Skip to content

Jeff Balicki / FP_Canada

Go to a project
Toggle navigation
Toggle navigation pinning
7a91fd51 by Jeff Balicki
Options

headers 

Signed-off-by: Jeff <jeff@gotenzing.com>
1 parent a0f557c1
Inline Side-by-side
Showing 73 changed files with 7584 additions and 507 deletions
1 <?php
2 /*
3 Plugin Name: Headers Security Advanced & HSTS WP
4 Plugin URI: https://www.tentacleplugins.com/
5 Description: Headers Security Advanced & HSTS WP - Simple, Light and Fast. The plugin uses advanced security rules that provide huge levels of protection and it is important that your site uses it. This step is important to submit your website and/or domain to an approved HSTS list. Google officially compiles this list and it is used by Chrome, Firefox, Opera, Safari, IE11 and Edge. You can forward your site to the official HSTS preload directory. Cross Site Request Forgery (CSRF) is a common attack with the installation of Headers Security Advanced & HSTS WP will help you mitigate CSRF on your Wordpress site.
6 Version: 4.8.96
7 Text Domain: headers-security-advanced-hsts-wp
8 Author: 🐙 Andrea Ferro, Augusto Bombana
9 Author URI: https://www.linkedin.com/in/andrea-ferro-55046186/
10 __
11 ___( o)>
12 \ <_. )
13 `---' iron3
14 */
15
16 function add_Headers_Security_Advanced_HSTS_WP_htaccess( $rules ) {
17 $HEadersSecurityAdvancedServerCheckA = $_SERVER['SERVER_NAME'];
18 $HEadersSecurityAdvancedCheckB = str_replace('www.','',$HEadersSecurityAdvancedServerCheckA);
19 $HEadersSecurityAdvancedServerCheck3B = $_SERVER['SERVER_NAME'];
20 $HEadersSecurityAdvancedCheckC03 = str_replace('.','',$HEadersSecurityAdvancedCheckB);
21
22 $content = <<<EOD
23 # Headers Security Advanced & HSTS WP - 4.8.96
24 <IfModule mod_headers.c>
25 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
26 Header always set X-XSS-Protection "1; mode=block"
27 Header always set X-Content-Type-Options "nosniff"
28 Header always set Referrer-Policy "no-referrer-when-downgrade"
29 Header always set Expect-CT "max-age=7776000, enforce"
30 Header set Access-Control-Allow-Origin "null"
31 Header set Access-Control-Allow-Methods "GET,PUT,POST,DELETE"
32 Header set Access-Control-Allow-Headers "Content-Type, Authorization"
33 Header set X-Content-Security-Policy "img-src *; media-src * data:;"
34 Header always set Content-Security-Policy "report-uri https://$HEadersSecurityAdvancedServerCheck3B"
35 Header set Cross-Origin-Embedder-Policy-Report-Only 'unsafe-none; report-to="default"'
36 Header set Cross-Origin-Embedder-Policy 'unsafe-none; report-to="default"'
37 Header set Cross-Origin-Opener-Policy-Report-Only 'same-origin; report-to="default"'
38 Header set Cross-Origin-Opener-Policy 'same-origin; report-to="default"'
39 Header set Cross-Origin-Resource-Policy 'cross-origin'
40 Header set strict-dynamic "https: 'self'; default-src 'self'"
41 Header always set X-Frame-Options "ALLOWALL"
42 Header always set Permissions-Policy "geolocation=(self), microphone=(), accelerometer=(), gyroscope=(), magnetometer=()"
43 Header set X-Permitted-Cross-Domain-Policies "none"
44 </IfModule>
45 # END Headers Security Advanced & HSTS WP\n\n
46 EOD;
47 return $content . $rules;
48 }
49 add_filter('mod_rewrite_rules', 'add_Headers_Security_Advanced_HSTS_WP_htaccess');
50
51 function Headers_Security_Advanced_HSTS_WP_enable_flush_rules() {
52 global $wp_rewrite;
53 $wp_rewrite->flush_rules();
54 }
55 register_activation_hook( __FILE__, 'Headers_Security_Advanced_HSTS_WP_enable_flush_rules' );
56
57 function Headers_Security_Advanced_HSTS_WP_deactivate() {
58 remove_filter('mod_rewrite_rules', 'add_Headers_Security_Advanced_HSTS_WP_htaccess');
59 global $wp_rewrite;
60 $wp_rewrite->flush_rules();
61 }
62 register_deactivation_hook( __FILE__, 'Headers_Security_Advanced_HSTS_WP_deactivate' );
63
64 function Headers_Security_Advanced_HSTS_WP_widgets() {
65 wp_add_dashboard_widget(
66 'wpexplorer_dashboard_widget',
67 '<img style="max-width:30px;" src=" data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADIAAAAyCAYAAAAeP4ixAAAACXBIWXMAAAsTAAALEwEAmpwYAAAF0WlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNy4xLWMwMDAgNzkuOWNjYzRkZTkzLCAyMDIyLzAzLzE0LTE0OjA3OjIyICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgMjMuMyAoTWFjaW50b3NoKSIgeG1wOkNyZWF0ZURhdGU9IjIwMjItMDMtMjlUMTY6Mjk6NDgrMDI6MDAiIHhtcDpNb2RpZnlEYXRlPSIyMDIyLTA0LTI4VDE3OjA2OjUyKzAyOjAwIiB4bXA6TWV0YWRhdGFEYXRlPSIyMDIyLTA0LTI4VDE3OjA2OjUyKzAyOjAwIiBkYzpmb3JtYXQ9ImltYWdlL3BuZyIgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo0YjcxODEyNy05ZjQ0LTRmNjItOWVmYS0xODVhYjFiMDBhNTEiIHhtcE1NOkRvY3VtZW50SUQ9ImFkb2JlOmRvY2lkOnBob3Rvc2hvcDozZWZmN2E3Ni1mMzVkLTgzNDItYTczYy0zMGMyM2NlMWU5M2YiIHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD0ieG1wLmRpZDo0ODhiNGRmZi1lY2ViLTRhY2QtODQ0OS02YjA5Mzc1MWE1MDgiPiA8eG1wTU06SGlzdG9yeT4gPHJkZjpTZXE+IDxyZGY6bGkgc3RFdnQ6YWN0aW9uPSJjcmVhdGVkIiBzdEV2dDppbnN0YW5jZUlEPSJ4bXAuaWlkOjQ4OGI0ZGZmLWVjZWItNGFjZC04NDQ5LTZiMDkzNzUxYTUwOCIgc3RFdnQ6d2hlbj0iMjAyMi0wMy0yOVQxNjoyOTo0OCswMjowMCIgc3RFdnQ6c29mdHdhcmVBZ2VudD0iQWRvYmUgUGhvdG9zaG9wIDIzLjMgKE1hY2ludG9zaCkiLz4gPHJkZjpsaSBzdEV2dDphY3Rpb249InNhdmVkIiBzdEV2dDppbnN0YW5jZUlEPSJ4bXAuaWlkOjRiNzE4MTI3LTlmNDQtNGY2Mi05ZWZhLTE4NWFiMWIwMGE1MSIgc3RFdnQ6d2hlbj0iMjAyMi0wNC0yOFQxNzowNjo1MiswMjowMCIgc3RFdnQ6c29mdHdhcmVBZ2VudD0iQWRvYmUgUGhvdG9zaG9wIDIzLjMgKE1hY2ludG9zaCkiIHN0RXZ0OmNoYW5nZWQ9Ii8iLz4gPC9yZGY6U2VxPiA8L3htcE1NOkhpc3Rvcnk+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+y7nmEAAADnhJREFUaIHd2nm8jtXaB/Dv8zx7INveZsqhDKUZlew6iSQhkqGckHqLU71p5khFp3KS6aCj4TRQUSqJROYMkZQ5SiIkGYqdmT08z/vH2uK8b9k79Q6fd30+92c9z33fa63rt65xXdcdSSQS/j+0JLBsKUuWsHVrTPahut6f+Gcbvq5n354SIkiKEEUkv4/l91FEI8SOvpf//+j+6DGxo96P5c8Z+5n7P42LHrlftOgu5SvPc0b9F2RUWCC9TK6qF1KuWj6QSIQiRTIs/LiH9yb2lEBq/uBI9H9qU4/dIgkO7Stlw/Iqvllxg7ptB6nd7G9EsgiYicWK+fTTh0yY2FMEqVGiUUT+Fyn/mRaNklqEpCTmv3q/dZ/0FksqzmEg8+fXN2RodwQu+D+sNwnEkiiaztSn7vHVRw04DGTcuGsRdOG4F4iTl0duHrm55GQfuXKP6nNzwvO8vDDmuMGkcCibJRPacVjZFy9pc1yz5SWIJ8iLhy1JTiUplSLJFE2maAqpKYHLeTnED4PJJpFDTi7RXBJRxIjFBHEuhEQkEhTPYMOiFkeA7NhR/KfxBTElHic3Ht5LTg6TnVSKqtU5qyZVTqVCRcpUoEw5Uk8I7+YcZNdOsr5n60a+W8f6VXy7mp1bydlHdg7JMSJJRGMFb2QsiQO7048ASSQOC9nPt4hAfG4ijMgoy6mV+GM9Gjah9oWUKBXe3bGdjJIkJbPpa7Z+S0oqRYpSsiypRTn5NNKuDff37OTzT1gxl1Vz2fIVB/eQd4iUlMDhX+RQ5KdHkUQiQSSS+Bc/cdgfRPJBZMdJilLxZBpk0uY6GlwZiNv2XeBSyVI81Y+lH/Jgf7Zv5eGbieRxaH94t8a57NpGzUzqNCKzESXL/ytti6cz701WzuHHLWF8kSIkJ+X7l6Nog0iMYVsiSQWyLzfBiZVo1YybOlPrAvbsDoRNn8Qj9/JAH/bu5G+P8Wgf9u/l9rbUrsM119P3Lg4e5IcsmrSh2tmkprJiQZgnKRYIK1KMqudy/hVsXMmMEXz6Lnu/D1JzDLk/Nkdy4lQ7hUFDuerqMGLcGBbM455utGpO3kHemkC7qzi9On8fQYvzKV2eERMZ9RxvDuPGu2l6HRu/YvoYvlnF/l3IDfRF4wHU2RfRqCPnNQ7rffkxrz3AuoUUSztOjuTi8ito2oLdu1izmvvuoF0nJk9g9ZfMmMfbI/l6I2/PYMBD7NjByGmMfZnBfRj4LJmXM/AvLJpCrXpc0pxyFUhOCXIejZDI48AeNq8jYxGVzqJGJmc35PM5AcgvtAJEC8WLh0X27uXdcRzYTcuWDBvEmZUoX5oRw7nxhrDDr4+g+yPs2UXfh+nei7oN6NSAlDSeeI1KVVmzgq+/IPfQkXgrIpjq3GwWzyGzMU1uDuFJAa1gIPG80J9UMViYkmUCqK3f0OI6pr7L/t10uZ9/PErxUtz2AG0bUuNUbrqXG+pTtDjPjePL5XS9mr3bqHQOaUUEU+qIMsci7E0EKSBfP34rkJzcI5OtWs0FF5O1g00baNiUkc9SrhTF05g1g+tvZMUnLFzA25OZ8CqrPmPcApYvoNstNLiCDkODyY4IVi+ROGIlI4gfosKpYe3c3N8ByMEDoZ81k9nzeOElDu7jxyxWLmXt55xRk+WLwo42bsXwIZx2IpmX0a0zra+nfGXaN6B+A54YzpwJvPE0WVtITQSfEU3kR9zxIHLX3M2J1YOoFeCoCwayf3+Ii1Z9Rsf2/DGT3g+RhcFPsGEr/+jCmpUhDKlclc8WcU5msFDfbab9nYzoF3a2+yCmjKJvzwD8ihaccVa+J4/nA0FeNhVrhDlzDgQ9+k1A9uwJVqhVa5o2ZuAgZs/lzGpsWscB1LucIb1CuLJvT9jBs89j3nQqluKU05g0ito1Oa027S6idCo9hnH6eaxeHJxmeimy9wXLdUIaFaqRl8uBvQWeiwoGkrUzOMASJbn1VuZ8wKjRrF1G9z7c34XsvUycRrcegRs/bKd+MwY/RJXTAhFbd9KiE2tXsSObG+/iwib0voFtX1CiDNvXU7YCaenhf5WaAdC+HwuMvY4NJJIPZPcuihWj7sV07UqZDB5/l3p1eeAxut0ViO14G3e0pVxFypZn/RekZ/DSk2SkUetipo2mYhrXduW5nny1jAFvs3YJz/6F2o1p0DbMV+Vctm9g744CgRybXzFBqbduocKJNGvEzOlc0YSMdEaO4q2RjB7DsyOY+z4TP6DXYGZPYPPGoDuvP0VGBjUv5r1XqFWbjPJMGh30p+JpjB/LQSyazIg+fPo+RdLYm8WerPwT6/FyJIYdO/lhW/j/5mtMeo9ej9G2JW+8zoOP0O8RzjyD5vVpegV/bEijOsGbn12LFwZxaSY7t5O1nVa3sPxDoslc1JSXH2XzSh4YFpR8949Uqh7W3LU9xHG/jSMR9uWyeUv43+FmXhrJGZWDiD3+CIP60f4mbr85EDH0Jfo9wLZvePx5sg+GUOf2v/L20yGMb9iG0YOodSGlT2T6aNr/Ow3/xO6dpJ3ASdXCmjs3s+t7osfe82M/jUaCo/pqHRKkJNNrAHOncMH5TJlFmeLBLK9dzqQ5LJjN8y8wYCjbNjFyBB1voXg6Y0dzWaMQ+a5cyA3dQ5+czAWNGd2P1wZw7vmUrxpo2LqeAzlkxBzr5HhsIIfHfTKPzz8L1uSSi+jcOUS6Uycy8ClOymD6JyH8uLUznW6kWVu6NA9Kfm8/urUlkc3dA3i1bzjdNelIn46cWZfSFRj/NFd1on1P0suydR3rFpESLTBMObZoJXBChC+/ZulyKp1MZiZz3ufadjz+MDdczztT+WgGXW6kdRseGshjXVm+lAEjmDmWebO57eFwLnnjdTrcx46tfL6ES69h2ezgR85rFCxVemnWLuaLRRQrfkxuFAyEcDLMibN4cfCumzcFoi6/lFmL+VM7etzJnfdwx308MYS+9/HOOG7vzh+qMLAn513A9V3p1TEYhmvvZMCtVDuHS1oydgjVz6PS6cFHwYYV7DsYMiYFkVngG3EkY+7UEKY0a0mt88N5/On+jJ/GiUUZO4Hq1bmvC+9NoHQSyz7iw/dDmDFoDK/056uVPDeF90eydi2DxzL7XbZk0aUD2zZw6XVsWcuK2RRPzSfi2K1w+dDUCF+uYcmi4OFnzeLmjiyYG+KuifPZv4PrrmbOVDrfQpEUln7MxnUMn8Gnsxk2mC49KfcH/tmbFh2pXINhf+Gq9sEBrvqIClWDg/xmVcgsFiI7VDggsSh743w4O4Qrl13GyDGM/yAchW/vSMc/UzadaYtp3prd8XDiGz4l6EKvrlzdio7d6NGO9BLc+ihD7w3OtmknJg/n9LpI8Pl89vwYjEIhWuEz1Gl47S0WLeTMc/huE22volV71q/hmaGMnMTMd+nciZMrMG4J+3ZxTyfqXsQj/6R3J75bz9/e5MOJfDiN6+9ny3o+X8QlrVk1n1kjKXpCockrPJDUGPsP8uqIEHtlXspZZ4Uj79TF/KEiHa/kwYdpWJ9xn7L8I27rSJ2Lg44M7sbiufR4KqRO+9zDNTdR61LGDOauIcGgzHmLbVnBeRYyDV04vhH0rUSUt8fQvAWt/8TgF3l/DB2asGgNtSrzxjvBoT12J+PGctO/cX9fHr2N98ZQqSRzJ7DyUy6+lJt7M/QuzsgMqaCFE5k+nNLp4eQYK9xe/7riRzRKPJeXnmHTRkqVZvxb4d7zzzBmdkiLXn1RyHn1f5o7enPvdcycxDWt2bePme+FbOSDzzN6IN9u4Pb+7PiOyS+GsCZWUMr0twCBtGSmzmfkcHIOMWIcoyYHf3P9Zdz575xXh8lLObkabTL5YgUvTKBdV7IPcca5DHiH6W+EHNeTbwel/mA0MydwQvqvJuvXA4knKBWhz+OMfTN43Z076Neb8hV5dzK9hvBMHzo0p+qpjFnI1k3c2oxzMxk0PojXK/14/DXKV2HeOJ7vTqnCK/jRrfA6cnSLxUiL8+DdlClDo2bMWBESFaOG8fLToar0cB+u7sCzj/Ha81zVip7/YPQQxr9I/7HUasDSWQy7JySsYykKVxb4PYAQ6h4//MgdnXhlLBfWY9u3zJpE82u5rQdbNtGxPt9t46H+XNWBJ+9g9SKenkaN2uH3k7eESLlEScdbLTt+IPEEJVP4fgc3teLvL9C4JROXhef3d2D8GC6sQ9+XQvR6W2NOqcGbK0kpysdTGPBntm+iVMn8CtbxVc0KLiv8VGY+6vnR5emkCAfz806PDqRNJ0qX5b3XObSP+i0Y+yILp9PhThq1ZXcWM95k6D3Ec8K5PhI/dnk66eh1/2sS+7cDiUZIjpCTw/44za7k3r9y7gXBEq1eFjx2684h/bpmGcP7htA+LSV470i84Dp7oYBEI4mQqjxOILF8zkSw8xDlT6DDrbTsQJUaIeO+fjVT3+Cd5/g+i3LFjxRfC/PBwC8CiTJsaz6QjBLZdu9K/omY4wFy+F5SLGQG9ySoWJwr24Rq08yxIewoESOtWMiw/5ovH34OSDyPImk5Bm9MCcpeu/Zcc2ZfXhilKrDF46E2WC4aso4jXw6Ll4hQNi0QEc8Xpd/SIlH2/0jVOh9y2CHWrzdCUlL8OMz3L7dEIsh/uWLhKlos/9z9O3yMEImEsCg3wen1XuUwkJo1Z2vSdIq8/Nr579USiX+9fpcWCWmn/buo2/IDFc/+gMN+pF69zUqX6uGbDcWs+Ky+vAQp+Sn+w5t4mI7E73xRAJMSR7q8vHBF4pxy/nxX3nWfk07fxGE/8tWaILeffFLBqJE9fLnmIlnfV5aXXTRfmROFVvb/js+ckkREkZp6QLH0TSqettAFrQeoUmeTpGTKVz/qM6f9+ylWbJvmLR6XMbuxhR83tDurVP73Wj8PJFIIIP95zPEAiYqIJkgvu1PlM2erXnea1GI7ZO8nuQT4D6tRb7pVw9zlAAAAAElFTkSuQmCC" />Headers Security Advanced & HSTS WP',
68 'Headers_Security_Advanced_HSTS_WP_widget_function'
69 );
70 }
71 add_action( 'wp_dashboard_setup', 'Headers_Security_Advanced_HSTS_WP_widgets' );
72
73 function Headers_Security_Advanced_HSTS_WP_widget_function() {
74 echo '<h2><span style="color:#0ca533;">👋 <b>Congratulations</b> you are safe,</span></h2><br><b>The Headers Security Advanced & HSTS WP</b> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything).<br /><br /><span style="color:#0ca533;"></span> <br />';
75 echo '<script type="text/javascript" src="https://cdnjs.buymeacoffee.com/1.0.0/button.prod.min.js" data-name="bmc-button" data-slug="tentacleplugins" data-color="#FFDD00" data-emoji="" data-font="Inter" data-text="Buy me a coffee" data-outline-color="#000000" data-font-color="#000000" data-coffee-color="#ffffff" ></script>';
76 }
77
78 function Headers_Security_Advanced_HSTS_WP_send_header() {
79 header( 'Strict-Transport-Security: max-age=63072000; includeSubDomains; preload' );
80 }
81 add_action( 'send_headers', 'Headers_Security_Advanced_HSTS_WP_send_header' );
82
83 function Headers_Security_Advanced_HSTS_WP_Headers( $headers ) {
84 $HEadersSecurityAdvancedServerCheck = $_SERVER['SERVER_NAME'];
85 $HEadersSecurityAdvancedCheck = str_replace('www.','',$HEadersSecurityAdvancedServerCheck);
86
87 $HEadersSecurityAdvancedServerCheck3 = $_SERVER['SERVER_NAME'];
88
89 $headers['X-XSS-Protection'] = '1; mode=block';
90 $headers['Expect-CT'] = 'max-age=7776000, enforce';
91 $headers['Access-Control-Allow-Origin'] = 'null';
92 $headers['Access-Control-Allow-Methods'] = 'GET,PUT,POST,DELETE';
93 $headers['Access-Control-Allow-Headers'] = 'Content-Type, Authorization';
94 $headers['X-Content-Security-Policy'] = 'default-src \'self\'; img-src *; media-src * data:;';
95 $headers['X-Content-Type-Options'] = 'nosniff';
96 $headers['Content-Security-Policy'] = "report-uri https://$HEadersSecurityAdvancedCheck";
97 $headers['Referrer-Policy'] = 'no-referrer-when-downgrade';
98 $headers['Cross-Origin-Embedder-Policy-Report-Only'] = 'require-corp; report-to="default"';
99 $headers['Cross-Origin-Embedder-Policy'] = 'unsafe-none; report-to="default"';
100 $headers['Cross-Origin-Opener-Policy-Report-Only'] = 'same-origin; report-to="default"';
101 $headers['Cross-Origin-Opener-Policy'] = 'same-origin; report-to="default"';
102 $headers['Cross-Origin-Resource-Policy'] = 'cross-origin';
103 $headers['strict-dynamic'] = "https: 'self'; default-src 'self'";
104 $headers['X-Frame-Options'] = 'ALLOWALL';
105 $headers['Permissions-Policy'] = "geolocation=(self), microphone=(), accelerometer=(), gyroscope=(), magnetometer=()";
106 $headers['Feature-Policy'] = "payment 'self'; display-capture 'self'";
107 $headers['X-Permitted-Cross-Domain-Policies'] = "none";
108
109 return $headers;
110 }
111 add_filter( 'wp_headers', 'Headers_Security_Advanced_HSTS_WP_Headers' );
112
113 defined( 'ABSPATH' ) or die( 'No script kiddies please!' );
114
115 // Headers Security Advanced & HSTS WP - VERSION
116 if( ! defined( 'headers-security-advanced-hsts-wp-login-version' ) ) {
117 define( 'headers-security-advanced-hsts-wp-login-version', '4.3.0' );
118 }
119
120 // Headers Security Advanced & HSTS WP
121 if( ! defined( 'headers-security-advanced-hsts-wp-login-name' ) ) {
122 define( 'headers-security-advanced-hsts-wp-login-name', 'Headers Security Advanced & HSTS WP' );
123 }
124
125 // Headers Security Advanced & HSTS WP - DIR
126 if ( ! defined( 'headers_security_advanced_hsts_wp_login_path' ) ) {
127 define( 'headers_security_advanced_hsts_wp_login_path', plugin_dir_path( __FILE__ ) );
128 }
129
130 // Headers Security Advanced & HSTS WP - URI
131 if ( ! defined( 'headers-security-advanced-hsts-wp-base-uri' ) ) {
132 define( 'headers-security-advanced-hsts-wp-base-uri', plugin_dir_url( __FILE__ ) );
133 }
134
135 // Headers Security Advanced & HSTS WP - MENU
136 add_action( 'admin_menu', 'csrf_Headers_Security_Advanced_HSTS_WP_auth' );
137
138 function csrf_Headers_Security_Advanced_HSTS_WP_auth() {
139 add_options_page( 'Headers Security Advanced & HSTS WP', 'Headers Security Advanced & HSTS WP', 'manage_options', 'headers_security_advanced_hsts_wp_option_menu', 'csrf_Headers_Security_Advanced_HSTS_WP_options' );
140 }
141
142 function csrf_Headers_Security_Advanced_HSTS_WP_options() {
143 if ( !current_user_can( 'manage_options' ) ) {
144 wp_die( __( 'You do not have sufficient permissions to access this page.' ) );
145 }
146 echo '<div class="wrap">';
147 echo '<h2><span style="color:#0ca533;">👋 <b>Congratulations</b> you are safe,</span></h2><br><b>The Headers Security Advanced & HSTS WP</b> project implements HTTP response headers that your site can use to increase the security of your website. <br /><br />The plug-in will automatically set up all Best Practices (you don’t have to think about anything).<br /><br />
148 <br /></div></div>';
149 echo '<script type="text/javascript" src="https://cdnjs.buymeacoffee.com/1.0.0/button.prod.min.js" data-name="bmc-button" data-slug="tentacleplugins" data-color="#FFDD00" data-emoji="" data-font="Inter" data-text="Buy me a coffee" data-outline-color="#000000" data-font-color="#000000" data-coffee-color="#ffffff" ></script>';
150 echo '</div>';
151 }
152
153 add_filter('plugin_action_links', 'Headers_Security_Advanced_HSTS_WP_hs_links', 10, 2);
154 function Headers_Security_Advanced_HSTS_WP_hs_links($links, $file) {
155 static $this_plugin;
156
