'TEL', 'OTP');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact RECIPIENT</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('OUR', 'DEL', 'SAM', 'UNR', 'PUB', 'OTR');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact RETENTION</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('NOR', 'STP', 'LEG', 'BUS', 'IND');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact CATEGORIES</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('PHY', 'ONL', 'UNI', 'PUR', 'FIN', 'COM', 'NAV', 'INT', 'DEM', 'CNT', 'STA', 'POL', 'HEA', 'PRE', 'LOC', 'GOV', 'OTC');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
<tr>
<td>Compact TEST</td>
<td class="hh-td-inner">
<table><tbody><tr><?php
$items = array('TST');
foreach ($items as $i => $item) {
if ($i > 0 && $i % 4 === 0) {
?></tr><tr><?php
}
?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
}
?></tr></tbody></table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Permissions-Policy
<p class="description"><?php _e('Permissions Policy is a web platform API which gives a website the ability to allow or block the use of browser features in its own frame or in iframes that it embeds.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://www.w3.org/TR/permissions-policy-1/"><?php _e('W3C Working Draft', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Permissions-Policy</legend>
<?php
$permissions_policy = get_option('hh_permissions_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_permissions_policy" value="<?php echo $k; ?>"<?php checked($permissions_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-pp' ); ?>
<?php do_settings_sections( 'http-headers-pp' ); ?>
<table>
<tbody>
<?php
# https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md
$features = array(
'accelerometer',
'ambient-light-sensor',
'autoplay',
'battery',
'camera',
'cross-origin-isolated',
'display-capture',
'document-domain',
'encrypted-media',
'execution-while-not-rendered',
'execution-while-out-of-viewport',
'fullscreen',
'geolocation',
'gyroscope',
'interest-cohort',
'layout-animations',
'legacy-image-formats',
'magnetometer',
'microphone',
'midi',
'navigation-override',
'oversized-images',
'payment',
'picture-in-picture',
'publickey-credentials-get',
'screen-wake-lock',
'sync-script',
'sync-xhr',
'usb',
'vertical-scroll',
'web-share',
'wake-lock',
'xr-spatial-tracking',
);
$origins = array('none', 'self', '*', 'origin(s)');
$permissions_policy_value = get_option('hh_permissions_policy_value');
$permissions_policy_feature = get_option('hh_permissions_policy_feature');
$permissions_policy_origin = get_option('hh_permissions_policy_origin');
if (!$permissions_policy_value)
{
$permissions_policy_value = array();
}
if (!$permissions_policy_feature)
{
$permissions_policy_feature = array();
}
if (!$permissions_policy_origin)
{
$permissions_policy_origin = array();
}
foreach ($features as $feature)
{
?>
<tr>
<td><input type="checkbox" name="hh_permissions_policy_feature[<?php echo $feature; ?>]" class="http-header-value"
value="1"<?php echo !is_array($permissions_policy_feature) || !array_key_exists($feature, $permissions_policy_feature) ? NULL : ' checked'; ?><?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>></td>
<td><?php echo $feature; ?></td>
<td>
<select name="hh_permissions_policy_value[<?php echo $feature; ?>]"
class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($origins as $origin)
{
?><option value="<?php echo $origin; ?>"<?php selected(@$permissions_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
}
?>
</select>
<input type="text" name="hh_permissions_policy_origin[<?php echo $feature; ?>]"
value="<?php echo htmlspecialchars( @$permissions_policy_origin[$feature] ); ?>" size="30"<?php echo isset($permissions_policy_value[$feature]) && in_array($permissions_policy_value[$feature], array('origin(s)', 'self')) ? NULL : ' style="display: none"'; ?>
class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
</td>
</tr>
<?php
}
?>
</tbody>
</table>
</td>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Pragma
<p class="description"><?php _e('The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Pragma</legend>
<?php
$pragma = get_option('hh_pragma', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_pragma" value="<?php echo $k; ?>"<?php checked($pragma, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-pra' ); ?>
<?php do_settings_sections( 'http-headers-pra' ); ?>
<select name="hh_pragma_value" class="http-header-value"<?php echo $pragma == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('no-cache');
$pragma_value = get_option('hh_pragma_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($pragma_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Referrer-Policy