157 if (!$this_plugin) {
158 $this_plugin = plugin_basename(__FILE__);
159 }
160
161 if ($file == $this_plugin) {
162 $settings_link = '<a href="https://www.buymeacoffee.com/tentacleplugins">Donate a coffee</a>';
163 array_unshift($links, $settings_link);
164 }
165 return $links;
166 }
167 ?>
...\ No newline at end of file ...\ No newline at end of file
1 msgid ""
2 msgstr ""
3 "Project-Id-Version: Headers Security Advanced & HSTS WP\n"
4 "POT-Creation-Date: 2021-11-04 20:22+0000\n"
5 "PO-Revision-Date: \n"
6 "Language-Team: \n"
7 "MIME-Version: 1.0\n"
8 "Content-Type: text/plain; charset=UTF-8\n"
9 "Content-Transfer-Encoding: 8bit\n"
10 "X-Generator: Poedit 2.4.2\n"
11 "X-Poedit-Basepath: .\n"
12 "X-Poedit-KeywordsList: _e;__\n"
13 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
14 "Last-Translator: \n"
15 "Language: it\n"
16 "X-Poedit-SearchPath-0: ..\n"
17
18 #: ../includes/headers-security-advanced-hsts-admin-login.php:109
19 msgid "Please upgrade to the latest version of WordPress to activate"
20 msgstr "Effettua l’aggiornamento all’ultima versione di WordPress"
21
22 #. Plugin Name
23 #: ../includes/headers-security-advanced-hsts-admin-login.php:109
24 #: ../includes/headers-security-advanced-hsts-admin-login.php:141
25 #: ../includes/headers-security-advanced-hsts-admin-login.php:168
26 msgid "Headers Security Advanced & HSTS WP"
27 msgstr "Headers Security Advanced & HSTS WP"
28
29 #: ../includes/headers-security-advanced-hsts-admin-login.php:142
30 msgid ""
31 "This option allows you to set a networkwide default, which can be overridden "
32 "by individual sites. Simply go to to the site’s permalink settings to change "
33 "the url."
34 msgstr ""
35 "Questa opzione consente di impostare un valore predefinito per l’intera "
36 "rete, che può essere ignorato dai singoli siti. Basta andare alle "
37 "impostazioni permalink del sito per modificare l’URL."
38
39 #: ../includes/headers-security-advanced-hsts-admin-login.php:145
40 msgid "Networkwide default"
41 msgstr "Predefinito per l’intera rete"
42
43 #: ../includes/headers-security-advanced-hsts-admin-login.php:175
44 msgid "Login url"
45 msgstr "Url di accesso"
46
47 #: ../includes/headers-security-advanced-hsts-admin-login.php:183
48 msgid "Redirect URL"
49 msgstr "
50
51 #: ../includes/headers-security-advanced-hsts-admin-login.php:226
52 #, php-format
53 msgid ""
54 "To set a networkwide default, go to <a href=\"%s\">Network Settings</a>."
55 msgstr ""
56 "Per impostare una rete predefinita ampia, andate a <a href=\\”%s"
57 "\\”>Impostazioni di rete</a>."
58
59 #: ../includes/headers-security-advanced-hsts-admin-login.php.php:235
60 msgid "Use the slug name, example: "contact-me" - DO NOT USE the full website URL. If you leave the above field empty the plugin will add a redirect to the website homepage."
61 msgstr ""
62
63 #: ../includes/headers-security-advanced-hsts-admin-login.php:250
64 #, php-format
65 msgid ""
66 "Your login page is now here: <strong><a href=\"%1$s\">%2$s</a></strong>. "
67 "Bookmark this page!"
68 msgstr ""
69 "La tua pagina di accesso adesso si trova qui: <strong><a href=\\”%1$s\\”>"
70 "%2$s</a></strong>. Metti questa pagina nei preferiti!"
71
72 #: ../includes/headers-security-advanced-hsts-admin-login.php:256
73 #: ../includes/headers-security-advanced-hsts-admin-login.php:258
74 msgid "Settings"
75 msgstr "Impostazioni"
76
77 #: ../includes/headers-security-advanced-hsts-admin-login.php:275
78 msgid "This feature is not enabled."
79 msgstr "Questa funzione non è abilitata."
1 === Plugin Name ===
2 Contributors: unicorn03, unicorn07
3 Donate link: https://tentacleplugins.com/
4 Tags: headers security, hsts, http headers, insecure content, force ssl, headers, login security, xss, clickjacking, mitm, cross origin, cross site, privacy, csp
5 Requires at least: 4.7
6 Tested up to: 6.0
7 Stable tag: 4.8.96
8 Requires PHP: 7.0
9 License: GPLv2 or later
10 License URI: https://www.gnu.org/licenses/gpl-2.0.html
11
12 Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP/HTTPS.
13
14 == Description ==
15
16 = ENGLISH =
17
18 **Headers Security Advanced & HSTS WP** is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.
19
20 The **Headers Security Advanced & HSTS WP** project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don't have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.
21
22 This plugin is developed by TentaclePlugins, we care about WordPress security and best practices.
23
24 Check out the best features of **Headers Security Advanced & HSTS WP:**
25
26 * HSA Limit Login to block brute force attacks.
27 * X-XSS-Protection
28 * Expect-CT
29 * Access-Control-Allow-Origin
30 * Access-Control-Allow-Methods
31 * Access-Control-Allow-Headers
32 * X-Content-Security-Policy
33 * X-Content-Type-Options
34 * X-Frame-Options
35 * X-Permitted-Cross-Domain-Policies
36 * X-Powered-By
37 * Content-Security-Policy
38 * Referrer-Policy
39 * HTTP Strict Transport Security / HSTS
40 * Content-Security-Policy
41 * Clear-Site-Data
42 * Cross-Origin-Embedder-Policy-Report-Only
43 * Cross-Origin-Opener-Policy-Report-Only
44 * Cross-Origin-Embedder-Policy
45 * Cross-Origin-Opener-Policy
46 * Cross-Origin-Resource-Policy
47 * Permissions-Policy
48 * Strict-dynamic
49 * Strict-Transport-Security
50 * FLoC (Federated Learning of Cohorts)
51
52 **Headers Security Advanced & HSTS WP** is based on **OWASP CSRF** to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).
53
54 HTTP security headers are a critical part of your website's security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.
55
56 We have implemented **FLoC (Federated Learning of Cohorts)**, using best practices. First, using **Headers Security Advanced & HSTS WP** prevents the browser from including your site in the "cohort calculation" on **FLoC (Federated Learning of Cohorts)**. This means that nothing can call document.interestCohort() to get the FLoC ID of the currently used client. Obviously, this does nothing outside of your currently visited site and does not "disable" FLoC on the client beyond that scope.
57
58 Even though **FLoC** is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special **“automatic blocking of FLoC”** feature, trying to always **offer the best tool with privacy protection and cyber security** as main targets and focus.
59
60 Analyze your site before and after using *Headers Security Advanced & HSTS WP* security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security / HSTS best practices.
61
62 * Check HTTP Security Headers on <a href="https://securityheaders.com/" target="_blank">securityheaders.com</a>
63 * Check HTTP Strict Transport Security / HSTS at <a href="https://hstspreload.org/" target="_blank">hstspreload.org</a>
64 * Check WebPageTest at <a href="https://www.webpagetest.org/" target="_blank">webpagetest.org</a>
65 * Check HSTS test website <a href="https://gf.dev/hsts-test/" target="_blank">gf.dev/hsts-test</a>
66
67 This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.
68
69 == Frequently Asked Questions ==
70
71 = How do you get an A+ grade? =
72
73 To earn an A+ grade, your site must issue all HTTP response headers that we check. This indicates a high level of commitment to improving the security of your visitors.
74
75 = What headers are recommended? =
76
77 Over an HTTP connection we get Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Via an HTTPS connection, 2 additional headers are checked for presence which are Strict-Transport-Security and Public-Key-Pins.
78
79 * Once the plug-in is activated it performs a test (before and after): <a href="https://securityheaders.com/" target="_blank">https://securityheaders.com/</a>
80
81 = Can the plugin create slowdowns? =
82
83 No, Headers Security Advanced & HSTS WP is Fast, Secure and does not affect the SEO and speed of your website.
84
85 = What is HSTS (Strict Transport Security)? =
86
87 It was created as a solution to force the browser to use secure connections when a site is running on HTTPS. It is a security header that is added to the web server and reflected in the response header as Strict-Transport-Security. HSTS is important because it addresses the following anomalies:
88
89 = Check before and after using Preload HSTS =
90
91 This step is important to submit your website and/or domain to an approved HSTS list. Google officially compiles this list and it is used by Chrome, Firefox, Opera, Safari, IE11 and Edge. You can forward your site to the official HSTS preload directory. ('https://hstspreload.org/')
92
93 = how to use HTTP Strict Transport Security (HSTS) =
94
95 If you want to use Preload HSTS for your site, there are a few requirements before you can activate it.
96
97 * Have a valid SSL certificate. You can't do any of this anyway without it.
98 * You must redirect all HTTP traffic to HTTPS (recommended via permanent 301 redirects). This means that your site should be HTTPS only.
99 * You need to serve all subdomains in HTTPS as well. If you have subdomains, you will need an SSL certificate.
100
101 The HSTS header on your base domain (for example: example.com) is already configured you just need to activate the plug-in.
102
103 If you want to check the HSTS status of your site, you can do so here: <a href="https://hstspreload.org/" target="_blank">https://hstspreload.org/</a>
104
105 = Can I report a bug or request a feature? =
106
107 You can report bugs or request new features right <a href="mailto:tentacleplugins.support@protonmail.com">click here !</a>
108
109 = Disable FLoC, Google's advertising technology =
110
111 FLoC is a mega tracker that monitors user activity on all sites, stores the information in the browser, and then uses machine learning to place users into cohorts with similar interests. This way, advertisers can target groups of people with similar interests. Plus, according to Google's own testing, FLoC achieves at least 95% more conversions than cookies.
112
113 = Who is disabling FLoC by Google? =
114
115 Scott Helme reported that as of May 3, already 967 of the first 1 million domains had disabled FLoC's interest-cohort in their Permissions-Policy header. That list included some big sites like The Guardian and IKEA.
116
117 == Installation ==
118
119 = ITALIAN =
120
121 1. Vai in Plugin 'Aggiungi nuovo'.
122 2. Cerca Headers Security Advanced & HSTS WP.
123 3. Cerca questo plugin, scaricalo e attivalo.
124 4. Vai in 'impostazioni' > 'Permalink'. Cambia il tuo url di login alla voce 'Security Url'.
125 5. Puoi cambiare questa opzione quando vuoi, Headers Security Advanced & HSTS WP viene impostato in automatico.
126
127 = ENGLISH =
128
129 1. Go to Plugins 'Add New'.
130 2. Search for Headers Security Advanced & HSTS WP.
131 3. Search for this plugin, download and activate it.
132 4. Go to 'settings' > 'Permalink'. Change your login url to 'Security Url'.
133 5. You can change this option whenever you want, Headers Security Advanced & HSTS WP is set automatically.
134
135 = FRANÇAIS =
136
137 1. Allez dans Plugins 'Add new'.
138 2. Recherchez Headers Security Advanced & HSTS WP.
139 3. Recherchez ce plugin, téléchargez-le et activez-le.
140 4. Allez dans "Paramètres" > "Lien permanent". Changez votre url de connexion en 'Security Url'.
141 5. Vous pouvez modifier cette option quand vous le souhaitez, Headers Security Advanced & HSTS WP est réglé automatiquement.
142
143 = DEUTSCH =
144
145 1. Gehen Sie zu Plugins 'Neu hinzufügen'.
146 2. Suchen Sie nach Headers Security Advanced & HSTS WP.
147 3. Suchen Sie nach diesem Plugin, laden Sie es herunter und aktivieren Sie es.
148 4. Gehen Sie zu "Einstellungen" > "Permalink". Ändern Sie Ihre Login-Url in 'Security Url'.
149 5. Sie können diese Option jederzeit ändern, Headers Security Advanced & HSTS WP wird automatisch eingestellt.
150
151 == Screenshots ==
152
153 1. Check HTTP Security Headers (AFTER)
154 2. Check HTTP Security Headers (BEFORE)
155 3. Check HTTP Strict Transport Security / HSTS (list)
156 4. Check WebPageTest (AFTER)
157 5. Check WebPageTest (BEFORE)
158 6. Setting on single site installation
159 7. Check HTTP Security Headers - Serpworx (AFTER)
160 8. Check HTTP Security Headers - Serpworx (BEFORE)
161 9. Site-wide security setting
162
163 == Changelog ==
164
165 = 4.8.96 =
166 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.96 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
167 - Fixed: Fixed issue that could show in own console log an error of (syntax error);
168 - Upgrade: Speeded up loading and compatibility with some third-party plugins;
169 - Upgrade: Updated some optimization functions of Wordpress version 6.0;
170
171 = 4.8.94 =
172 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.94 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
173 - Update: optimization and resolution external application compatibility;
174 - Fixed: solved problem with some headers and debug optimizations;
175
176 = 4.8.93 =
177 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.93 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
178 - Fixed: optimization and resolution external application compatibility;
179 - Fixed: solved problem with some headers and debug optimizations;
180 - Update: We fixed some issues that could occur with the "full screen" method;
181
182 = 4.8.92 =
183 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.90 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
184 - Fixed: Compatibility with version 6.0 of Wordpress
185 - Fixed: redirection errors could occur ERR_TOO_MANY_REDIRECTS
186
187 = 4.8.91 =
188 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.90 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
189 - New: Compatibility with version 6.0 of Wordpress
190 - Update: We fixed some issues that could occur with the "full screen" method
191
192 = 4.8.90 =
193 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.90 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
194 - New: compatibility Wordpress 6.0
195
196 = 4.8.89 =
197 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.89 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
198 - Fixed: We fixed an issue that could occur with a renamed version of a header parameter, now we have optimized the request;
199
200 = 4.8.88 =
201 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.88 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
202 - New: Added New X-Permitted-Cross-Domain-Policies;
203 - New: Optimization with the Serpworx tool (Check Your Security Headers);
204 - Add: Added new "Feature-Policies" such as: push=(), vibrate=(), fullscreen();
205 - Fixed: We fixed a problem with the debug.log file that could show the following warning (PHP Notice: Undefined index);
206
207 = 4.8.86 =
208 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.86 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
209 - Fixed: We fixed a problem with the debug.log file that could show the following warning (PHP Notice: Undefined index);
210 - Fixed: fixed the problem with the wordpress widget, it could cause the wrong display of the favicon;
211
212 = 4.8.85 =
213 We don't want to tell you what to do, but here's the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.85 (we've exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
214 - Fixed: We fixed a problem with the debug.log file that could show the following warning (PHP Notice: Undefined index);
215
216 = 4.8.6 =
217 We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.6 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
218 - Fixed: We have fixed an issue with the X-Frame-Options header;
219
220 = 4.8.3 =
221 We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.3 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
222 - Fixed: This is the latest version to fix and make compatible with themes, plugins that could create conflicts with Vimeo and Youtube implementation.
223
224 = 4.8.0 =
225 We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.8.0 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
226 - Fixed: We have fixed some issues with Vimeo viewing
227
228 = 4.7.30 =
229 We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.7.30 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
230 - Fixed: We found some bugs and now the plugin is more optimized and happy :-D
231 - Fixed: We have fixed some issues with Vimeo viewing
232 - Update: Wordpress 5.9
233
234 = 4.7.20 =
235 We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this version 4.7.20 (we've improved some crazy programmer stuff) and everything works like a charm. So we're in agreement? Tap "update" and we'll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do 😀 we're crazy but we like this one
236 - New: Wordpress 5.9
237 - Fixed: We've listened to your feedback and have momentarily disabled the ability to customize the url
238
239 = 4.7.15 =
240 We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.15 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
241 * Fixed: we have solved the error that was shown in QueryMonitor Undefined property
242
243 = 4.7.1 =
244 We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.1 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
245 * Fixed: "All the little beings that generated errors and bugs have been exterminated. We know we are very attentive to details"
246 * Update: "Third-party plugin optimization such as cache, cloudflare and redirects"
247
248 = 4.7.0 =
249 IMPORTANT: This update optimizes and fixes some issues that may occur with a cache manager.
250 We don't want to tell you what to do, but here's the thing: if you updated the plugin last time, you saw that when we propose to do it, we don't just say it. Well, we've added and fixed a lot of things with this 4.7.0 version (we've improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on "update" and we'll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let's get started right away to the next code and update to do :D we are crazy but we like this
251 * Update: "X Powered By"
252 * Update: Content Security Policy optimization (CSP Header) and internal testing with Chrome, Firefox, Safari, Edge
253 * Updated: "accelerometer block"
254 * Updated: "gyroscope block"
255 * Updated: "magnetometer block"
256 * Updated: "usb block"
...\ No newline at end of file ...\ No newline at end of file
1 === HTTP Headers ===
2 Contributors: zinoui
3 Donate link: https://zinoui.com/donation
4 Tags: custom headers, http headers, headers, security, http header, header, cross domain, cors, xss, clickjacking, mitm, cross origin, cross site, privacy, p3p, hsts, referrer, csp, caching, compression, access control, authentication
5 Requires at least: 3.2
6 Tested up to: 5.7.1
7 Requires PHP: 5.3
8 Stable tag: 1.18.5
9 License: GPLv2 or later
10 License URI: https://www.gnu.org/licenses/gpl-2.0.html
11
12 HTTP Headers adds CORS & security HTTP headers to your website.
13
14 == Description ==
15
16 HTTP Headers gives your control over the http headers returned by your blog or website.
17
18 Headers supported by HTTP Headers includes:
19
20 - Access-Control-Allow-Origin
21 - Access-Control-Allow-Credentials
22 - Access-Control-Max-Age
23 - Access-Control-Allow-Methods
24 - Access-Control-Allow-Headers
25 - Access-Control-Expose-Headers
26 - Age
27 - Content-Security-Policy
28 - Content-Security-Policy-Report-Only
29 - Cache-Control
30 - Clear-Site-Data
31 - Connection
32 - Content-Encoding
33 - Content-Type
34 - Cross-Origin-Embedder-Policy
35 - Cross-Origin-Opener-Policy
36 - Cross-Origin-Resource-Policy
37 - Expect-CT
38 - Expires
39 - Feature-Policy
40 - NEL
41 - Permissions-Policy
42 - Pragma
43 - P3P
44 - Referrer-Policy
45 - Report-To
46 - Strict-Transport-Security
47 - Timing-Allow-Origin
48 - Vary
49 - WWW-Authenticate
50 - X-Content-Type-Options
51 - X-DNS-Prefetch-Control
52 - X-Download-Options
53 - X-Frame-Options
54 - X-Permitted-Cross-Domain-Policies
55 - X-Powered-By
56 - X-Robots-Tag
57 - X-UA-Compatible
58 - X-XSS-Protection
59
60 The [getting started tutorial](https://zinoui.com/blog/http-headers-for-wordpress) describes a typical configuration of this plugin.
61
62 == Installation ==
63
64 Upload the HTTP Headers plugin to your blog. Then activate it.
65
66 That's all.
67
68 == Frequently Asked Questions ==
69
70 = Why to use this plugin? =
71
72 Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.
73
74 = Who use these headers? =
75
76 These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.
77
78 == Screenshots ==
79
80 1. This screenshot shows up the dashboard with categories of the supported headers.
81 2. This screenshot shows up the headers of a chosen category and their current values.
82 3. This screenshot shows up the settings page where you can adjust the security headers.
83 4. This screenshot shows up the response headers returned by the web server.
84
85 == Upgrade Notice ==
86
87 Updates are on they way, so stay tuned at [@DimitarIvanov](https://twitter.com/DimitarIvanov)
88
89 == Changelog ==
90
91 = 1.18.5 =
92 *Release Date - 30th April, 2021*
93
94 * Configurable paths to files who store passwords for basic/digest auth
95 * Fixed issue with plugin activation, due missing file
96
97 = 1.18.4 =
98 *Release Date - 30th April, 2021*
99
100 * Initial value of X-Robots-Tag fixed
101
102 = 1.18.3 =
103 *Release Date - 30th April, 2021*
104
105 * Added "X-Robots-Tag" header
106 * Added "interest-cohort", "layout-animations", "legacy-image-formats", "oversized-images", and "wake-lock" directive to "Permissions-Policy" header
107 * Added "cross-origin" value to "Cross-Origin-Resource-Policy" header
108 * Added "navigate-to" and "prefetch-src" directives to "Content-Security-Policy" header
109
110 = 1.18.2 =
111 *Release Date - 24th April, 2021*
112
113 * Configurable paths to .htaccess and .user.ini files
114
115 = 1.18.1 =
116 *Release Date - 29th October, 2020*
117
118 * Added "allow-downloads" and "allow-top-navigation-by-user-activation" to "sandbox" directive, part of CSP
119
120 = 1.18.0 =
121 *Release Date - 20th September, 2020*
122
123 * Added "Permissions-Policy" header
124 * Fixed "Cookie Security"
125
126 = 1.17.0 =
127 *Release Date - 26th July, 2020*
128
129 * Added "Cross-Origin-Embedder-Policy" header
130 * Added "Cross-Origin-Opener-Policy" header
131
132 = 1.16.1 =
133 *Release Date - 23rd July, 2020*
134
135 * Fixed JS/CSS versioning
136
137 = 1.16.0 =
138 *Release Date - 23rd July, 2020*
139
140 * Added the "NEL" header
141 * Fixed the "Report-To" header
142
143 = 1.15.2 =
144 *Release Date - 18th June, 2020*
145
146 * Fixed a PHP Notice at "Expires" page
147 * Fixed comments in .user.ini file
148
149 = 1.15.1 =
150 *Release Date - 9th May, 2020*
151
152 * Fixed the "Access-Control-Allow-Origin" header
153
154 = 1.15.0 =
155 *Release Date - 26th January, 2020*
156
157 * Added the "Cross-Origin-Resource-Policy" header
158 * Removed the "Public-Key-Pins" header
159
160 = 1.14.2 =
161 *Release Date - 25th November, 2019*
162
163 * CORS headers updated (added "Vary: Origin")
164
165 = 1.14.1 =
166 *Release Date - 15th September, 2019*
167
168 * Simple filtering was replaced with Dynamic filtering
169
170 = 1.14.0 =
171 *Release Date - 1st September, 2019*
172
173 * Added the "Content-Type" header
174 * Fixed the "Access-Control-Allow-Credentials" header
175 * Improvement to "Access-Control-Allow-Headers" header
176 * Improvement to "Access-Control-Allow-Methods" header
177 * Improvement to "Access-Control-Expose-Headers" header
178 * Improvement to "Cache-Control" header
179 * Improvement to "Vary" header
180
181 = 1.13.4 =
182 *Release Date - 14th July, 2019*
183
184 * Added the "always" condition to Header (unset) directive
185 * Fixed the "import" function
186 * Fixed the "Access-Control-Allow-Origin" header
187
188 = 1.13.3 =
189 *Release Date - 16th June, 2019*
190
191 * Bugfix in "WWW-Authenticate" header
192 * Added support of Apache 2.4
193
194 = 1.13.2 =
195 *Release Date - 13th June, 2019*
196
197 * Bugfix in "Content-Encoding" header
198 * Bugfix in "Vary" header
199
200 = 1.13.1 =
201 *Release Date - 8th June, 2019*
202
203 * Added Brotli compression
204
205 = 1.13.0 =
206 *Release Date - 7th June, 2019*
207
208 * Added "SameSite" to Cookie Security
209 * Fixed import/export function
210 * Code refactoring
211
212 = 1.12.2 =
213 *Release Date - 5th April, 2019*
214
215 * UI improvement for Content-Security-Policy
216 * Fix for Access-Control-Allow-Headers
217 * Fix for Access-Control-Allow-Origin
218 * Fix for Feature-Policy
219
220 = 1.12.1 =
221 *Release Date - 9th January, 2019*
222
223 * Remove direct calls to cURL
224
225 = 1.12.0 =
226 *Release Date - 5th January, 2019*
227
228 * Better handling of activate/deactivate functions
229
230 = 1.11.0 =
231 *Release Date - 9th December, 2018*
232
233 * Added support of "Clear-Site-Data" header
234
235 = 1.10.5 =
236 *Release Date - 6th November, 2018*
237
238 * Hotfix: parallel work with third-party plugins
239
240 = 1.10.4 =
241 *Release Date - 30th September, 2018*
242
243 * Support of following Server APIs: CGI, FastCGI, PHP-FPM
244 * Error handling improvement
245
246 = 1.10.3 =
247 *Release Date - 8th August, 2018*
248
249 * HSTS improvement
250 * CORS improvement
251
252 = 1.10.2 =
253 *Release Date - 31st July, 2018*
254
255 * Export feature bug-fixed
256
257 = 1.10.1 =
258 *Release Date - 18th July, 2018*
259
260 * Feature-Policy header update: new features added
261
262 = 1.10.0 =
263 *Release Date - 17th July, 2018*
264
265 * Added support of "Feature-Policy" header
266
267 = 1.9.5 =
268 *Release Date - 12th July, 2018*
269
270 * CORS bugfix
271
272 = 1.9.4 =
273 *Release Date - 13th January, 2018*
274
275 * In-plugin security improvement
276
277 = 1.9.3 =
278 *Release Date - 10th January, 2018*
279
280 * Bug fix
281
282 = 1.9.2 =
283 *Release Date - 4th January, 2018*
284
285 * Security improvements
286
287 = 1.9.1 =
288 *Release Date - 27th December, 2017*
289
290 * Updated translations
291
292 = 1.9.0 =
293 *Release Date - 23th December, 2017*
294
295 * Added support of "Report-To" header
296 * Added support of translations
297 * Added support of Import/Export
298 * Updated "Content-Security-Policy" header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
299 * Updated "WWW-Authenticate" header (support multiple users)
300 * Updated "Access-Control" headers (added list of origins)
301
302 = 1.8.0 =
303 *Release Date - 31st August, 2017*
304
305 * Added support of "Timing-Allow-Origin" header
306 * Added support of "X-Download-Options" header
307 * Added support of "X-DNS-Prefetch-Control" header
308 * Added support of "X-Permitted-Cross-Domain-Policies" header
309 * Added support of Custom headers
310
311 = 1.7.1 =
312 *Release Date - 18th August, 2017*
313
314 * PHP notice bugfixed
315
316 = 1.7.0 =
317 *Release Date - 15th August, 2017*
318
319 * Added support of "Content-Security-Policy-Report-Only" header
320 * Added support of "Public-Key-Pins-Report-Only" header
321 * Added "1; report=<reporting-URI>" directive to the "X-XSS-Protection" header
322 * Added "Inspect headers" tool
323 * UI bugfixes
324
325 = 1.6.0 =
326 *Release Date - 5th August, 2017*
327
328 * Added support of "Expect-CT" header
329
330 = 1.5.0 =
331 *Release Date - 30th July, 2017*
332
333 * Added support of "Age" header
334 * Added support of "Cache-Control" header
335 * Added support of "Connection" header
336 * Added support of "Content-Encoding" header
337 * Added support of "Expires" header
338 * Added support of "Pragma" header
339 * Added support of "Vary" header
340 * Added support of "WWW-Authenticate" header
341 * Added support of "X-Powered-By" header
342 * Added support of "Secure" and "HttpOnly" cookies
343
344 = 1.4.0 =
345 *Release Date - 5th July, 2017*
346
347 * Added support of Apache (via htaccess) inclusion method
348
349 = 1.3.0 =
350 *Release Date - 3rd June, 2017*
351
352 * Added support of Content-Security-Policy header
353 * Added dashboard
354
355 = 1.2.0 =
356 *Release Date - 28th April, 2017*
357
358 * Added support of Referrer-Policy header
359
360 = 1.1.2 =
361 *Release Date - 13th February, 2017*
362
363 * Added support of 'preload' directive to HSTS header
364
365 = 1.1.1 =
366 *Release Date - 8th November, 2016*
367
368 * Fixed typo in the X-Frame-Options header
369
370 = 1.1.0 =
371 *Release Date - 20th May, 2016*
372
373 * Added support of P3P header
374
375 = 1.0.0 =
376 *Release Date - 10th May, 2016*
377
378 * Initial version
1 (function ($, undefined) {
2 $(function() {
3 "use strict";
4
5 $(document).on('change', 'select[name="hh_x_frame_options_value"]', function () {
6 var $el = $('input[name="hh_x_frame_options_domain"]'),
7 readOnly = $(this).find('option:selected').val() != 'allow-from';
8 if ($el.length) {
9 $el.prop('readOnly', readOnly).toggle(!readOnly);
10 }
11 }).on('change', 'select[name="hh_x_xxs_protection_value"]', function (e) {
12 var $el = $('input[name="hh_x_xxs_protection_uri"]'),
13 readOnly = $(this).find('option:selected').val() != '1; report=';
14 if ($el.length) {
15 $el.prop('readOnly', readOnly).toggle(!readOnly);
16 }
17 }).on('change', 'select[name="hh_x_powered_by_option"]', function () {
18 var $el = $('input[name="hh_x_powered_by_value"]'),
19 readOnly = $(this).find('option:selected').val() != 'set';
20 if ($el.length) {
21 $el.prop('readOnly', readOnly).toggle(!readOnly);
22 }
23 }).on("change", "input[name^='hh_vary_value[']", function () {
24
25 if (this.name === "hh_vary_value[*]") {
26 if (this.checked) {
27 $("input[name^='hh_vary_value[']").not(this).prop("checked", false);
28 }
29 } else {
30 if (this.checked) {
31 $("input[name='hh_vary_value[*]']").prop("checked", false);
32 }
33 }
34
35 }).on("change", "input[name^='hh_access_control_allow_methods_value[']", function () {
36
37 if (this.name === "hh_access_control_allow_methods_value[*]") {
38 if (this.checked) {
39 $("input[name^='hh_access_control_allow_methods_value[']").not(this).prop("checked", false);
40 }
41 } else {
42 if (this.checked) {
43 $("input[name='hh_access_control_allow_methods_value[*]']").prop("checked", false);
44 }
45 }
46
47 }).on('change', 'select[name="hh_access_control_allow_origin_value"]', function () {
48 var $el = $('input[name="hh_access_control_allow_origin_url"]'),
49 readOnly = $(this).find('option:selected').val() != 'origin';
50 if ($el.length) {
51 $el.prop('readOnly', readOnly);//.toggle(!readOnly);
52 }
53 if (readOnly) {
54 $(".hh-acao").addClass("hh-hidden");
55 } else {
56 $(".hh-acao").removeClass("hh-hidden");
57 }
58 }).on('change', 'select[name="hh_timing_allow_origin_value"]', function () {
59 var $el = $('input[name="hh_timing_allow_origin_url"]'),
60 readOnly = $(this).find('option:selected').val() != 'origin';
61 if ($el.length) {
62 $el.prop('readOnly', readOnly).toggle(!readOnly);
63 }
64 }).on('change', '.http-header', function () {
65 var $this = $(this),
66 $el = $this.closest('table').find('.http-header-value');
67
68 if (!$el.length) {
69 return;
70 }
71
72 if (Number($this.val()) === 1) {
73 $el.prop('readOnly', false).removeAttr('readonly').removeClass('readonly');
74 } else {
75 $el.prop('readOnly', true).addClass('readonly');
76 }
77 }).on('change', 'input[name="hh_x_frame_options"]', function () {
78 $('select[name="hh_x_frame_options_value"]').trigger('change');
79 }).on('change', 'input[name="hh_x_powered_by"]', function () {
80 $('select[name="hh_x_powered_by_option"]').trigger('change');
81 }).on('change', 'input[name="hh_access_control_allow_origin"]', function () {
82 $('select[name="hh_access_control_allow_origin_value"]').trigger('change');
83 }).on('change', 'input[name="hh_timing_allow_origin"]', function () {
84 $('select[name="hh_timing_allow_origin_value"]').trigger('change');
85 }).on('submit', '#frmIspect', function (e) {
86 e.preventDefault();
87 var $this = $(this),
88 $box = $('#hh-result').empty();
89 $.post($this.attr('action'), $this.serialize()).done(function (data) {
90 $box.html(data);
91 });
92 return false;
93 }).on('change', '#authentication', function () {
94 var $a = $('#box-authentication');
95 if (this.checked) {
96 $a.show();
97 } else {
98 $a.hide();
99 }
100 }).on('click', '#hh-btn-add-header', function () {
101 $(this).closest('tr').before('<tr> \
102 <td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name"></td> \
103 <td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="' + hh.lbl_value + '"></td> \