<p class="description"><?php _e('The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Referrer-Policy</legend>
<?php
$referrer_policy = get_option('hh_referrer_policy', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_referrer_policy" value="<?php echo $k; ?>"<?php checked($referrer_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-rp' ); ?>
<?php do_settings_sections( 'http-headers-rp' ); ?>
<select name="hh_referrer_policy_value" class="http-header-value"<?php echo $referrer_policy == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array("", "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", "unsafe-url");
$referrer_policy_value = get_option('hh_referrer_policy_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($referrer_policy_value, $item); ?>><?php echo !empty($item) ? $item : '(empty string)'; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Report-To
<p class="description"><?php _e('The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Report-To</legend>
<?php
$report_to = get_option('hh_report_to', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_report_to" value="<?php echo $k; ?>"<?php checked($report_to, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
<?php settings_fields( 'http-headers-rt' ); ?>
<?php do_settings_sections( 'http-headers-rt' ); ?>
</td>
</tr>
<?php
$default_value = array(
array(
'endpoints' => array(),
'group' => '',
'max_age' => '',
)
);
$report_to_value = get_option('hh_report_to_value');
if (!is_array($report_to_value) || empty($report_to_value))
{
$report_to_value = $default_value;
}
?>
<tr>
<td colspan="2">
<div style="max-width: 1024px; overflow-x: auto">
<table class="hh-bordered hh-p-sm">
<tr>
<th rowspan="2" class="hh-center hh-middle">group</th>
<th rowspan="2" class="hh-center hh-middle">max_age</th>
<th rowspan="2" class="hh-center hh-middle">include_subdomains</th>
<th colspan="3" class="hh-center">endpoints</th>
<th>&nbsp;</th>
<th>&nbsp;</th>
</tr>
<tr>
<th class="hh-center">url</th>
<th class="hh-center">priority</th>
<th class="hh-center">weight</th>
<th>&nbsp;</th>
<th>&nbsp;</th>
</tr>
<?php
$items = array('0' => '0 (Delete entire reporting cache)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years');
$i = 0;
foreach ($report_to_value as $item)
{
if (isset($item['endpoints']) && !empty($item['endpoints']))
{
$cnt = count($item['endpoints']);
$c = 0;
foreach ($item['endpoints'] as $k => $v)
{
$classes = array();
if ($c == 0)
{
if ($i == 0)
{
$classes[] = 'hh-tr-first';
}
$classes[] = 'hh-tr-group-start';
}
if ($c == $cnt - 1)
{
$classes[] = 'hh-tr-group-end';
}
?>
<tr class="<?php echo join(' ', $classes); ?>">
<?php
if ($c == 0)
{
?>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle"><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][group]" value="<?php echo esc_attr($item['group']); ?>" placeholder="csp-endpoint"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>></td>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle"><select class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][max_age]"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($items as $key => $val) {
?><option value="<?php echo $key; ?>"<?php selected($item['max_age'], $key); ?>><?php echo $val; ?></option><?php
}
?>
</select></td>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
<?php
}
?>
<td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][url]" value="<?php echo esc_attr($v['url']); ?>" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][priority]" value="<?php echo esc_attr($v['priority']); ?>" min="0" step="1"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][weight]" value="<?php echo esc_attr($v['weight']); ?>" min="0" step="1"></td>
<td><?php
if ($c == 0)
{
?>
<button type="button" class="button hh-btn-add-endpoint"><?php _e('Add endpoint', 'http-headers'); ?></button>
<?php
} else {
?>
<button type="button" class="button hh-btn-delete-endpoint"><?php _e('Remove endpoint', 'http-headers'); ?></button>
<?php
}
?></td>
<?php
if ($c == 0)
{
?>
<td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><?php
if ($i > 0)
{
?>
<button type="button" class="button hh-btn-delete-endpoint-group" title="<?php esc_attr_e('Delete', 'http-headers'); ?>"><?php _e('Remove group', 'http-headers'); ?></button>
<?php
}
?></td>
<?php
}
?>
</tr>
<?php
$c += 1;
}
} else {
?>
<tr class="hh-tr-first hh-tr-group-start hh-tr-group-end">
<td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][group]" value="<?php echo esc_attr($item['group']); ?>" placeholder="csp-endpoint"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>></td>
<td><select class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][max_age]"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>>
<?php
foreach ($items as $key => $val) {
?><option value="<?php echo $key; ?>"<?php selected($item['max_age'], $key); ?>><?php echo $val; ?></option><?php
}
?>
</select></td>
<td class="hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
<td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][url]" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][priority]" min="0" step="1"></td>
<td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][weight]" min="0" step="1"></td>
<td>
<button type="button" class="button hh-btn-add-endpoint"><?php _e('Add endpoint', 'http-headers'); ?></button>
</td>
<td rowspan="1"><?php
if ($i > 0)
{
?><button type="button" class="button hh-btn-delete-endpoint-group" title="<?php esc_attr_e('Delete', 'http-headers'); ?>"><?php _e('Remove group', 'http-headers'); ?></button><?php
}
?></td>
</tr>
<?php
}
$i += 1;
}
?>
<tr>
<td colspan="8">
<button type="button" class="button" id="hh-btn-add-endpoint-group">+ <?php _e('Add endpoint group', 'http-headers'); ?></button>
</td>
</tr>
</table>
</div>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">Strict-Transport-Security
<p class="description"><?php _e("HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings.", 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Strict-Transport-Security</legend>
<?php
$strict_transport_security = get_option('hh_strict_transport_security', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_strict_transport_security" value="<?php echo $k; ?>"<?php checked($strict_transport_security, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-sts' ); ?>
<?php do_settings_sections( 'http-headers-sts' ); ?>
<table>
<tr>
<td>max-age:</td>
<td><select name="hh_strict_transport_security_max_age" class="http-header-value"<?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('0' => '0 (Delete entire HSTS Policy)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years');
$strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
foreach ($items as $key => $item) {
?><option value="<?php echo $key; ?>"<?php selected($strict_transport_security_max_age, $key); ?>><?php echo $item; ?></option><?php
}
?>
</select></td>
</tr>
<tr>
<td>includeSubDomains:</td>
<td><input type="checkbox" class="http-header-value" name="hh_strict_transport_security_sub_domains" value="1"<?php checked(get_option('hh_strict_transport_security_sub_domains'), 1, true); ?><?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
<tr>
<td>preload:</td>
<td><input type="checkbox" class="http-header-value" name="hh_strict_transport_security_preload" value="1"<?php checked(get_option('hh_strict_transport_security_preload'), 1, true); ?><?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?> /></td>
</tr>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Timing-Allow-Origin
<p class="description"><?php _e('The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Timing-Allow-Origin</legend>
<?php
$timing_allow_origin = get_option('hh_timing_allow_origin', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_timing_allow_origin" value="<?php echo $k; ?>"<?php checked($timing_allow_origin, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-tao' ); ?>
<?php do_settings_sections( 'http-headers-tao' ); ?>
<select name="hh_timing_allow_origin_value" class="http-header-value"<?php echo $timing_allow_origin == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('*', 'origin');
$timing_allow_origin_value = get_option('hh_timing_allow_origin_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($timing_allow_origin_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
<input type="text" name="hh_timing_allow_origin_url" class="http-header-value" placeholder="http://domain.com" value="<?php echo esc_attr(get_option('hh_timing_allow_origin_url')); ?>" size="35"<?php echo $timing_allow_origin == 1 && $timing_allow_origin_value == 'origin' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr>
<th scope="row">Vary
<p class="description"><?php _e('The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">Vary</legend>
<?php
$vary = get_option('hh_vary', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_vary" value="<?php echo $k; ?>"<?php checked($vary, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-vary' ); ?>
<?php do_settings_sections( 'http-headers-vary' ); ?>
<table>
<tbody>
<tr>
<td>
<?php
$items = array(
'*', 'Accept-Encoding', 'User-Agent', 'Referer', 'Cookie',
);
$vary_value = get_option('hh_vary_value');
if (!$vary_value) {
$vary_value = array();
}
foreach ($items as $item)
{