104 <td><button type="button" class="button button-small hh-btn-delete-header" title="' + hh.lbl_delete + '">x</button></td> \
105 </tr>');
106 }).on('click', '.hh-btn-add-endpoint', function () {
107
108 var $tr = $(this).closest("tr");
109
110 $tr.children("td").each(function() {
111 if ($(this).attr("rowspan") !== undefined) {
112 this.rowSpan = this.rowSpan + 1;
113 }
114 });
115
116 var name,
117 $clone = $tr.clone().removeClass("hh-tr-first hh-tr-group-start"),
118 $this = $(this),
119 index = Math.ceil(Math.random() * 9999);
120
121 if ($tr.hasClass("hh-tr-group-end")) {
122 name = $tr.find("input[name$='[url]']").attr("name");
123 } else {
124 name = $tr.nextAll(".hh-tr-group-end:eq(0)").find("input[name$='[url]']").attr("name");
125 }
126
127 var m = name.match(/\[(\d+)\]\[url\]$/),
128 index = Number(m[1]) + 1;
129
130 $clone.find("td").each(function() {
131 if ($(this).attr("rowspan") !== undefined) {
132 $(this).remove();
133 }
134 });
135
136 $clone.find('input[type="text"]').val("");
137 $clone.find('input[type="number"]').val("");
138 $clone.find("td:last").html('<button type="button" class="button hh-btn-delete-endpoint" title="' + hh.lbl_delete + '">' + hh.lbl_remove_endpoint + '</button>');
139 $clone.find(":input").each(function () {
140 this.name = this.name.replace('[endpoints][0]', '[endpoints][' + index + ']');
141 });
142
143 $clone.addClass("hh-tr-group-end");
144 if ($tr.hasClass("hh-tr-group-end")) {
145 $tr.removeClass("hh-tr-group-end");
146 $tr.after($clone);
147 } else {
148 $tr.nextAll(".hh-tr-group-end:eq(0)").removeClass("hh-tr-group-end").after($clone);
149 }
150
151 }).on('click', '#hh-btn-add-endpoint-group', function () {
152 var $this = $(this),
153 index = Math.ceil(Math.random() * 9999),
154 $table = $this.closest("table"),
155 $clone = $table.find("tr.hh-tr-first").eq(0).clone(),
156 name = $table.find("tr:nth-last-child(2)").find(":input:first").attr("name"),
157 m = name.match(/^hh_report_to_value\[(\d+)\]/),
158 index = Number(m[1]) + 1;
159
160 $clone.find("td").each(function() {
161 if ($(this).attr("rowspan") !== undefined) {
162 this.rowSpan = 1;
163 }
164 });
165
166 $clone.find('input[type="text"]').val("");
167 $clone.find('input[type="number"]').val("");
168 $clone.find('input[type="checkbox"]').prop("checked", false);
169 $clone.find("option:first").prop("selected", true);
170 $clone.find("td:last").html('<button type="button" class="button hh-btn-delete-endpoint-group" title="' + hh.lbl_delete + '">' + hh.lbl_remove_group + '</button>');
171 $clone.find(":input").each(function () {
172 this.name = this.name.replace('[0]', '[' + index + ']');
173 });
174 $clone.addClass("hh-tr-group-end").removeClass("hh-tr-first");
175
176 $this.closest('tr').before($clone);
177 }).on('click', '.hh-btn-delete-header, .hh-btn-delete-origin, .hh-btn-delete-user, .hh-btn-delete-ac', function () {
178
179 $(this).closest('tr').remove();
180
181 }).on('click', '.hh-btn-delete-endpoint', function() {
182
183 var $group,
184 $tr = $(this).closest("tr");
185
186 if ($tr.prev("tr").hasClass("hh-tr-group-start")) {
187 $group = $tr.prev("tr");
188 } else {
189 $group = $tr.prevUntil("tr.hh-tr-group-start").prev("tr");
190 }
191
192 $group.children("td").each(function() {
193 if (this.rowSpan > 1) {
194 this.rowSpan = this.rowSpan - 1;
195 }
196 });
197
198 if ($tr.hasClass("hh-tr-group-end")) {
199 $tr.prev("tr").addClass("hh-tr-group-end");
200 }
201
202 $tr.remove();
203
204 }).on('click', '.hh-btn-delete-endpoint-group', function () {
205 var rows = $(this).closest("td").attr("rowspan");
206 if (rows === undefined || rows < 2) {
207 $(this).closest('tr').remove();
208 } else {
209 $(this).closest('tr').nextAll("tr").addBack().slice(0, rows).remove();
210 }
211 }).on("click", ".hh-btn-add-ac", function () {
212 var $this = $(this);
213 $this.closest('tr').before('<tr> \
214 <td><input type="text" name="' + $this.data("name") + '" class="http-header-value" size="35" /></td> \
215 <td><button type="button" class="button button-small hh-btn-delete-ac" title="' + hh.lbl_delete + '">x</button></td> \
216 </tr>');
217 }).on("click", ".hh-btn-add-origin", function () {
218 $(this).closest('tr').before('<tr class="hh-acao"> \
219 <td>&nbsp;</td> \
220 <td><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" /></td> \
221 <td><button type="button" class="button button-small hh-btn-delete-origin" title="' + hh.lbl_delete + '">x</button></td> \
222 </tr>');
223 }).on("click", ".hh-btn-add-user", function () {
224 $(this).closest('tr').before('<tr> \
225 <td>&nbsp;</td> \
226 <td><input type="text" name="hh_www_authenticate_user[]" class="http-header-value" /></td> \
227 <td><input type="text" name="hh_www_authenticate_pswd[]" class="http-header-value" /></td> \
228 <td><button type="button" class="button button-small hh-btn-delete-user" title="' + hh.lbl_delete + '">x</button></td> \
229 </tr>');
230 }).on("click", ".hh-btn-import-choose", function () {
231 $("#hh-import-file").trigger("click");
232 }).on("change", "#hh-import-file", function () {
233 $("#hh-import-name").html(this.files[0].name);
234 }).on("change", 'select[name^="hh_feature_policy_value"]', function () {
235 var $this = $(this),
236 value = $this.find("option:selected").val(),
237 $input = $this.siblings('input[name^="hh_feature_policy_origin"]');
238 if (value === "'self'" || value === "origin(s)") {
239 $input.show();
240 } else {
241 $input.hide();
242 }
243 }).on("change", 'select[name^="hh_permissions_policy_value"]', function () {
244 var $this = $(this),
245 value = $this.find("option:selected").val(),
246 $input = $this.siblings('input[name^="hh_permissions_policy_origin"]');
247 if (value === "self" || value === "origin(s)") {
248 $input.show();
249 } else {
250 $input.hide();
251 }
252 }).on("change", 'input[name^="hh_content_security_policy_value"]', function () {
253
254 var $this = $(this);
255
256 if (this.checked) {
257 if (/\[\*\]$/.test(this.name)) {
258 $this.closest("td").find('input[type="checkbox"]').not(this).prop("checked", false);
259 $this.closest("p").siblings("p").hide();
260 } else {
261 $this.closest("td").find('input[type="checkbox"][name$="[*]"]').prop("checked", false);
262 }
263 } else {
264 if (/\[\*\]$/.test(this.name)) {
265 $this.closest("p").siblings("p").show();
266 }
267 }
268 }).on("change", 'input[type="checkbox"][name="hh_cookie_security_value[SameSite]"]', function () {
269 if (this.checked) {
270 $(".hh-csv-value")
271 .removeClass("hh-hidden")
272 .find('input[type="radio"]')
273 .prop("disabled", false)
274 .filter(":first")
275 .prop("checked", true);
276 } else {
277 $(".hh-csv-value")
278 .addClass("hh-hidden")
279 .find('input[type="radio"]')
280 .prop("disabled", true);
281 }
282 });
283
284 $('.hh-tabs').on('click', 'ul a', function (e) {
285 e.preventDefault();
286
287 var $this = $(this);
288 $($this.attr('href'))
289 .removeClass('hh-hidden').addClass('hh-tab-active').attr('aria-hidden', 'false').attr('aria-expanded', 'true')
290 .siblings('div').addClass('hh-hidden').removeClass('hh-tab-active').attr('aria-hidden', 'true').attr('aria-expanded', 'false');
291 $this.closest('li')
292 .addClass('hh-active').attr('aria-selected', 'true').attr('tabindex', 0)
293 .siblings('li').removeClass('hh-active').attr('aria-selected', 'false').attr('tabindex', -1);
294 }).each(function () {
295 var $this = $(this),
296 $ul = $this.children('ul').attr('role', 'tablist'),
297 $li = $ul.children('li').attr('role', 'tab')
298 .not(':first').attr('aria-selected', 'false').attr('tabindex', -1)
299 .end().eq(0).attr('aria-selected', 'true').attr('tabindex', 0)
300 .end(),
301 $a = $li.find('a').attr('role', 'presentation').attr('tabindex', -1),
302 $div = $this.children('div').attr('role', 'tabpanel')
303 .not(':first').attr('aria-hidden', 'true').attr('aria-expanded', 'false')
304 .end().eq(0).attr('aria-hidden', 'false').attr('aria-expanded', 'true')
305 .end();
306
307 $li.each(function (i) {
308 var $this = $(this),
309 id = 'hh-tabs-' + Math.ceil(Math.random() * 999999) + '-' + i,
310 $a = $this.attr('aria-labelledby', id).find('a').attr('id', id),
311 href = $a.attr('href');
312 $this.attr('aria-controls', href.substring(1)).attr('aria-labelledby', id);
313 $(href).attr('aria-labelledby', id);
314 });
315
316 });
317 });
318 })(jQuery);
...\ No newline at end of file ...\ No newline at end of file
1 select.readonly,
2 select[readonly] {
3 background-color: #eee;
4 }
5 .hh-table > tbody > tr > th,
6 .hh-table > tbody > tr > td,
7 .hh-table td{
8 vertical-align: top;
9 }
10 .hh-table tbody td.hh-td-inner{
11 padding: 0;
12 }
13 .hh-table > tbody > tr > th{
14 width: 35%;
15 }
16 .hh-table > tbody > tr > td:nth-child(2){
17 width: 10%;
18 }
19 .hh-table > tbody > tr > th .description{
20 font-weight: normal;
21 }
22 .hh-table .hh-center{
23 text-align: center;
24 }
25 .hh-table .hh-middle{
26 vertical-align: middle;
27 }
28 .hh-table .hh-p-sm td,
29 .hh-table .hh-p-sm th{
30 padding: 8px 5px;
31 }
32 .hh-bordered{
33 border-collapse: collapse;
34 }
35 .hh-bordered th,
36 .hh-bordered td{
37 border: dashed 1px #999;
38 }
39 .hh-panel{
40 background-color: #fff;
41 padding: .7em 2em 1em;
42 -webkit-box-shadow: 0 1px 1px rgba(0,0,0,.04);
43 -moz-box-shadow: 0 1px 1px rgba(0,0,0,.04);
44 box-shadow: 0 1px 1px rgba(0,0,0,.04);
45 border: 1px solid #e5e5e5;
46 margin: 20px 0 0;
47 }
48
49 .hh-index-table{
50 border-collapse: separate;
51 border-spacing: 0;
52 width: 100%;
53 }
54 .hh-index-table tbody{
55 border-left: solid 1px rgba(0,0,0,.1);
56 border-right: solid 1px rgba(0,0,0,.1);
57 }
58 .hh-index-table th{
59 background-color: #fff;
60 font-weight: normal;
61 padding: 8px 10px;
62 text-align: left;
63 }
64 .hh-index-table td{
65 background-color: #fff;
66 color: gray;
67 padding: 8px 10px;
68 }
69 .hh-index-table td:first-child{
70 border-left: 4px solid #fff;
71 }
72 .hh-index-table .active td{
73 background-color: #f7fcfe;
74 color: green;
75 }
76 .hh-index-table .active td:first-child{
77 border-left: 4px solid #00a0d2;
78 }
79 .hh-index-table td{
80 box-shadow: 0 -1px 0 rgba(0,0,0,.1);
81 }
82 .hh-index-table .hh-status{
83 text-align: center;
84 }
85 .hh-index-table .hh-status span{
86 display: inline-block;
87 border-radius: 3px;
88 padding: 2px 5px;
89 }
90 .hh-index-table .hh-status-on span{
91 background-color: green;
92 color: #fff;
93 }
94 .hh-index-table .hh-status-off span{
95 background-color: #aaa;
96 color: #fff;
97 }
98 .hh-notice{
99 background-color: #FFFFCC;
100 margin: 20px 0;
101 padding: 8px 10px;
102 }
103 .hh-breadcrumbs{
104
105 }
106 .hh-breadcrumbs li{
107 display: inline-block;
108 }
109 .hh-breadcrumbs li:not(:last-child):after {
110 content: "\00A0\00BB\00A0";
111 display: inline-block;
112 }
113 .hh-breadcrumbs li a{
114
115 }
116 .hh-highlight{
117 background-color: #333;
118 color: #fff;
119 font-weight: 400;
120 padding: 3px 7px;
121 }
122 .hh-results{
123 border-collapse: collapse;
124 width: 100%;
125 }
126 .hh-results thead th,
127 .hh-results tbody td{
128 border-top: solid 1px #e0e0e0;
129 padding: 5px 5px 5px 0;
130 text-align: left;
131 }
132 .hh-results thead th{
133 border: none;
134 }
135 .hh-results tbody tr td:first-child{
136 white-space: nowrap;
137 }
138 .hh-results tbody tr.hh-found td{
139 background-color: #f7fcfe;
140 }
141 .hh-results tbody tr.hh-found td:first-child{
142 color: green;
143 }
144 .form-field .form-label{
145 font-weight: bold;
146 }
147 .form-field .form-lbl{
148 display: inline-block;
149 margin: 0 10px 0 0;
150 }
151 .form-row .form-col-6{
152 float: left;
153 width: 50%;
154 }
155 .form-row:after{
156 clear: left;
157 content: '';
158 display: table;
159 zoom: 1;
160 }
161 .hh-tabs > ul{
162 margin-bottom: -1px;
163 }
164 .hh-tabs > ul:after{
165 content: '';
166 display: table;
167 clear: left;
168 zoom: 1;
169 }
170 .hh-tabs > ul > li{
171 background-color: #fff;
172 border: solid 1px #ccc;
173 border-bottom: none;
174 display: inline-block;
175 float: left;
176 margin: 0 5px 0 0;
177 padding: 0;
178 }
179 .hh-tabs > ul > li a{
180 color: #222;
181 display: inline-block;
182 padding: 5px 10px;
183 text-decoration: none;
184 }
185 .hh-tabs > ul > li.hh-active{
186 border: solid 1px #222;
187 border-bottom-color: #fff;
188 }
189 .hh-tabs .hh-tab-active{
190 background-color: #fff;
191 border: solid 1px #222;
192 padding: 20px;
193 }
194 .hh-textarea-manual{
195 width: 100%;
196 }
197 .hh-hidden{
198 display: none;
199 }
200 .hh-wrapper{
201
202 }
203 .hh-sidebar{
204 float: right;
205 width: 20%;
206 }
207 .hh-sidebar-inner{
208 background-color: #fff;
209 border: solid 1px #92D295;
210 padding: 15px;
211 }
212 .hh-sidebar-inner h3{
213 margin: 0;
214 }
215 .hh-categories{
216 float: left;
217 width: 80%;
218 }
219 .hh-categories *{
220 -webkit-box-sizing: border-box;
221 -moz-box-sizing: border-box;
222 box-sizing: border-box;
223 }
224 .hh-wrapper:after,
225 .hh-categories:after{
226 content: '';
227 clear: both;
228 display: table;
229 zoom: 1;
230 }
231 a.hh-category{
232 background-color: #fff;
233 border: solid 1px #92D295;
234 display: inline-block;
235 float: left;
236 font-size: 16px;
237 height: 168px;
238 margin: 0 3% 3% 0;
239 position: relative;
240 text-align: center;
241 text-decoration: none;
242 text-transform: uppercase;
243 width: 30%;
244 }
245
246 a.hh-category i {
247 background-color: #92D295;
248 display: inline-block;
249 height: 48px;
250 margin: 35px 0 0;
251 text-align: center;
252 width: 48px;
253 -webkit-transform: rotate(20deg);
254 -moz-transform: rotate(20deg);
255 -ms-transform: rotate(20deg);
256 -o-transform: rotate(20deg);
257 }
258 a.hh-category i:after {
259 background-color: #92D295;
260 content: "";
261 display: inline-block;
262 height: 48px;
263 width: 48px;
264 -webkit-transform: rotate(135deg);
265 -moz-transform: rotate(135deg);
266 -ms-transform: rotate(135deg);
267 -o-transform: rotate(135deg);
268 }
269
270 a.hh-category span{
271 display: block;
272 color: #fff;
273 font-size: 24px;
274 font-weight: 600;
275 text-transform: uppercase;
276 left: 0;
277 position: absolute;
278 top: 48px;
279 width: 100%;
280 }
281
282 a.hh-category strong{
283 display: block;
284 font-weight: normal;
285 margin: 20px 0 0;
286 }
287
288 a.hh-category:hover{
289 box-shadow: 0 0 3px #6EC271;
290 }
291 a.hh-category:hover i{
292 -webkit-transform: rotate(160deg);
293 -moz-transform: rotate(160deg);
294 -ms-transform: rotate(160deg);
295 -o-transform: rotate(160deg);
296
297 -webkit-transition: -webkit-transform 0.5s ease-out;
298 -moz-transition: -moz-transform 0.5s ease-out;
299 -o-transition: -o-transform 0.5s ease-out;
300 transition: transform 0.5s ease-out;
301 }
302 .hh-p{
303 margin: 0.5em 0;
304 }
305 .hh-csv-value {
306 padding-left: 25px;
307 }
308 @media (min-width: 1280px) {
309 a.hh-category{
310 max-width: 260px;
311 }
312 }
313 @media (max-width: 960px) {
314 a.hh-category{
315 margin: 0 5% 20px;
316 width: 40%;
317 }
318 .hh-categories{
319 width: 70%;
320 }
321 .hh-sidebar{
322 width: 30%;
323 }
324 }
325 @media (max-width: 768px) {
326 .hh-categories{
327 width: 65%;
328 }
329 .hh-sidebar{
330 width: 35%;
331 }
332 }
333 @media (max-width: 640px) {
334 a.hh-category{
335 float: none;
336 margin: 0 0 20px;
337 width: 100%;
338 }
339 .hh-categories{
340 width: 55%;
341 }
342 .hh-sidebar{
343 width: 40%;
344 }
345 }
346 @media (max-width: 468px) {
347 a.hh-category{
348 max-width: 260px;
349 }
350 .hh-categories,
351 .hh-sidebar{
352 float: none;
353 margin: 0 auto;
354 max-width: 250px;
355 width: 100%;
356 }
357 }
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 /*
3 Plugin Name: HTTP Headers
4 Plugin URI: https://zinoui.com/blog/http-headers-for-wordpress
5 Description: A plugin for HTTP headers management including security, access-control (CORS), caching, compression, and authentication.
6 Version: 1.18.5
7 Author: Dimitar Ivanov
8 Author URI: https://zinoui.com
9 License: GPLv2 or later
10 Text Domain: http-headers
11 */
12
13 /*
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License
16 as published by the Free Software Foundation; either version 2
17 of the License, or (at your option) any later version.
18
19 This program is distributed in the hope that it will be useful,
20 but WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 GNU General Public License for more details.
23
24 You should have received a copy of the GNU General Public License
25 along with this program. If not, see <http://www.gnu.org/copyleft/gpl.html>.