?><p><label><input type="checkbox" class="http-header-value" name="hh_vary_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $vary_value) ? NULL : ' checked'; ?><?php echo $vary == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></p><?php
}
?>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">WWW-Authenticate
<p class="description"><?php _e('HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">WWW-Authenticate</legend>
<?php
$www_authenticate = get_option ( 'hh_www_authenticate', 0 );
foreach ( $bools as $k => $v ) {
?><p>
<label><input type="radio" class="http-header" name="hh_www_authenticate" value="<?php echo $k; ?>" <?php checked($www_authenticate, $k, true); ?> /> <?php echo $v; ?></label>
</p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-wwa' ); ?>
<?php do_settings_sections( 'http-headers-wwa' ); ?>
<table>
<tbody>
<tr>
<td>Type</td>
<td colspan="3">
<select name="hh_www_authenticate_type" class="http-header-value"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array ('Basic', 'Digest');
$www_authenticate_type = get_option ( 'hh_www_authenticate_type' );
foreach ( $items as $item ) {
?><option value="<?php echo $item; ?>" <?php selected($www_authenticate_type, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
<tr>
<td>Realm</td>
<td colspan="3"><input type="text" name="hh_www_authenticate_realm" class="http-header-value" size="30" value="<?php echo esc_attr(get_option('hh_www_authenticate_realm')); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?> placeholder="Restricted area"></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><strong><?php _e('Username', 'http-headers'); ?></strong></td>
<td><strong><?php _e('Password', 'http-headers'); ?></strong></td>
<td>&nbsp;</td>
</tr>
<?php
$usernames = get_option('hh_www_authenticate_user', array());
$passwords = get_option('hh_www_authenticate_pswd', array());
if (!is_array($usernames)) {
$usernames = array($usernames);
}
if (!is_array($passwords)) {
$passwords = array($passwords);
}
$i = 0;
foreach ($usernames as $k => $user) {
?>
<tr>
<td>&nbsp;</td>
<td><input type="text" name="hh_www_authenticate_user[]" class="http-header-value" value="<?php echo esc_attr($user); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>></td>
<td><input type="text" name="hh_www_authenticate_pswd[]" class="http-header-value" value="<?php echo esc_attr($passwords[$k]); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>></td>
<td><?php
if ($i > 0)
{
?><button type="button" class="button button-small hh-btn-delete-user" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button><?php
} else {
echo "&nbsp;";
}
?></td>
</tr>
<?php
$i += 1;
}
?>
<tr>
<td>&nbsp;</td>
<td colspan="3">
<button type="button" class="button hh-btn-add-user">+ <?php _e('Add user', 'http-headers'); ?></button>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Content-Type-Options
<p class="description"><?php _e('Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Content-Type-Options</legend>
<?php
$x_content_type_options = get_option('hh_x_content_type_options', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_content_type_options" value="<?php echo $k; ?>"<?php checked($x_content_type_options, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-cto' ); ?>
<?php do_settings_sections( 'http-headers-cto' ); ?>
<select name="hh_x_content_type_options_value" class="http-header-value"<?php echo $x_content_type_options == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('nosniff');
$x_content_type_options_value = get_option('hh_x_content_type_options_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_content_type_options_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-DNS-Prefetch-Control
<p class="description"><?php _e('The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.', 'http-headers'); ?></p>
<p class="description"><?php _e('This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-DNS-Prefetch-Control</legend>
<?php
$x_dns_prefetch_control = get_option('hh_x_dns_prefetch_control', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_dns_prefetch_control" value="<?php echo $k; ?>"<?php checked($x_dns_prefetch_control, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xdpc' ); ?>
<?php do_settings_sections( 'http-headers-xdpc' ); ?>
<select name="hh_x_dns_prefetch_control_value" class="http-header-value"<?php echo $x_dns_prefetch_control == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('on', 'off');
$x_dns_prefetch_control_value = get_option('hh_x_dns_prefetch_control_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_dns_prefetch_control_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Download-Options