26
27 Copyright (c) 2017-2021 Zino UI
28 */
29
30 if (!defined('ABSPATH')) {
31 exit;
32 }
33
34 $options = include dirname(__FILE__) . '/views/includes/options.inc.php';
35 foreach ($options as $option) {
36 if (get_option($option[0]) === false) {
37 add_option($option[0], $option[1], null, 'yes');
38 }
39 }
40
41 function build_csp_value($value) {
42 $csp = array();
43 foreach ($value as $key => $val)
44 {
45 if (is_array($val))
46 {
47 $source = NULL;
48 if (isset($val['source']))
49 {
50 $source = $val['source'];
51 unset($val['source']);
52 }
53 if (!empty($val))
54 {
55 $val = join(" ", array_keys($val));
56 if ($source)
57 {
58 $val .= " " . $source;
59 }
60 $csp[] = sprintf("%s %s", $key, $val);
61 } elseif ($source) {
62 $csp[] = sprintf("%s %s", $key, $source);
63 }
64 } else {
65 if (in_array($key, array('block-all-mixed-content', 'upgrade-insecure-requests')))
66 {
67 $csp[] = $key;
68 }
69 if (in_array($key, array('plugin-types', 'report-to')) && !empty($val))
70 {
71 $csp[] = sprintf("%s %s", $key, $val);
72 }
73 }
74 }
75
76 if (!$csp)
77 {
78 return NULL;
79 }
80
81 return join('; ', $csp);
82 }
83
84 function get_htaccess_filename() {
85 return get_option('hh_htaccess_path');
86 }
87
88 function get_user_ini_filename() {
89 return get_option('hh_user_ini_path');
90 }
91
92 function get_htpasswd_filename() {
93 return get_option('hh_htpasswd_path');
94 }
95
96 function get_htdigest_filename() {
97 return get_option('hh_htdigest_path');
98 }
99
100 function get_http_headers() {
101 $statuses = array();
102 $unset = array();
103 $headers = array();
104 $append = array();
105 if (get_option('hh_x_frame_options') == 1) {
106 $x_frame_options_value = strtoupper(get_option('hh_x_frame_options_value'));
107 if ($x_frame_options_value == 'ALLOW-FROM') {
108 $x_frame_options_value .= ' ' . get_option('hh_x_frame_options_domain');
109 }
110 $headers['X-Frame-Options'] = $x_frame_options_value;
111 }
112 if (get_option('hh_x_powered_by') == 1) {
113 if (get_option('hh_x_powered_by_option') == 'set') {
114 $headers['X-Powered-By'] = get_option('hh_x_powered_by_value');
115 } else {
116 $unset[] = 'X-Powered-By';
117 }
118 }
119 if (get_option('hh_x_xxs_protection') == 1) {
120 $headers['X-XSS-Protection'] = get_option('hh_x_xxs_protection_value');
121 if ($headers['X-XSS-Protection'] == '1; report=') {
122 $headers['X-XSS-Protection'] .= get_option('hh_x_xxs_protection_uri');
123 }
124 }
125 if (get_option('hh_x_content_type_options') == 1) {
126 $headers['X-Content-Type-Options'] = get_option('hh_x_content_type_options_value');
127 }
128 if (get_option('hh_x_download_options') == 1) {
129 $headers['X-Download-Options'] = get_option('hh_x_download_options_value');
130 }
131 if (get_option('hh_x_permitted_cross_domain_policies') == 1) {
132 $headers['X-Permitted-Cross-Domain-Policies'] = get_option('hh_x_permitted_cross_domain_policies_value');
133 }
134 if (get_option('hh_x_dns_prefetch_control') == 1) {
135 $headers['X-DNS-Prefetch-Control'] = get_option('hh_x_dns_prefetch_control_value');
136 }
137 if (get_option('hh_connection') == 1) {
138 $headers['Connection'] = get_option('hh_connection_value');
139 }
140 if (get_option('hh_pragma') == 1) {
141 $headers['Pragma'] = get_option('hh_pragma_value');
142 }
143 if (get_option('hh_age') == 1) {
144 $headers['Age'] = sprintf("%u", get_option('hh_age_value'));
145 }
146 if (get_option('hh_cache_control') == 1) {
147 $hh_cache_control_value = get_option('hh_cache_control_value', array());
148 $tmp = array();
149 foreach ($hh_cache_control_value as $k => $v) {
150 if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) {
151 if (strlen($v) > 0) {
152 $tmp[] = sprintf("%s=%u", $k, $v);
153 }
154 } else {
155 $tmp[] = $k;
156 }
157 }
158 $hh_cache_control_value = join(', ', $tmp);
159 $headers['Cache-Control'] = $hh_cache_control_value;
160 }
161 if (get_option('hh_strict_transport_security') == 1) {
162 $hh_strict_transport_security = array();
163
164 $hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
165 if ($hh_strict_transport_security_max_age !== false)
166 {
167 $hh_strict_transport_security[] = sprintf('max-age=%u', get_option('hh_strict_transport_security_max_age'));
168 if (get_option('hh_strict_transport_security_sub_domains'))
169 {
170 $hh_strict_transport_security[] = 'includeSubDomains';
171 }
172 if (get_option('hh_strict_transport_security_preload'))
173 {
174 $hh_strict_transport_security[] = 'preload';
175 }
176 } else {
177 $hh_strict_transport_security = array(get_option('hh_strict_transport_security_value'));
178 }
179 $headers['Strict-Transport-Security'] = join('; ', $hh_strict_transport_security);
180 }
181 if (get_option('hh_x_ua_compatible') == 1) {
182 $headers['X-UA-Compatible'] = get_option('hh_x_ua_compatible_value');
183 }
184
185 if (get_option('hh_content_security_policy') == 1)
186 {
187 $value = get_option('hh_content_security_policy_value');
188 $csp = build_csp_value($value);
189 if ($csp)
190 {
191 $csp_report_only = get_option('hh_content_security_policy_report_only');
192 $headers['Content-Security-Policy'.($csp_report_only ? '-Report-Only' : NULL)] = $csp;
193 }
194 }
195
196 if (get_option('hh_access_control_allow_origin') == 1)
197 {
198 $value = get_option('hh_access_control_allow_origin_value');
199 switch ($value)
200 {
201 case 'origin':
202 $value = get_option('hh_access_control_allow_origin_url', array());
203 if (is_scalar($value))
204 {
205 $value = array($value);
206 }
207 break;
208 }
209 if (!empty($value))
210 {
211 $headers['Access-Control-Allow-Origin'] = $value;
212 }
213 }
214 if (get_option('hh_access_control_allow_credentials') == 1)
215 {
216 $headers['Access-Control-Allow-Credentials'] = get_option('hh_access_control_allow_credentials_value');
217 }
218 if (get_option('hh_access_control_max_age') == 1)
219 {
220 $value = get_option('hh_access_control_max_age_value');
221 if (!empty($value))
222 {
223 $headers['Access-Control-Max-Age'] = intval($value);
224 }
225 }
226 if (get_option('hh_access_control_allow_methods') == 1)
227 {
228 $value = get_option('hh_access_control_allow_methods_value');
229 if (!empty($value))
230 {
231 $headers['Access-Control-Allow-Methods'] = join(', ', array_keys($value));
232 }
233 }
234 if (get_option('hh_access_control_allow_headers') == 1)
235 {
236 $tmp = array();
237 $value = get_option('hh_access_control_allow_headers_value');
238 if (!empty($value))
239 {
240 $tmp = array_merge($tmp, array_keys($value));
241 }
242 $custom = get_option('hh_access_control_allow_headers_custom');
243 if (!empty($custom))
244 {
245 $tmp = array_merge($tmp, $custom);
246 }
247 if ($tmp)
248 {
249 $tmp = array_filter($tmp, 'trim');
250 $tmp = array_unique($tmp);
251 $headers['Access-Control-Allow-Headers'] = join(', ', $tmp);
252 }
253 }
254 if (get_option('hh_access_control_expose_headers') == 1)
255 {
256 $tmp = array();
257 $value = get_option('hh_access_control_expose_headers_value');
258 if (!empty($value))
259 {
260 $tmp = array_merge($tmp, array_keys($value));
261 }
262 $custom = get_option('hh_access_control_expose_headers_custom');
263 if (!empty($custom))
264 {
265 $tmp = array_merge($tmp, $custom);
266 }
267 if ($tmp)
268 {
269 $tmp = array_filter($tmp, 'trim');
270 $tmp = array_unique($tmp);
271 $headers['Access-Control-Expose-Headers'] = join(', ', $tmp);
272 }
273 }
274 if (get_option('hh_p3p') == 1)
275 {
276 $value = get_option('hh_p3p_value');
277 if (!empty($value))
278 {
279 $headers['P3P'] = 'CP="' . join(' ', array_keys($value)) . '"';
280 }
281 }
282 if (get_option('hh_referrer_policy') == 1) {
283 $headers['Referrer-Policy'] = get_option('hh_referrer_policy_value');
284 }
285 if (get_option('hh_cross_origin_resource_policy') == 1) {
286 $headers['Cross-Origin-Resource-Policy'] = get_option('hh_cross_origin_resource_policy_value');
287 }
288 if (get_option('hh_cross_origin_embedder_policy') == 1) {
289 $headers['Cross-Origin-Embedder-Policy'] = get_option('hh_cross_origin_embedder_policy_value');
290 }
291 if (get_option('hh_cross_origin_opener_policy') == 1) {
292 $headers['Cross-Origin-Opener-Policy'] = get_option('hh_cross_origin_opener_policy_value');
293 }
294 if (get_option('hh_www_authenticate') == 1) {
295
296 switch (get_option('hh_www_authenticate_type')) {
297 case 'Basic':
298 if (!(isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])
299 && $_SERVER['PHP_AUTH_USER'] == get_option('hh_www_authenticate_user')
300 && $_SERVER['PHP_AUTH_PW'] == get_option('hh_www_authenticate_pswd'))) {
301 $headers['WWW-Authenticate'] = sprintf("Basic realm='%s'", get_option('hh_www_authenticate_realm'));
302 $statuses['HTTP/1.1'] = '401 Unauthorized';
303 }
304 break;
305 case 'Digest':
306 if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
307 $realm = get_option('hh_www_authenticate_realm');
308 $headers['WWW-Authenticate'] = sprintf("Digest realm='%s',qop='auth',nonce='%s',opaque='%s'",
309 $realm, uniqid(), md5($realm));
310 $statuses['HTTP/1.1'] = '401 Unauthorized';
311 }
312 break;
313 }
314 }
315 if (get_option('hh_vary') == 1)
316 {
317 $value = get_option('hh_vary_value');
318 if (!empty($value))
319 {
320 $append['Vary'] = join(', ', array_keys($value));
321 }
322 }
323
324 if (get_option('hh_expect_ct') == 1) {
325 $expect_ct_max_age = get_option('hh_expect_ct_max_age');
326 $expect_ct_report_uri = get_option('hh_expect_ct_report_uri');
327 if (!empty($expect_ct_report_uri) && !empty($expect_ct_max_age)) {
328
329 $expect_ct = array();
330 $expect_ct[] = sprintf("max-age=%u", $expect_ct_max_age);
331 if (get_option('hh_expect_ct_enforce') == 1) {
332 $expect_ct[] = "enforce";
333 }
334 $expect_ct[] = sprintf('report-uri="%s"', $expect_ct_report_uri);
335 $headers['Expect-CT'] = join(', ', $expect_ct);
336 }
337 }
338 if (get_option('hh_custom_headers') == 1) {
339 $custom_headers = get_option('hh_custom_headers_value');
340 if (isset($custom_headers['name'], $custom_headers['value']) && !empty($custom_headers['name'])) {
341 foreach ($custom_headers['name'] as $key => $name) {
342 $name = trim($name);
343 $value = trim($custom_headers['value'][$key]);
344 if (empty($name) || empty($value)) {
345 continue;
346 }
347 $headers[$name] = $value;
348 }
349 }
350 }
351
352 $value = get_http_header('report_to');
353 if ($value) {
354 $headers['Report-To'] = $value;
355 }
356
357 $value = get_http_header('nel');
358 if ($value) {
359 $headers['NEL'] = $value;
360 }
361
362 $value = get_http_header('feature_policy');
363 if ($value) {
364 $headers['Feature-Policy'] = $value;
365 }
366
367 $value = get_http_header('permissions_policy');
368 if ($value) {
369 $headers['Permissions-Policy'] = $value;
370 }
371
372 $value = get_http_header('x_robots_tag');
373 if ($value) {
374 $headers['X-Robots-Tag'] = $value;
375 }
376
377 return array($headers, $statuses, $unset, $append);
378 }
379
380 function get_http_header($header_name) {
381 $fn = sprintf('get_%s_header', $header_name);
382 if (!function_exists($fn)) {
383 return NULL;
384 }
385
386 return call_user_func($fn);
387 }
388
389 function get_report_to_header() {
390 if (get_option('hh_report_to') != 1) {
391 return NULL;
392 }
393 $report_to = get_option('hh_report_to_value');
394 $tmp = array();
395 foreach ($report_to as $item) {
396 $endpoints = array();
397 foreach ($item['endpoints'] as $endpoint) {
398 $endpoints[] = sprintf('{"url": "%s"%s%s}',
399 $endpoint['url'],
400 is_numeric($endpoint['priority']) ? sprintf(', "priority": %u', $endpoint['priority']) : NULL,
401 is_numeric($endpoint['weight']) ? sprintf(', "weight": %u', $endpoint['weight']) : NULL
402 );
403 }
404
405 $tmp[] = sprintf('{"max_age": %u%s%s, "endpoints": [%s]}',
406 $item['max_age'],
407 $item['group'] ? sprintf(', "group": "%s"', $item['group']) : NULL,
408 $item['include_subdomains'] ? sprintf(', "include_subdomains": true') : NULL,
409 join(", ", $endpoints)
410 );
411 }
412
413 return join(', ', $tmp);
414 }
415
416 function get_x_robots_tag_header() {
417 if (get_option('hh_x_robots_tag') != 1) {
418 return NULL;
419 }
420
421 $hh_x_robots_tag_value = get_option('hh_x_robots_tag_value', array());
422 $tmp = array();
423 foreach ($hh_x_robots_tag_value as $k => $v) {
424 if ($k == 'max-snippet') {
425 if (is_numeric($v) && $v >= -1) {
426 $tmp[] = "$k:$v";
427 }
428 } elseif ($k == 'max-image-preview') {
429 if (!empty($v)) {
430 $tmp[] = "$k:$v";
431 }
432 } elseif ($k == 'max-video-preview') {
433 if (is_numeric($v) && $v >= -1) {
434 $tmp[] = "$k:$v";
435 }
436 } elseif ($k == 'unavailable_after') {
437 if (!empty($v)) {
438 $tmp[] = "$k:$v";
439 }
440 } else {
441 $tmp[] = $k;
442 }
443 }
444 return join(', ', $tmp);
445 }
446
447 function get_nel_header() {
448 if (get_option('hh_nel') != 1) {
449 return NULL;
450 }
451
452 $nel = get_option('hh_nel_value', array());
453 return sprintf('{"report_to": "%s", "max_age": %u%s%s%s%s%s}',
454 @$nel['report_to'], @$nel['max_age'],
455 isset($nel['include_subdomains']) ? ', "include_subdomains": true' : NULL,
456 array_key_exists('success_fraction', $nel) && is_numeric($nel['success_fraction']) ? ', "success_fraction": '. $nel['success_fraction'] : NULL,
457 array_key_exists('failure_fraction', $nel) && is_numeric($nel['failure_fraction']) ? ', "failure_fraction": '. $nel['failure_fraction'] : NULL,
458 isset($nel['request_headers']) && !empty($nel['request_headers']) ? sprintf(', "request_headers": ["%s"]', join('", "', array_map('trim', explode(',', $nel['request_headers'])))) : NULL,
459 isset($nel['response_headers']) && !empty($nel['response_headers']) ? sprintf(', "response_headers": ["%s"]', join('", "', array_map('trim', explode(',', $nel['response_headers'])))) : NULL
460 );
461 }
462
463 function get_feature_policy_header() {
464 if (get_option('hh_feature_policy') != 1) {
465 return NULL;
466 }
467 $feature_policy_feature = get_option('hh_feature_policy_feature');
468 $feature_policy_value = get_option('hh_feature_policy_value');
469 $feature_policy_origin = get_option('hh_feature_policy_origin');
470 $tmp = array();
471 $feature_policy_feature = is_array($feature_policy_feature) ? $feature_policy_feature : array();
472 foreach (array_keys($feature_policy_feature) as $feature) {
473 $value = NULL;
474 switch ($feature_policy_value[$feature]) {
475 case '*':
476 case "'none'":
477 $value = $feature_policy_value[$feature];
478 break;
479 case "'self'":
480 $value = $feature_policy_value[$feature];
481 if (!empty($feature_policy_origin[$feature])) {
482 $value .= " " . $feature_policy_origin[$feature];
483 }
484 break;
485 case 'origin(s)':
486 $value = $feature_policy_origin[$feature];
487 break;
488 }
489
490 $tmp[] = sprintf("%s %s", $feature, $value);
491 }
492
493 return join('; ', $tmp);
494 }
495
496 function get_permissions_policy_header() {
497 if (get_option('hh_permissions_policy') != 1) {
498 return NULL;
499 }
500 $permissions_policy_feature = get_option('hh_permissions_policy_feature');
501 $permissions_policy_value = get_option('hh_permissions_policy_value');
502 $permissions_policy_origin = get_option('hh_permissions_policy_origin');
503
504 $tmp = array();
505 $permissions_policy_feature = is_array($permissions_policy_feature) ? $permissions_policy_feature : array();
506 foreach (array_keys($permissions_policy_feature) as $feature) {
507
508 $origins = NULL;
509 if (!empty($permissions_policy_origin[$feature]))
510 {
511 $origins = $permissions_policy_origin[$feature];
512 $origins = str_replace(array('"', "'"), '', $origins);
513 $origins = explode(' ', $origins);
514 $origins = array_filter($origins);
515 $origins = array_unique($origins);
516 $origins = '"' . join('" "', $origins) . '"';
517 }
518
519 $value = NULL;
520 switch ($permissions_policy_value[$feature]) {
521 case '*':
522 $value = '*';
523 break;
524 case "none":
525 $value = '()';
526 break;
527 case "self":
528 $value = 'self';
529 if ($origins)
530 {
531 $value .= ' ' . $origins;
532 }
533 $value = sprintf('(%s)', $value);
534 break;
535 case 'origin(s)':
536 $value = sprintf('(%s)', $origins);
537 break;
538 }
539
540 $tmp[] = sprintf('%s=%s', $feature, $value);
541 }
542
543 return join(', ', $tmp);
544 }
545
546 function http_digest_parse($txt) {
547 $txt = stripslashes($txt);
548
549 $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
550 $data = array();
551 $keys = implode('|', array_keys($needed_parts));
552
553 $matches = null;
554 preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
555
556 foreach ($matches as $m) {
557 $data[$m[1]] = $m[3] ? $m[3] : $m[4];
558 unset($needed_parts[$m[1]]);
559 }
560
561 return $needed_parts ? false : $data;
562 }
563
564 function php_auth_digest() {
565 if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || get_option('hh_www_authenticate_user') != $data['username']) {
566 die('Wrong Credentials!');
567 }
568
569 $A1 = md5($data['username'] . ':' . get_option('hh_www_authenticate_realm') . ':' . get_option('hh_www_authenticate_pswd'));
570 $A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
571 $valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
572 if ($data['response'] != $valid_response) {
573 die('Wrong Credentials!');
574 }
575 }
576
577 function php_content_encoding() {
578 if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
579 ob_start('ob_gzhandler');
580 } else {
581 ob_start();
582 }
583 }
584
585 function php_cookie_security_directives() {
586 $lines = array();
587 if (get_option('hh_cookie_security') == 1) {
588 $value = get_option('hh_cookie_security_value', array());
589 if (isset($value['HttpOnly'])) {
590 $lines[] = 'session.cookie_httponly = on';
591 }
592 if (isset($value['Secure'])) {
593 $lines[] = 'session.cookie_secure = on';
594 }
595 if (isset($value['SameSite']) && in_array($value['SameSite'], array('None', 'Lax', 'Strict'))) {
596 $lines[] = sprintf('session.cookie_samesite = "%s"', $value['SameSite']);
597 }
598 }
599
600 return $lines;
601 }
602
603 function http_headers() {
604 if (!is_php_mode()) {
605 return;
606 }
607 // PHP method below
608 list($headers, $statuses, $unset, $append) = get_http_headers();
609 $isCors = false;
610 foreach ($headers as $key => $value) {
611 if ($key == 'Access-Control-Allow-Origin') {
612 if (isset($_SERVER['HTTP_ORIGIN'])) {
613 if (in_array($value, array('*', 'null'))) {
614 $isCors = true;
615 header(sprintf("%s: *", $key));
616 }
617
618 if (is_array($value) && in_array($_SERVER['HTTP_ORIGIN'], $value)) {
619 $isCors = true;
620 header(sprintf("%s: %s", $key, $_SERVER['HTTP_ORIGIN']));
621 header("Vary: Origin", false);
622 }
623 }
624 continue;
625 }
626 if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) {
627 if ($isCors) {
628 header(sprintf("%s: %s", $key, $value));
629 }
630 continue;
631 }
632 header(sprintf("%s: %s", $key, $value));
633 }
634 foreach ($append as $key => $value) {
635 header(sprintf("%s: %s", $key, $value), false);
636 }
637 foreach ($unset as $header) {
638 if (function_exists('header_remove')) {
639 header_remove($header);
640 } else {
641 header("$header:");
642 }
643 }
644 foreach ($statuses as $key => $value) {
645 header(sprintf("%s %s", $key, $value));
646 exit;
647 }
648
649 if (get_option('hh_www_authenticate') == 1) {
650 php_auth_digest();
651 }
652
653 if (get_option('hh_content_encoding') == 1) {
654 php_content_encoding();
655 }
656 }
657
658 function http_headers_admin_add_page() {
659 add_options_page('HTTP Headers', 'HTTP Headers', 'manage_options', 'http-headers', 'http_headers_admin_page');
660 }
661
662 function http_headers_admin() {
663 register_setting('http-headers-mtd', 'hh_method');
664 register_setting('http-headers-mtd', 'hh_htaccess_path');
665 register_setting('http-headers-mtd', 'hh_user_ini_path');
666 register_setting('http-headers-mtd', 'hh_htpasswd_path');
667 register_setting('http-headers-mtd', 'hh_htdigest_path');
668 register_setting('http-headers-xfo', 'hh_x_frame_options');
669 register_setting('http-headers-xfo', 'hh_x_frame_options_value');
670 register_setting('http-headers-xfo', 'hh_x_frame_options_domain');
671 register_setting('http-headers-xss', 'hh_x_xxs_protection');
672 register_setting('http-headers-xss', 'hh_x_xxs_protection_value');
673 register_setting('http-headers-xss', 'hh_x_xxs_protection_uri');
674 register_setting('http-headers-cto', 'hh_x_content_type_options');
675 register_setting('http-headers-cto', 'hh_x_content_type_options_value');
676 register_setting('http-headers-sts', 'hh_strict_transport_security');
677 register_setting('http-headers-sts', 'hh_strict_transport_security_value'); //obsolete
678 register_setting('http-headers-sts', 'hh_strict_transport_security_max_age');
679 register_setting('http-headers-sts', 'hh_strict_transport_security_sub_domains');
680 register_setting('http-headers-sts', 'hh_strict_transport_security_preload');
681 register_setting('http-headers-uac', 'hh_x_ua_compatible');
682 register_setting('http-headers-uac', 'hh_x_ua_compatible_value');
683 register_setting('http-headers-p3p', 'hh_p3p');
684 register_setting('http-headers-p3p', 'hh_p3p_value');
685 register_setting('http-headers-rp', 'hh_referrer_policy');
686 register_setting('http-headers-rp', 'hh_referrer_policy_value');
687 register_setting('http-headers-csp', 'hh_content_security_policy');
688 register_setting('http-headers-csp', 'hh_content_security_policy_value');
689 register_setting('http-headers-csp', 'hh_content_security_policy_report_only');
690 register_setting('http-headers-acao', 'hh_access_control_allow_origin');
691 register_setting('http-headers-acao', 'hh_access_control_allow_origin_value');
692 register_setting('http-headers-acao', 'hh_access_control_allow_origin_url');
693 register_setting('http-headers-acac', 'hh_access_control_allow_credentials');
694 register_setting('http-headers-acac', 'hh_access_control_allow_credentials_value');
695 register_setting('http-headers-acam', 'hh_access_control_allow_methods');
696 register_setting('http-headers-acam', 'hh_access_control_allow_methods_value');
697 register_setting('http-headers-acah', 'hh_access_control_allow_headers');
698 register_setting('http-headers-acah', 'hh_access_control_allow_headers_value');
699 register_setting('http-headers-acah', 'hh_access_control_allow_headers_custom');
700 register_setting('http-headers-aceh', 'hh_access_control_expose_headers');
701 register_setting('http-headers-aceh', 'hh_access_control_expose_headers_value');
702 register_setting('http-headers-aceh', 'hh_access_control_expose_headers_custom');
703 register_setting('http-headers-acma', 'hh_access_control_max_age');
704 register_setting('http-headers-acma', 'hh_access_control_max_age_value');
705 register_setting('http-headers-ce', 'hh_content_encoding');
706 register_setting('http-headers-ce', 'hh_content_encoding_module');
707 register_setting('http-headers-ce', 'hh_content_encoding_value');
708 register_setting('http-headers-ce', 'hh_content_encoding_ext');
709 register_setting('http-headers-vary', 'hh_vary');
710 register_setting('http-headers-vary', 'hh_vary_value');
711 register_setting('http-headers-xpb', 'hh_x_powered_by');
712 register_setting('http-headers-xpb', 'hh_x_powered_by_option');
713 register_setting('http-headers-xpb', 'hh_x_powered_by_value');
714 register_setting('http-headers-wwa', 'hh_www_authenticate');
715 register_setting('http-headers-wwa', 'hh_www_authenticate_type');
716 register_setting('http-headers-wwa', 'hh_www_authenticate_realm');
717 register_setting('http-headers-wwa', 'hh_www_authenticate_user');
718 register_setting('http-headers-wwa', 'hh_www_authenticate_pswd');
719 register_setting('http-headers-cc', 'hh_cache_control');
720 register_setting('http-headers-cc', 'hh_cache_control_value');
721 register_setting('http-headers-age', 'hh_age');
722 register_setting('http-headers-age', 'hh_age_value');
723 register_setting('http-headers-pra', 'hh_pragma');
724 register_setting('http-headers-pra', 'hh_pragma_value');
725 register_setting('http-headers-exp', 'hh_expires');
726 register_setting('http-headers-exp', 'hh_expires_value');
727 register_setting('http-headers-exp', 'hh_expires_type');
728 register_setting('http-headers-con', 'hh_connection');
729 register_setting('http-headers-con', 'hh_connection_value');
730 register_setting('http-headers-cose', 'hh_cookie_security');
731 register_setting('http-headers-cose', 'hh_cookie_security_value');
732 register_setting('http-headers-ect', 'hh_expect_ct');
733 register_setting('http-headers-ect', 'hh_expect_ct_max_age');
734 register_setting('http-headers-ect', 'hh_expect_ct_report_uri');
735 register_setting('http-headers-ect', 'hh_expect_ct_enforce');
736 register_setting('http-headers-tao', 'hh_timing_allow_origin');
737 register_setting('http-headers-tao', 'hh_timing_allow_origin_value');
738 register_setting('http-headers-tao', 'hh_timing_allow_origin_url');
739 register_setting('http-headers-che', 'hh_custom_headers');
740 register_setting('http-headers-che', 'hh_custom_headers_value');
741 register_setting('http-headers-xdo', 'hh_x_download_options');
742 register_setting('http-headers-xdo', 'hh_x_download_options_value');
743 register_setting('http-headers-xpcd', 'hh_x_permitted_cross_domain_policies');
744 register_setting('http-headers-xpcd', 'hh_x_permitted_cross_domain_policies_value');
745 register_setting('http-headers-xdpc', 'hh_x_dns_prefetch_control');
746 register_setting('http-headers-xdpc', 'hh_x_dns_prefetch_control_value');
747 register_setting('http-headers-rt', 'hh_report_to');
748 register_setting('http-headers-rt', 'hh_report_to_value');
749 register_setting('http-headers-fp', 'hh_feature_policy');
750 register_setting('http-headers-fp', 'hh_feature_policy_value');
751 register_setting('http-headers-fp', 'hh_feature_policy_feature');
752 register_setting('http-headers-fp', 'hh_feature_policy_origin');
753 register_setting('http-headers-pp', 'hh_permissions_policy');
754 register_setting('http-headers-pp', 'hh_permissions_policy_value');
755 register_setting('http-headers-pp', 'hh_permissions_policy_feature');
756 register_setting('http-headers-pp', 'hh_permissions_policy_origin');
757 register_setting('http-headers-csd', 'hh_clear_site_data');
758 register_setting('http-headers-csd', 'hh_clear_site_data_value');
759 register_setting('http-headers-cty', 'hh_content_type');
760 register_setting('http-headers-cty', 'hh_content_type_value');
761 register_setting('http-headers-corp', 'hh_cross_origin_resource_policy');
762 register_setting('http-headers-corp', 'hh_cross_origin_resource_policy_value');
763 register_setting('http-headers-nel', 'hh_nel');
764 register_setting('http-headers-nel', 'hh_nel_value');
765 register_setting('http-headers-coep', 'hh_cross_origin_embedder_policy');
766 register_setting('http-headers-coep', 'hh_cross_origin_embedder_policy_value');
767 register_setting('http-headers-coop', 'hh_cross_origin_opener_policy');
768 register_setting('http-headers-coop', 'hh_cross_origin_opener_policy_value');
769 register_setting('http-headers-rob', 'hh_x_robots_tag');
770 register_setting('http-headers-rob', 'hh_x_robots_tag_value');
771 }
772
773 function http_headers_option($option) {
774
775 include_once ABSPATH . 'wp-admin/includes/admin.php';
776
777 require_once ABSPATH . WPINC . '/pluggable.php';
778
779 if (isset($_POST['hh_method']))
780 {
781 check_admin_referer('http-headers-mtd-options');
782 # When method is changed
783 http_headers_activate();
784
785 } elseif (is_apache_mode()) {
786 # When particular header is changed
787 switch (true) {
788 case array_key_exists('hh_www_authenticate', $_POST):
789 check_admin_referer('http-headers-wwa-options');
790 update_auth_credentials();
791 update_auth_directives();
792 break;
793 case array_key_exists('hh_content_encoding', $_POST):
794 check_admin_referer('http-headers-ce-options');
795 update_content_encoding_directives();
796 break;
797 case array_key_exists('hh_content_type', $_POST):
798 check_admin_referer('http-headers-cty-options');
799 update_content_type_directives();
800 break;
801 case array_key_exists('hh_expires', $_POST):
802 check_admin_referer('http-headers-exp-options');
803 update_expires_directives();
804 break;
805 case array_key_exists('hh_cookie_security', $_POST):
806 check_admin_referer('http-headers-cose-options');
807 update_cookie_security_directives();
808 break;
809 case array_key_exists('hh_timing_allow_origin', $_POST):
810 check_admin_referer('http-headers-tao-options');
811 update_timing_directives();
812 break;
813 case array_key_exists('option_page', $_POST) && strpos($_POST['option_page'], 'http-headers-') === 0:
814 check_admin_referer($_POST['option_page'].'-options');
815 update_headers_directives();
816 break;
817 }
818 }
819 }
820
821 function nginx_headers_directives() {
822 $lines = array();
823 list($headers, , $unset, $append) = get_http_headers();
824
825 foreach ($unset as $header) {
826 $lines[] = sprintf(' more_clear_headers "%s";', $header);
827 }
828 $cors = $cors_header = $cors_inner = $cors_footer = array();
829 $all = array();
830 foreach ($headers as $key => $value) {
831 if (in_array($key, array('WWW-Authenticate'))) {
832 continue;
833 }
834 if (in_array($key, array('X-Content-Type-Options'))) {
835 $all[] = sprintf('add_header %s %s always;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
836 continue;
837 }
838 if ($key == 'Access-Control-Allow-Origin' && is_array($value)) {
839 $cors_header[] = sprintf('if ($http_origin ~* ^(%s)$) {', str_replace('.', '\.', join('|', $value)));
840 $cors_footer[] = '}';
841 $cors_inner[] = ' add_header Access-Control-Allow-Origin "$http_origin";';
842 if (!in_array('*', $value))
843 {
844 $cors_inner[] = ' add_header Vary "Origin";';
845 }
846 continue;
847 }
848 if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) {
849 $cors_inner[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
850 continue;
851 }
852 $lines[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
853 }
854 foreach ($append as $key => $value) {
855 $lines[] = sprintf(' add_header %s %s;', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
856 }
857 if (!empty($cors_inner))
858 {
859 $cors = array_merge(
860 $cors_header,
861 $cors_inner,
862 $cors_footer
863 );
864 }
865 if (!empty($lines)) {
866 $lines = array_merge(
867 $all,
868 $cors,
869 array('location ~* \.(php|html)$ {'),
870 $lines,
871 array('}')
872 );
873 }
874 return $lines;
875 }
876
877 function nginx_content_encoding_directives() {
878 $lines = array();
879 if (get_option('hh_content_encoding') == 1) {
880
881 $lines[] = 'gzip on;';
882
883 $content_encoding_value = get_option('hh_content_encoding_value');
884 if (!$content_encoding_value) {
885 $content_encoding_value = array();
886 }
887
888 $content_encoding_ext = get_option('hh_content_encoding_ext');
889 if (!$content_encoding_ext) {
890 $content_encoding_ext = array();
891 }
892 if (!empty($content_encoding_ext)) {
893 //$lines[] = sprintf('<FilesMatch "\.(%s)$">', join('|', array_keys($content_encoding_ext)));
894 }
895 if (!empty($content_encoding_value)) {
896 $lines[] = sprintf('gzip_types %s;', join(' ', array_keys($content_encoding_value)));
897 }
898 }
899 return $lines;
900 }
901
902 function nginx_content_type_directives() {
903 $lines = array();
904 if (get_option('hh_content_type') == 1) {
905 $values = get_option('hh_content_type_value', array());
906 foreach ($values as $ext => $media_type) {
907 $lines[] = sprintf("%s %s;", $media_type, $ext);
908 }
909 }
910
911 return $lines;
912 }
913
914 function nginx_expires_directives() {
915 $lines = array();
916 if (get_option('hh_expires') == 1) {
917
918 $types = get_option('hh_expires_type', array());
919 $values = get_option('hh_expires_value', array());
920
921 $lines[] = 'map $sent_http_content_type $expires {';
922 foreach (array_keys($types) as $type) {
923 list($base, $period, $suffix) = explode('_', $values[$type]);
924 if (in_array($base, array('access', 'modification'))) {
925 $lines[] = $type != 'default'
926 ? sprintf(' %s %u%s;', $type, $period, $suffix[0])
927 : sprintf(' default %u%s;', $period, $suffix[0]);
928 } elseif ($base == 'invalid') {
929 $lines[] = $type != 'default'
930 ? sprintf(' %s 0;', $type)
931 : sprintf(' default 0;');
932 }
933 }
934 $lines[] = '}';
935
936 $lines[] = 'expires $expires;';
937 }
938 return $lines;
939 }
940
941 function nginx_timing_directives() {
942 $lines = array();
943 if (get_option('hh_timing_allow_origin') == 1) {
944 $value = get_option('hh_timing_allow_origin_value');
945 switch ($value)
946 {
947 case 'origin':
948 $value = get_option('hh_timing_allow_origin_url');
949 break;
950 }
951 if (!empty($value))
952 {
953 $lines[] = 'location ~* \.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$ {';
954 $lines[] = sprintf(' add_header Timing-Allow-Origin "%s";', $value);
955 $lines[] = '}';
956 }
957 }
958 return $lines;
959 }
960
961 function nginx_auth_directives() {
962 $lines = array();
963 if (get_option('hh_www_authenticate') == 1) {
964
965 $type = get_option('hh_www_authenticate_type');
966
967 $file = $type == 'Basic' ? get_htpasswd_filename() : get_htdigest_filename();
968
969 $lines[] = sprintf('location ~ ^%s$ {', str_replace('.', '\.', basename($file)));
970 $lines[] = ' deny all;';
971 $lines[] = '}';
972
973 $lines[] = sprintf('location %s {', get_home_path());
974 if ($type == 'Basic') {
975 $lines[] = sprintf(' auth_basic "%s";', get_option('hh_www_authenticate_realm'));
976 $lines[] = sprintf(' auth_basic_user_file %s;', $file);
977 } else {
978 $lines[] = sprintf(' auth_digest "%s";', get_option('hh_www_authenticate_realm'));
979 $lines[] = sprintf(' auth_digest_user_file %s;', $file);
980 }
981 $lines[] = '}';
982 }
983 return $lines;
984 }
985
986 function nginx_auth_credentials() {
987 return apache_auth_credentials();
988 }
989
990 function nginx_cookie_security_directives() {
991 $lines = array();
992
993 //TODO
994
995 return $lines;
996 }
997
998 function nginx_check_requirements() {
999 //TODO scheduled for v2.0.0
1000 return true;
1001 }
1002
1003 function iis_headers_directives() {
1004 //TODO scheduled for v2.0.0
1005 }
1006
1007 function iis_content_encoding_directives() {
1008 //TODO scheduled for v2.0.0
1009 }
1010
1011 function iis_content_type_directives() {
1012 //TODO scheduled for v2.0.0
1013 }
1014
1015 function iis_expires_directives() {
1016 //TODO scheduled for v2.0.0
1017 }
1018
1019 function iis_timing_directives() {
1020 //TODO scheduled for v2.0.0
1021 }
1022
1023 function iis_auth_directives() {
1024 //TODO scheduled for v2.0.0
1025 }
1026
1027 function iis_auth_credentials() {
1028 //TODO scheduled for v2.0.0
1029 }
1030
1031 function iis_cookie_security_directives() {
1032 //TODO scheduled for v2.0.0
1033 }
1034
1035 function iis_check_requirements() {
1036 //TODO scheduled for v2.0.0
1037 return true;
1038 }
1039
1040 function apache_headers_directives() {
1041 $lines = array();
1042 list($headers, , $unset, $append) = get_http_headers();
1043
1044 foreach ($unset as $header) {
1045 $lines[] = sprintf(' Header always unset %s', $header);
1046 $lines[] = sprintf(' Header unset %s', $header);
1047 }
1048 $all = array();
1049 foreach ($headers as $key => $value) {
1050 if (in_array($key, array('WWW-Authenticate'))) {
1051 continue;
1052 }
1053 if (in_array($key, array('X-Content-Type-Options'))) {
1054 $all[] = sprintf(' Header always set %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
1055 continue;
1056 }
1057 if ($key == 'Strict-Transport-Security') {
1058 $lines[] = sprintf(' Header set %s %s env=HTTPS', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
1059 continue;
1060 }
1061 if ($key == 'Access-Control-Allow-Origin') {
1062 $all[] = ' <IfModule mod_setenvif.c>';
1063 if (!is_array($value)) {
1064 if ($value) {
1065 $value = array($value);
1066 } else {
1067 $value = array();
1068 }
1069 }
1070 //$value[] = 'null';
1071 if (is_array($value))
1072 {
1073 $all[] = sprintf(' SetEnvIf Origin "^(%s)$" CORS=$0', str_replace(array('.', '*'), array('\.', '.+'), join('|', $value)));
1074 } else {
1075 $all[] = ' SetEnvIf Origin "^(.+)$" CORS=$0';
1076 }
1077 $all[] = ' </IfModule>';
1078 $all[] = ' Header set Access-Control-Allow-Origin %{CORS}e env=CORS';
1079 if (!in_array('*', $value))
1080 {
1081 $all[] = ' Header append Vary "Origin" env=CORS';
1082 }
1083 continue;
1084 }
1085 if (in_array($key, array('Access-Control-Allow-Headers', 'Access-Control-Allow-Methods', 'Access-Control-Allow-Credentials', 'Access-Control-Max-Age', 'Access-Control-Expose-Headers'))) {
1086 $all[] = sprintf(' Header set %s %s env=CORS', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
1087 continue;
1088 }
1089 $lines[] = sprintf(' Header set %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
1090 }
1091 foreach ($append as $key => $value) {
1092 $lines[] = sprintf(' Header append %s %s', $key, sprintf('%1$s%2$s%1$s', strpos($value, '"') === false ? '"' : "'", $value));
1093 }
1094 if (!empty($lines) || !empty($all)) {
1095 $lines = array_merge(
1096 array('<IfModule mod_headers.c>'),
1097 $all,
1098 array(' <FilesMatch "\.(php|html)$">'),
1099 $lines,
1100 array(' </FilesMatch>', '</IfModule>')
1101 );
1102 }
1103 return $lines;
1104 }
1105
1106 function apache_content_encoding_directives() {
1107 $lines = array();
1108 if (get_option('hh_content_encoding') == 1) {
1109
1110 $content_encoding_module = get_option('hh_content_encoding_module');
1111
1112 $module = 'mod_deflate.c';