<p class="description"><?php _e("For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site's security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection.", 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Download-Options</legend>
<?php
$x_download_options = get_option('hh_x_download_options', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_download_options" value="<?php echo $k; ?>"<?php checked($x_download_options, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xdo' ); ?>
<?php do_settings_sections( 'http-headers-xdo' ); ?>
<select name="hh_x_download_options_value" class="http-header-value"<?php echo $x_download_options == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('noopen');
$x_download_options_value = get_option('hh_x_download_options_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_download_options_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Frame-Options
<p class="description"><?php _e('This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Frame-Options</legend>
<?php
$x_frame_options = get_option('hh_x_frame_options', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_frame_options" value="<?php echo $k; ?>"<?php checked($x_frame_options, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xfo' ); ?>
<?php do_settings_sections( 'http-headers-xfo' ); ?>
<select name="hh_x_frame_options_value" class="http-header-value"<?php echo $x_frame_options == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('deny', 'sameorigin', 'allow-from');
$x_frame_options_value = get_option('hh_x_frame_options_value');
foreach ($items as $item)
{
?><option value="<?php echo $item; ?>"<?php selected($x_frame_options_value, $item); ?>><?php echo strtoupper($item); ?></option><?php
}
?>
</select>
<input type="text" name="hh_x_frame_options_domain" class="http-header-value" placeholder="Domain" value="<?php echo esc_attr(get_option('hh_x_frame_options_domain')); ?>"<?php echo $x_frame_options == 1 && $x_frame_options_value == 'allow-from' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Permitted-Cross-Domain-Policies
<p class="description"><?php _e('A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Permitted-Cross-Domain-Policies</legend>
<?php
$x_permitted_cross_domain_policies = get_option('hh_x_permitted_cross_domain_policies', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_permitted_cross_domain_policies" value="<?php echo $k; ?>"<?php checked($x_permitted_cross_domain_policies, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xpcd' ); ?>
<?php do_settings_sections( 'http-headers-xpcd' ); ?>
<select name="hh_x_permitted_cross_domain_policies_value" class="http-header-value"<?php echo $x_permitted_cross_domain_policies == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('none', 'master-only', 'by-content-type', 'by-ftp-filename', 'all');
$x_permitted_cross_domain_policies_value = get_option('hh_x_permitted_cross_domain_policies_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_permitted_cross_domain_policies_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Powered-By
<p class="description"><?php _e('Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Powered-By</legend>
<?php
$x_powered_by = get_option ( 'hh_x_powered_by', 0 );
foreach ( $bools as $k => $v ) {
?><p>
<label><input type="radio" class="http-header" name="hh_x_powered_by" value="<?php echo $k; ?>" <?php checked($x_powered_by, $k, true); ?> /> <?php echo $v; ?></label>
</p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xpb' ); ?>
<?php do_settings_sections( 'http-headers-xpb' ); ?>
<select name="hh_x_powered_by_option" class="http-header-value"<?php echo $x_powered_by == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array (
'unset' => 'Unset',
'set' => 'Set',
);
$x_powered_by_option = get_option ( 'hh_x_powered_by_option' );
foreach ( $items as $k => $v ) {
?><option value="<?php echo $k; ?>" <?php selected($x_powered_by_option, $k); ?>><?php echo $v; ?></option><?php
}
?>
</select>
<input type="text" name="hh_x_powered_by_value" class="http-header-value" placeholder="PHP/<?php echo PHP_VERSION; ?>" value="<?php echo esc_attr(get_option('hh_x_powered_by_value')); ?>"
<?php echo $x_powered_by == 1 && $x_powered_by_option == 'set' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-Robots-Tag
<p class="description"><?php _e('The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.', 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developers.google.com/search/docs/advanced/robots/robots_meta_tag"><?php _e('Google Search Central', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-Robots-Tag</legend>
<?php