1113 $filter = 'DEFLATE';
1114 $accept_encoding = 'gzip';
1115
1116 if ($content_encoding_module == 'brotli') {
1117 $module = 'mod_brotli.c';
1118 $filter = 'BROTLI_COMPRESS';
1119 $accept_encoding = 'br';
1120 }
1121
1122 $content_encoding_value = get_option('hh_content_encoding_value');
1123 if (!$content_encoding_value) {
1124 $content_encoding_value = array();
1125 }
1126
1127 $content_encoding_ext = get_option('hh_content_encoding_ext');
1128 if (!$content_encoding_ext) {
1129 $content_encoding_ext = array();
1130 }
1131
1132 $type = join('|', array_keys($content_encoding_value));
1133 $ext = join('|', array_keys($content_encoding_ext));
1134
1135 if (!empty($type) && !empty($ext)) {
1136 $expression = sprintf('(%%{CONTENT_TYPE} =~ m#^(%1$s)# || %%{REQUEST_FILENAME} =~ /.(%2$s)$/)', $type, $ext);
1137 } elseif (!empty($type)) {
1138 $expression = sprintf('%%{CONTENT_TYPE} =~ m#^(%1$s)#', $type);
1139 } elseif (!empty($ext)) {
1140 $expression = sprintf('%%{REQUEST_FILENAME} =~ /.(%1$s)$/', $ext);
1141 }
1142
1143 if (isset($expression)) {
1144 $lines[] = '<IfModule mod_filter.c>';
1145 $lines[] = ' FilterDeclare HttpHeaders';
1146 if (in_array($content_encoding_module, array('brotli', 'deflate'))) {
1147 $lines[] = sprintf('<IfModule %s>', $module);
1148 $lines[] = sprintf(' FilterProvider HttpHeaders %1$s "%%{HTTP:Accept-Encoding} =~ /%2$s/ && %3$s"', $filter, $accept_encoding, $expression);
1149 $lines[] = ' </IfModule>';
1150 } else {
1151 $lines[] = ' <IfModule mod_deflate.c>';
1152 $lines[] = ' <IfModule !mod_brotli.c>';
1153 $lines[] = sprintf(' FilterProvider HttpHeaders DEFLATE "%%{HTTP:Accept-Encoding} =~ /gzip/ && %1$s"', $expression);
1154 $lines[] = ' </IfModule>';
1155 $lines[] = ' </IfModule>';
1156 $lines[] = ' <IfModule mod_brotli.c>';
1157 $lines[] = sprintf(' FilterProvider HttpHeaders BROTLI_COMPRESS "%%{HTTP:Accept-Encoding} =~ /br/ && %1$s"', $expression);
1158 $lines[] = ' </IfModule>';
1159 }
1160 $lines[] = ' FilterChain HttpHeaders';
1161 $lines[] = '</IfModule>';
1162 }
1163 }
1164
1165 return $lines;
1166 }
1167
1168 function apache_expires_directives() {
1169 $lines = array();
1170 if (get_option('hh_expires') == 1) {
1171
1172 $types = get_option('hh_expires_type', array());
1173 $values = get_option('hh_expires_value', array());
1174
1175 $lines[] = '<IfModule mod_expires.c>';
1176 $lines[] = ' ExpiresActive On';
1177 foreach (array_keys($types) as $type) {
1178 list($base, $period, $suffix) = explode('_', $values[$type]);
1179 if (in_array($base, array('access', 'modification'))) {
1180 $lines[] = $type != 'default'
1181 ? sprintf(' ExpiresByType %s "%s plus %u %s"', $type, $base, $period, $suffix)
1182 : sprintf(' ExpiresDefault "%s plus %u %s"', $base, $period, $suffix);
1183 } elseif ($base == 'invalid') {
1184 $lines[] = $type != 'default'
1185 ? sprintf(' ExpiresByType %s A0', $type)
1186 : sprintf(' ExpiresDefault A0');
1187 }
1188 }
1189 $lines[] = '</IfModule>';
1190 }
1191
1192 return $lines;
1193 }
1194
1195 function apache_content_type_directives() {
1196 $lines = array();
1197 if (get_option('hh_content_type') == 1) {
1198 $values = get_option('hh_content_type_value', array());
1199 $lines[] = '<IfModule mod_mime.c>';
1200 foreach ($values as $ext => $media_type) {
1201 $lines[] = sprintf(" AddType %s .%s", $media_type, $ext);
1202 }
1203 $lines[] = '</IfModule>';
1204 }
1205
1206 return $lines;
1207 }
1208
1209 function apache_timing_directives() {
1210 $lines = array();
1211 if (get_option('hh_timing_allow_origin') == 1) {
1212 $value = get_option('hh_timing_allow_origin_value');
1213 switch ($value)
1214 {
1215 case 'origin':
1216 $value = get_option('hh_timing_allow_origin_url');
1217 break;
1218 }
1219 if (!empty($value))
1220 {
1221 $lines[] = '<IfModule mod_headers.c>';
1222 $lines[] = ' <FilesMatch "\\.(js|css|jpe?g|png|gif|eot|otf|svg|ttf|woff2?)$">';
1223 $lines[] = sprintf(' Header set Timing-Allow-Origin "%s"', $value);
1224 $lines[] = ' </FilesMatch>';
1225 $lines[] = '</IfModule>';
1226 }
1227 }
1228
1229 return $lines;
1230 }
1231
1232 function apache_auth_directives() {
1233 $lines = array();
1234 if (get_option('hh_www_authenticate') == 1) {
1235
1236 $type = get_option('hh_www_authenticate_type');
1237
1238 $file = $type == 'Basic' ? get_htpasswd_filename() : get_htdigest_filename();
1239
1240 $lines[] = sprintf('<FilesMatch "^%s$">', str_replace('.', '\.', basename($file)));
1241 $lines[] = ' <IfModule mod_authz_core.c>';
1242 $lines[] = ' Require all denied';
1243 $lines[] = ' </IfModule>';
1244 $lines[] = ' <IfModule !mod_authz_core.c>';
1245 $lines[] = ' Order deny,allow';
1246 $lines[] = ' Deny from all';
1247 $lines[] = ' </IfModule>';
1248 $lines[] = '</FilesMatch>';
1249 // no empty AuthName
1250 $realm = get_option('hh_www_authenticate_realm'); // AuthName
1251 $realm = ($realm == '') ? 'restricted area':$realm; // Empty => give fixed value
1252
1253 $lines[] = sprintf('<IfModule mod_auth_%s.c>', strtolower($type));
1254 $lines[] = sprintf(' AuthType %s', get_option('hh_www_authenticate_type'));
1255 $lines[] = sprintf(' AuthName "%s"', $realm);
1256 $lines[] = sprintf(' AuthUserFile "%s"', $file);
1257 $lines[] = ' Require valid-user';
1258 $lines[] = '</IfModule>';
1259 }
1260
1261 return $lines;
1262 }
1263
1264 function apache_auth_credentials() {
1265 if (get_option('hh_www_authenticate') == 1) {
1266 $type = get_option('hh_www_authenticate_type');
1267 $usernames = get_option('hh_www_authenticate_user', array());
1268 $passwords = get_option('hh_www_authenticate_pswd', array());
1269 if (!is_array($usernames)) {
1270 $usernames = array($usernames);
1271 }
1272 if (!is_array($passwords)) {
1273 $passwords = array($passwords);
1274 }
1275 $realm = get_option('hh_www_authenticate_realm');
1276 $auth = array();
1277 switch ($type) {
1278 case 'Basic':
1279 $ht_file = get_htpasswd_filename();
1280 foreach ($usernames as $k => $user) {
1281 $auth[] = sprintf('%s:{SHA}%s', $user, base64_encode(sha1($passwords[$k], true)));
1282 }
1283 break;
1284 case 'Digest':
1285 $ht_file = get_htdigest_filename();
1286 foreach ($usernames as $k => $user) {
1287 $auth[] = sprintf('%s:%s:%s', $user, $realm, md5($user.':'.$realm.':'.$passwords[$k]));
1288 }
1289 break;
1290 }
1291 $auth = join("\n", $auth);
1292
1293 return compact('ht_file', 'auth');
1294 }
1295 return false;
1296 }
1297
1298 function apache_cookie_security_directives() {
1299 $lines = array();
1300 if (get_option('hh_cookie_security') == 1) {
1301 $value = get_option('hh_cookie_security_value', array());
1302 $str = '';
1303 if (isset($value['HttpOnly'])) {
1304 $str .= ';HttpOnly';
1305 }
1306 if (isset($value['Secure'])) {
1307 $str .= ';Secure';
1308 }
1309 if (isset($value['SameSite']) && in_array($value['SameSite'], array('None', 'Lax', 'Strict'))) {
1310 $str .= ';SameSite=' . $value['SameSite'];
1311 }
1312 if ($str) {
1313 $lines[] = '<IfModule mod_headers.c>';
1314 $lines[] = ' Header always edit Set-Cookie (.*) "$1'.$str.'"';
1315 $lines[] = '</IfModule>';
1316 }
1317 }
1318
1319 return $lines;
1320 }
1321
1322 function apache_check_requirements() {
1323 return check_filename(get_htaccess_filename());
1324 }
1325
1326 function update_headers_directives() {
1327 $result = false;
1328 if (is_apache_mode()) {
1329 $lines = apache_headers_directives();
1330 $result = insert_with_markers(get_htaccess_filename(), "HttpHeaders", $lines);
1331 }
1332
1333 return $result;
1334 }
1335
1336 function update_content_encoding_directives() {
1337 $lines = array();
1338 if (is_apache_mode()) {
1339 $lines = apache_content_encoding_directives();
1340 }
1341
1342 return insert_with_markers(get_htaccess_filename(), "HttpHeadersCompression", $lines);
1343 }
1344
1345 function update_expires_directives() {
1346 $lines = array();
1347 if (is_apache_mode()) {
1348 $lines = apache_expires_directives();
1349 }
1350
1351 return insert_with_markers(get_htaccess_filename(), "HttpHeadersExpires", $lines);
1352 }
1353
1354 function update_content_type_directives() {
1355 $lines = array();
1356 if (is_apache_mode()) {
1357 $lines = apache_content_type_directives();
1358 }
1359
1360 return insert_with_markers(get_htaccess_filename(), "HttpHeadersContentType", $lines);
1361 }
1362
1363 function update_timing_directives() {
1364 $lines = array();
1365 if (is_apache_mode()) {
1366 $lines = apache_timing_directives();
1367 }
1368
1369 return insert_with_markers(get_htaccess_filename(), "HttpHeadersTiming", $lines);
1370 }
1371
1372 function update_auth_directives() {
1373 $lines = array();
1374 if (is_apache_mode()) {
1375 $lines = apache_auth_directives();
1376 }
1377
1378 return insert_with_markers(get_htaccess_filename(), "HttpHeadersAuth", $lines);
1379 }
1380
1381 function update_auth_credentials() {
1382 if (is_apache_mode()) {
1383 $credentials = apache_auth_credentials();
1384 if (isset($credentials['ht_file']) && !empty($credentials['ht_file']))
1385 {
1386 return @file_put_contents($credentials['ht_file'], $credentials['auth'], LOCK_EX);
1387 }
1388 }
1389
1390 return false;
1391 }
1392
1393 function update_cookie_security_directives() {
1394 $lines = array();
1395 $is_apache = is_apache_mode();
1396 $htaccess = get_htaccess_filename();
1397 $is_cgi = strpos(PHP_SAPI, 'cgi') !== false;
1398 if ($is_cgi) {
1399 $filename = get_user_ini_filename();
1400 $lines = php_cookie_security_directives();
1401 } elseif ($is_apache) {
1402 $filename = $htaccess;
1403 $lines = apache_cookie_security_directives();
1404 }
1405
1406 if (!$is_apache) {
1407 insert_with_markers($htaccess, "HttpHeadersCookieSecurity", array());
1408 }
1409
1410 if ($is_cgi) {
1411 return update_user_ini_filename($filename, "HttpHeadersCookieSecurity", $lines);
1412 }
1413
1414 return insert_with_markers($filename, "HttpHeadersCookieSecurity", $lines);
1415 }
1416
1417 function update_user_ini_filename($filename, $marker, $insertion) {
1418 if (!is_array($insertion)) {
1419 $insertion = explode("\n", $insertion);
1420 }
1421
1422 $start_marker = "; BEGIN " . $marker;
1423 $end_marker = "; END " . $marker;
1424
1425 $data = "";
1426 if (is_file($filename)) {
1427 $data = @file_get_contents($filename);
1428 }
1429
1430 $string = $start_marker;
1431 if ($insertion)
1432 {
1433 $string .= "\n".join("\n", $insertion);
1434 }
1435 $string .= "\n".$end_marker;
1436
1437 $pattern = '/'.$start_marker.'.*'.$end_marker.'/isU';
1438
1439 if (preg_match($pattern, $data)) {
1440 $data = preg_replace($pattern, $string, $data);
1441 } else {
1442 $data .= "\n".$string;
1443 }
1444
1445 $bytes = @file_put_contents($filename, $data, LOCK_EX);
1446
1447 return !!$bytes;
1448 }
1449
1450 function is_php_mode() {
1451 return get_option('hh_method') == 'php';
1452 }
1453
1454 function is_apache_mode() {
1455 return get_option('hh_method') == 'htaccess';
1456 }
1457
1458 function is_samesite_supported() {
1459 return version_compare(PHP_VERSION, '7.3.0', '>=');
1460 }
1461
1462 function http_headers_text_domain() {
1463 load_plugin_textdomain('http-headers', false, basename( dirname( __FILE__ ) ) . '/languages/');
1464 }
1465
1466 function http_headers_settings_link( $links ) {
1467 $url = get_admin_url() . 'options-general.php?page=http-headers';
1468 $settings_link = '<a href="' . $url . '">' . __('Settings', 'http-headers') . '</a>';
1469 array_unshift( $links, $settings_link );
1470 return $links;
1471 }
1472
1473 function http_headers_after_setup_theme() {
1474 add_filter('plugin_action_links_' . plugin_basename(__FILE__), 'http_headers_settings_link');
1475 }
1476
1477 function http_headers_enqueue($hook) {
1478 if ( 'http-headers.php' != $hook ) {
1479 # FIXME
1480 //return;
1481 }
1482
1483 wp_enqueue_script('http_headers_admin_scripts', plugin_dir_url( __FILE__ ) . 'assets/scripts.js', array(), '1.16.1', true);
1484 wp_localize_script('http_headers_admin_scripts', 'hh', array(
1485 'lbl_delete' => __('Delete', 'http-headers'),
1486 'lbl_value' => __('Value', 'http-headers'),
1487 'lbl_remove_endpoint' => __('Remove endpoint', 'http-headers'),
1488 'lbl_remove_group' => __('Remove group', 'http-headers'),
1489 ));
1490 wp_enqueue_style('http_headers_admin_styles', plugin_dir_url( __FILE__ ) . 'assets/styles.css', array(), '1.16.1');
1491 }
1492
1493 function http_headers_ajax_inspect() {
1494 check_ajax_referer('inspect');
1495 if (current_user_can('manage_options')) {
1496 include 'views/ajax-inspect.php';
1497 }
1498 wp_die();
1499 }
1500
1501 function http_headers_post_import() {
1502 check_admin_referer('import');
1503 global $wpdb;
1504 if (!(isset($_FILES['file']['tmp_name'])
1505 && is_uploaded_file($_FILES['file']['tmp_name'])
1506 && $_FILES['file']['error'] == UPLOAD_ERR_OK
1507 )) {
1508 wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=ERR&code=100", get_admin_url()));
1509 exit;
1510 }
1511
1512 $string = @file_get_contents($_FILES['file']['tmp_name']);
1513 if ($string === false) {
1514 wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=ERR&code=101", get_admin_url()));
1515 exit;
1516 }
1517
1518 $arr = preg_split('/;(\s+)?\n/', $string);
1519 foreach ($arr as $statement) {
1520 $statement = preg_replace("/(INSERT\s*INTO\s*)[\w\_]+options/", '${1}'.$wpdb->options, $statement);
1521 $wpdb->query($statement);
1522 }
1523
1524 wp_redirect(sprintf("%soptions-general.php?page=http-headers&tab=advanced&status=OK", get_admin_url()));
1525 exit;
1526 }
1527
1528 function http_headers_post_export() {
1529 check_admin_referer('export');
1530 global $wpdb;
1531 $options = include dirname(__FILE__) . '/views/includes/options.inc.php';
1532 $opts = array();
1533 foreach ($options as $option)
1534 {
1535 $opts[] = $option[0];
1536 }
1537 $statement = sprintf("SELECT * FROM %s WHERE option_name IN ('%s');", $wpdb->options, join("','", $opts));
1538 $results = $wpdb->get_results($statement, ARRAY_A);
1539 $sql = array();
1540
1541 $indexes = array();
1542 foreach ($options as $option)
1543 {
1544 foreach ($results as $item)
1545 {
1546 if ($item['option_name'] == $option[0])
1547 {
1548 $indexes[$option[0]] = 1;
1549
1550 $value = str_replace("'", "''", $item['option_value']);
1551 $query = array();
1552 $query[] = sprintf("INSERT INTO %s (option_id, option_name, option_value, autoload)", $wpdb->options);
1553 $query[] = sprintf("VALUES (NULL, '%s', '%s', '%s')", $item['option_name'], $value, $item['autoload']);
1554 $query[] = sprintf("ON DUPLICATE KEY UPDATE option_value = '%s', autoload = '%s';", $value, $item['autoload']);
1555 $sql[] = join("\n", $query);
1556 break;
1557 }
1558 }
1559
1560 if (!isset($indexes[$option[0]]))
1561 {
1562 $query = array();
1563 $query[] = sprintf("INSERT INTO %s (option_id, option_name, option_value, autoload)", $wpdb->options);
1564 $query[] = sprintf("VALUES (NULL, '%s', '%s', 'yes')", $option[0], $option[1]);
1565 $query[] = sprintf("ON DUPLICATE KEY UPDATE option_value = '%s', autoload = 'yes';", $option[1]);
1566 $sql[] = join("\n", $query);
1567 }
1568 }
1569
1570 $sql = join("\n\n", $sql);
1571 $length = function_exists('mb_strlen') ? mb_strlen($sql) : strlen($sql);
1572 $name = sprintf('WP-HTTP-Headers-%u.sql', time());
1573
1574 # Send headers
1575 header('Pragma: public');
1576 header('Expires: 0');
1577 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
1578 header('Cache-Control: private', false);
1579 header('Content-Transfer-Encoding: binary');
1580 header('Content-Disposition: attachment; filename="'.$name.'";');
1581 header('Content-Type: application/sql');
1582 header('Content-Length: ' . $length);
1583
1584 echo $sql;
1585 exit;
1586 }
1587
1588 function check_filename($filename) {
1589 if (!is_file($filename)) {
1590 return -1;
1591 }
1592
1593 clearstatcache();
1594 if (!is_writable($filename)) {
1595 return -2;
1596 }
1597
1598 return true;
1599 }
1600
1601 function get_web_server_filename() {
1602 if (is_apache_mode()) {
1603 return get_htaccess_filename();
1604 }
1605
1606 return NULL;
1607 }
1608
1609 function check_web_server_requirements() {
1610 if (is_apache_mode()) {
1611 return apache_check_requirements();
1612 }
1613
1614 return true;
1615 }
1616
1617 function check_php_requirements() {
1618 if (strpos(PHP_SAPI, 'cgi') !== false) {
1619 // cgi, cgi-fcgi, fpm-fcgi
1620 return check_filename(get_user_ini_filename());
1621 }
1622
1623 return true;
1624 }
1625
1626 function http_headers_logout() {
1627 if (get_option('hh_clear_site_data') == 1) {
1628 $values = get_option('hh_clear_site_data_value', array());
1629 $tmp = array_keys($values);
1630 if ($tmp) {
1631 header(sprintf('Clear-Site-Data: "%s"', join('", "', $tmp)));
1632 }
1633 }
1634 }
1635
1636 function http_headers_activate() {
1637 update_headers_directives();
1638 update_auth_credentials();
1639 update_auth_directives();
1640 update_content_encoding_directives();
1641 update_content_type_directives();
1642 update_expires_directives();
1643 update_cookie_security_directives();
1644 update_timing_directives();
1645 }
1646
1647 function http_headers_deactivate() {
1648 $filename = get_htaccess_filename();
1649
1650 insert_with_markers($filename, "HttpHeaders", array());
1651 insert_with_markers($filename, "HttpHeadersCompression", array());
1652 insert_with_markers($filename, "HttpHeadersContentType", array());
1653 insert_with_markers($filename, "HttpHeadersExpires", array());
1654 insert_with_markers($filename, "HttpHeadersTiming", array());
1655 insert_with_markers($filename, "HttpHeadersAuth", array());
1656 insert_with_markers($filename, "HttpHeadersCookieSecurity", array());
1657 }
1658
1659 register_activation_hook(__FILE__, 'http_headers_activate');
1660 register_deactivation_hook(__FILE__, 'http_headers_deactivate');
1661 add_action('wp_logout', 'http_headers_logout');
1662
1663 if ( is_admin() ){ // admin actions
1664 add_action('admin_menu', 'http_headers_admin_add_page');
1665 add_action('admin_init', 'http_headers_admin');
1666 add_action("added_option", 'http_headers_option');
1667 add_action("updated_option", 'http_headers_option');
1668 add_action('admin_enqueue_scripts', 'http_headers_enqueue');
1669 add_action('after_setup_theme', 'http_headers_after_setup_theme');
1670 add_action('plugins_loaded', 'http_headers_text_domain');
1671 add_action('wp_ajax_inspect', 'http_headers_ajax_inspect');
1672 add_action('admin_post_import', 'http_headers_post_import');
1673 add_action('admin_post_export', 'http_headers_post_export');
1674 } else {
1675 // non-admin enqueues, actions, and filters
1676 add_action('send_headers', 'http_headers');
1677 }
1678
1679 function http_headers_admin_page() {
1680 include 'views/index.php';
1681 }
...\ No newline at end of file ...\ No newline at end of file
1 <?php 1 <?php
2 # time to code 2 # Silence is golden.