$x_robots_tag = get_option('hh_x_robots_tag', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_robots_tag" value="<?php echo $k; ?>"<?php checked($x_robots_tag, $k); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-rob' ); ?>
<?php do_settings_sections( 'http-headers-rob' ); ?>
<?php
$items = array(
'all' => 'bool',
'noindex' => 'bool',
'nofollow' => 'bool',
'none' => 'bool',
'noarchive' => 'bool',
'nosnippet' => 'bool',
'max-snippet' => 'number',
'max-image-preview' => 'setting',
'max-video-preview' => 'number',
'notranslate' => 'bool',
'noimageindex' => 'bool',
'unavailable_after' => 'datetime',
);
?>
<table>
<?php
$x_robots_tag_value = get_option('hh_x_robots_tag_value');
if (!$x_robots_tag_value)
{
$x_robots_tag_value = array();
}
foreach ($items as $item => $type)
{
?>
<tr>
<td><label for="hh_x_robots_tag_value_<?php echo $item; ?>"><?php echo $item; ?></label></td>
<td><?php
switch ($type) {
case 'bool':
?><input type="checkbox" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
value="1"<?php checked(array_key_exists($item, $x_robots_tag_value), 1, true); ?>><?php
break;
case 'number':
?><input type="number" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"
size="6" min="-1" step="1"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
value="<?php echo array_key_exists($item, $x_robots_tag_value) && strlen($x_robots_tag_value[$item]) > 0 ? (int) $x_robots_tag_value[$item] : NULL; ?>"><?php
break;
case 'setting':
?><select class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>>
<option value="">---</option>
<?php
foreach (array('none', 'standard', 'large') as $k)
{
?><option value="<?php echo $k; ?>"<?php echo array_key_exists($item, $x_robots_tag_value) && $k == $x_robots_tag_value[$item] ? ' selected="selected"' : NULL; ?>><?php echo $k; ?></option><?php
}
?>
</select><?php
break;
case 'datetime':
?><input type="date" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
value="<?php echo array_key_exists($item, $x_robots_tag_value) && strlen($x_robots_tag_value[$item]) > 0 ? $x_robots_tag_value[$item] : NULL; ?>"><?php
break;
}
?>
</td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-UA-Compatible
<p class="description"><?php _e('In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser.', 'http-headers'); ?></p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-UA-Compatible</legend>
<?php
$x_ua_compatible = get_option('hh_x_ua_compatible', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_ua_compatible" value="<?php echo $k; ?>"<?php checked($x_ua_compatible, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-uac' ); ?>
<?php do_settings_sections( 'http-headers-uac' ); ?>
<select name="hh_x_ua_compatible_value" class="http-header-value"<?php echo $x_ua_compatible == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('IE=7', 'IE=8', 'IE=9', 'IE=10', 'IE=edge', 'IE=edge,chrome=1');
$x_ua_compatible_value = get_option('hh_x_ua_compatible_value');
foreach ($items as $item) {
?><option value="<?php echo $item; ?>"<?php selected($x_ua_compatible_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
</td>
</tr>
\ No newline at end of file
<?php
if (!defined('ABSPATH')) {
exit;
}
?>
<tr valign="top">
<th scope="row">X-XSS-Protection
<p class="description"><?php _e("This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.", 'http-headers'); ?></p>
<hr>
<p class="description"><?php _e('Read more at', 'http-headers'); ?>
<a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
</p>
</th>
<td>
<fieldset>
<legend class="screen-reader-text">X-XSS-Protection</legend>
<?php
$x_xxs_protection = get_option('hh_x_xxs_protection', 0);
foreach ($bools as $k => $v)
{
?><p><label><input type="radio" class="http-header" name="hh_x_xxs_protection" value="<?php echo $k; ?>"<?php checked($x_xxs_protection, $k, true); ?> /> <?php echo $v; ?></label></p><?php
}
?>
</fieldset>
</td>
<td>
<?php settings_fields( 'http-headers-xss' ); ?>
<?php do_settings_sections( 'http-headers-xss' ); ?>
<select name="hh_x_xxs_protection_value" class="http-header-value"<?php echo $x_xxs_protection == 1 ? NULL : ' readonly'; ?>>
<?php
$items = array('0', '1', '1; mode=block', '1; report=');
$x_xxs_protection_value = get_option('hh_x_xxs_protection_value');
foreach ($items as $item)
{
?><option value="<?php echo $item; ?>"<?php selected($x_xxs_protection_value, $item); ?>><?php echo $item; ?></option><?php
}
?>
</select>
<input type="text" name="hh_x_xxs_protection_uri" class="http-header-value" placeholder="Reporting URI" value="<?php echo esc_attr(get_option('hh_x_xxs_protection_uri')); ?>"<?php echo $x_xxs_protection == 1 && $x_xxs_protection_value == '1; report=' ? NULL : ' style="display: none" readonly'; ?> />
</td>
</tr>
\ No newline at end of file