...\ No newline at end of file ...\ No newline at end of file
......
1 msgid ""
2 msgstr ""
3 "Project-Id-Version: HTTP Headers in Bulgarian\n"
4 "POT-Creation-Date: 2017-17-12 19:26:00+02:00\n"
5 "Content-Type: text/plain; charset=UTF-8\n"
6 "Content-Transfer-Encoding: 8bit\n"
7 "MIME-Version: 1.0\n"
8 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/http-headers\n"
9 "PO-Revision-Date: 2017-17-12 19:26:00+02:00\n"
10 "Last-Translator: Dimitar Ivanov <biggie4life@gmail.com>\n"
11 "Language-Team: Dimitar Ivanov <biggie4life@gmail.com>\n"
12
13 #: views/includes/config.inc.php:2
14 msgid "Off"
15 msgstr "Изкл."
16
17 #: views/includes/config.inc.php:2
18 msgid "On"
19 msgstr "Вкл."
20
21 #: includes/config.inc.php:5
22 msgid "Security"
23 msgstr "Сигурност"
24
25 #: includes/config.inc.php:6
26 msgid "Access control"
27 msgstr "Контрол на достъпа"
28
29 #: includes/config.inc.php:7
30 msgid "Authentication"
31 msgstr "Удостоверяване"
32
33 #: includes/config.inc.php:8
34 msgid "Compression"
35 msgstr "Компресия"
36
37 #: includes/config.inc.php:10
38 msgid "Caching"
39 msgstr "Кеширане"
40
41 #: includes/config.inc.php:11
42 msgid "Miscellaneous"
43 msgstr "Общи"
44
45 #: includes/breadcrumbs.inc.php:2
46 msgid "Dashboard"
47 msgstr "Табло"
48
49 #: includes/breadcrumbs.inc.php:11
50 msgid "Advanced settings"
51 msgstr "Разширени настройки"
52
53 #: includes/breadcrumbs.inc.php:13
54 msgid "Inspect headers"
55 msgstr "Проверка на хедърите"
56
57 #: views/index.php:13
58 msgid "Error!"
59 msgstr "Грешка!"
60
61 #: views/index.php:16
62 msgid "The following file was not found. Please make sure the file exists and has write permissions:"
63 msgstr "Следният файл не бе намерен. Моля уверете се, че файла съществува и има права за писане:"
64
65 #: views/index.php:18
66 msgid "Please make sure the following file has write permissions:"
67 msgstr "Моля уверете се, че следният файл има права за писане:"
68
69 #: views/index.php:28
70 msgid "Warning!"
71 msgstr "Внимание!"
72
73 #: views/index.php:40
74 msgid "Quick links"
75 msgstr "Бързи връзки"
76
77 #: views/index.php:41
78 msgid "Getting started"
79 msgstr "Ръководство за начинаещи"
80
81 #: views/index.php:43
82 msgid "Manual setup"
83 msgstr "Ръчна настройка"
84
85 #: views/dashboard.php:47
86 msgid "Donate"
87 msgstr "Дари"
88
89 #: views/dashboard.php:34
90 msgid "Rate us"
91 msgstr "Оцени ни"
92
93 #: views/dashboard.php:35
94 msgid "Tell us what you think about this plugin"
95 msgstr "Кажете ни какво мислите за този плъгин"
96
97 #: views/dashboard.php:35
98 msgid "writing a review"
99 msgstr "като напишете ревю"
100
101 #: views/dashboard.php:36
102 msgid "Contribution"
103 msgstr "Принос"
104
105 #: views/dashboard.php:37
106 msgid "Help us to continue developing this plugin with a small donation."
107 msgstr "Помогнете ни да продължим да развиваме този плъгин с малко дарение."
108
109 #: views/category.php:8
110 msgid "Header"
111 msgstr "Хедър"
112
113 #: views/category.php:9
114 msgid "Value"
115 msgstr "Стойност"
116
117 #: views/category.php:10
118 msgid "Status"
119 msgstr "Статус"
120
121 #: views/category.php:230
122 msgid "Edit"
123 msgstr "Редактирай"
124
125 #: views/category.php:223
126 msgid "On"
127 msgstr "Вкл."
128
129 #: views/category.php:223
130 msgid "Off"
131 msgstr "Изкл."
132
133 #: views/advanced.php:10
134 msgid "Default mode"
135 msgstr "Режим по подразбиране"
136
137 #: views/advanced.php:11
138 msgid "Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method."
139 msgstr "Режима по подразбиране представлява технологията с която този плъгин изпраща хедърите. Използвайте PHP само ако никоя от останалите технологии не е налична."
140
141 #: views/advanced.php:20
142 msgid "Use PHP to send headers (deprecated)"
143 msgstr "PHP режим"
144
145 #: views/advanced.php:21
146 msgid "Use Apache (mod_headers) to send headers"
147 msgstr "Apache режим (препоръчва се)"
148
149 #: views/advanced.php:40
150 msgid "Export"
151 msgstr "Експорт"
152
153 #: views/advanced.php:41
154 msgid "Export the plugin current state of settings for later use if recovery needs."
155 msgstr "Експортирайте текущото състояние на настройките на плъгина за по-нататъшна употреба, ако е необходимо възстановяване."
156
157 #: views/advanced.php:46
158 msgid "Export settings"
159 msgstr "Експортирай настройките"
160
161 #: views/advanced.php:51
162 msgid "Import"
163 msgstr "Импорт"
164
165 #: views/advanced.php:52
166 msgid "Import a previously saved state of settings."
167 msgstr "Възстановяване на предварително запазено състояние на настройките."
168
169 #: views/advanced.php:58
170 msgid "Import settings"
171 msgstr "Импортирай"
172
173 #: views/advanced.php:58
174 msgid "Choose file..."
175 msgstr "Избери файл..."
176
177 #: views/access-control-allow-credentials.php:3
178 msgid "The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true."
179 msgstr "Access-Control-Allow-Credentials хедъра посочва дали в отговор на заявка може да се съдържат идентификационни данни."
180
181 #: views/access-control-allow-credentials.php:10
182 msgid "Read more at"
183 msgstr "Прочети повече на"
184
185 #: views/access-control-allow-credentials.php:11
186 msgid "MDN Web Docs"
187 msgstr "MDN Web Docs"
188
189 #: views/access-control-allow-headers.php:3
190 msgid "The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request."
191 msgstr "Access-Control-Allow-Headers хедъра се връща от сървъра в отговор на preflight заявка и информира браузъра за HTTP хедърите които могат да се използват в действителната заявка."
192
193 #: views/access-control-allow-methods.php:3
194 msgid "The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request."
195 msgstr "Access-Control-Allow-Methods хедъра се връща от сървъра в отговор на preflight заявка и информира браузъра за HTTP методите които могат да се използват в действителната заявка."
196
197 #: views/access-control-allow-origin.php:3
198 msgid "The Access-Control-Allow-Origin header indicates whether a resource can be shared."
199 msgstr "Access-Control-Allow-Origin хедъра посочва дали един ресурс (например шрифт) може да се ползва от външни origins и кои са позволените такива."
200
201 #: views/access-control-allow-origin.php:65
202 msgid "Add origin"
203 msgstr "Добави origin"
204
205 #: views/access-control-expose-headers.php:3
206 msgid "The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing."
207 msgstr "Access-Control-Expose-Headers хедъра носи информация за хедърите които браузърите биха могли да позволят достъп до тях."
208
209 #: views/access-control-max-age.php:3
210 msgid "The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached."
211 msgstr "Access-Control-Max-Age хедъра показва колко време резултатът от preflight искането може да бъде кеширан."
212
213 #: views/age.php:3
214 msgid "The Age header contains the time in seconds the object has been in a proxy cache."
215 msgstr "Age хедъра съдържа времето в секунди които обектът е бил в кеша на прокси сървъра. Приема само положителни цели числа и обикновено е близо до 0."
216
217 #: views/age.php:21
218 msgid "seconds"
219 msgstr "секунди"
220
221 #: views/cache-control.php:3
222 msgid "The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response."
223 msgstr "Cache-Control хедъра се използва за уточняване на директивите за механизмите на кеширане, както в исканията, така и в отговорите. Директивите за кеширането са еднопосочни, което означава, че дадена директива в искането не означава, че в отговора трябва да бъде върната същата директива."
224
225 #: views/connection.php:3
226 msgid "The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done."
227 msgstr "Connection хедъра контролира дали мрежовата връзка да остане отворена след завършване на текущата транзакция. Ако изпратената стойност е 'keep-alive', връзката е постоянна и не се затваря, което позволява да бъдат извършени последващите заявки към същия сървър."
228
229 #: views/content-encoding.php:3
230 msgid "Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs."
231 msgstr "Компресирането е важен начин за увеличаване на ефективността на един уеб сайт. За някои документи, намаляването на размера им до 70% понижава нуждата от по-висок капацитет на честотната лента."
232
233 #: views/content-encoding.php:28
234 msgid "Module"
235 msgstr "Модул"
236
237 #: views/content-encoding.php:53
238 msgid "By content type"
239 msgstr "По съдържание"
240
241 #: views/content-encoding.php:98
242 msgid "By extension"
243 msgstr "По разширение"
244
245 #: views/content-security-policy.php:6
246 msgid "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
247 msgstr "Content Security Policy (CSP) хедъра е допълнителен слой за сигурност, който помага за откриването и смекчаването на определени видове атаки, включително Cross Site Scripting (XSS) и атаки с инжектиране на данни. Тези атаки се използват за всичко, от кражбата на данни до site defacement (частична или пълна подмяна на сайта) или разпространението на злонамерен софтуер."
248
249 #: views/content-security-policy.php:32
250 msgid "Directive"
251 msgstr "Директива"
252
253 #: views/content-security-policy.php:12
254 msgid "for reporting-only purposes"
255 msgstr "генерира само отчет/доклад"
256
257 #: views/content-type.php:8
258 msgid "The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff."
259 msgstr "Content-Type хедъра се използва за посочване на типа медия на ресурса. В отговорите на сървъра, Content-Type хедъра казва на клиента какъв всъщност е типа на върнатото съдържание. Браузърите ще направят MIME проврека в някои случаи и не е задължително да следват стойността на този хедър; за да се предотврати това поведение, хедъра X-Content-Type-Options може да бъде настроен с nosniff стойността."
260
261 #: views/cookie-security.php:8
262 msgid "A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol."
263 msgstr "Сигурните (Secure) 'бисквитки' се изпращат към сървъра само при криптирани заявки чрез HTTPS протокола."
264
265 #: views/cookie-security.php:9
266 msgid "To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server."
267 msgstr "За да се предотвратят атаки между сървъри (XSS), HttpOnly 'бисквитките' са недостъпни за JavaScript's Document.cookie API; те се изпращат само до сървъра."
268
269 #: views/cookie-security.php:10
270 msgid "SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks."
271 msgstr "SameSite не позволява на браузъра да изпраща 'бисквитката' заедно с cross-site заявки. Основната цел е да се намали рискът от изтичане на информация от различни източници. Също така осигурява известна защита срещу CSRF атаки."
272
273 #: views/cookie-security.php:45
274 msgid "(PHP 7.3+ only)"
275 msgstr "(поддържа се само от PHP 7.3+)"
276
277 #: views/cross-origin-resource-policy.php:8
278 msgid "The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource."
279 msgstr "HTTP Cross-Origin-Resource-Policy хедъра изразява желание браузърът да блокира no-cors cross-origin/cross-site заявки за даден ресурс."
280
281 #: views/cross-origin-embedder-policy.php:8
282 msgid "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)."
283 msgstr "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)."
284
285 #: views/cross-origin-opener-policy.php:8
286 msgid "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents."
287 msgstr "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents."
288
289 #: views/cross-origin-opener-policy.php:9
290 msgid "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks."
291 msgstr "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks."
292
293 #: views/cross-origin-opener-policy.php:10
294 msgid "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations."
295 msgstr "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations."
296
297 #: views/custom-headers.php:3
298 msgid "Common non-standard response fields:"
299 msgstr "Често срещани нестандартни хедъри:"
300
301 #: views/custom-headers.php:73
302 msgid "Add header"
303 msgstr "Добави хедър"
304
305 #: views/custom-headers.php:66
306 msgid "Delete"
307 msgstr "Изтрий"
308
309 #: views/expect-ct.php:3
310 msgid "Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs."
311 msgstr "Expect-CT е хедър, който позволява на сайтовете да се включат в отчитането и/или изпълнението на изискванията за прозрачност на сертификатите, което пречи на използването на невалидни сертификати за този сайт да останат незабелязани. Когато даден сайт активира заглавката Expect-CT, те искат Chrome да провери дали всеки сертификат за този сайт фигурира в обществени CT регистри."
312
313 #: views/expires.php:3
314 msgid "The Expires header contains the date/time after which the response is considered stale."
315 msgstr "Expires хедъра съдържа датата и времето след което отговорът се счита за остарял."
316
317 #: views/expires.php:4
318 msgid "Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired."
319 msgstr "Невалидни дати, като стойноста 0, представляват дата в миналото и означават, че ресурсът вече е изтекъл."
320
321 #: views/expires.php:5
322 msgid "If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored."
323 msgstr "Ако в отговора има 'Cache-Control' хедър с една от директивите 'max-age' или 's-max-age', тогава Expires хедъра се игнорира."
324
325 #: views/expires.php:6
326 msgid "* Works only in Apache mode"
327 msgstr "* Работи само в режим Apache"
328
329 #: views/feature-policy.php:8
330 msgid "With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser's default behavior for certain features."
331 msgstr "С Feature Policy хедъра се присъединявате към набор от правила, които браузърът може да прилага по отношение на конкретни функции, използвани в сайта Ви. Тези правила ограничават какви API може да има достъп до сайта или да променя поведението му по подразбиране за определени функции."
332
333 #: views/p3p.php:3
334 msgid "The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users."
335 msgstr "P3P е протокол, позволяващ на уебсайтовете да декларират предназначението на информацията, която събират за уеб потребителите."
336
337 #: views/pragma.php:3
338 msgid "The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present."
339 msgstr "Pragma хедъра, част от HTTP/1.0 протокола, е специфичен за внедряване, който може да има различни ефекти по веригата на заявка-отговор. Използва се за обратна съвместимост с HTTP/1.0 кеширане, където Cache-Control хедъра, част от HTTP/1.1 протокола, все още не е налице."
340
341 #: views/referrer-policy.php:3
342 msgid "The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made."
343 msgstr "Referrer-Policy хедъра указва коя референтна информация, изпратена в Referer хедъра, трябва да бъде включена при направени заявки."
344
345 #: views/nel.php:8
346 msgid "Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers."
347 msgstr "Network Error Logging е механизъм, който може да бъде конфигуриран чрез NEL хедъра. Този експериментален хедър позволява на уебсайтовете и приложенията да се включат, за да получават отчети за неуспешни (и по желание успешни) мрежови заявки от поддържащи браузъри."
348
349 #: views/report-to.php:3
350 msgid "The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin."
351 msgstr "Report-To хедъра казва на потребителския агент (браузър) да съхранява крайните точки за отчитане за даден origin."
352
353 #: views/report-to.php:110
354 msgid "Add endpoint"
355 msgstr "Добави крайна точка"
356
357 #: views/report-to.php:114
358 msgid "Remove endpoint"
359 msgstr "Премахни крайна точка"
360
361 #: views/report-to.php:126
362 msgid "Remove group"
363 msgstr "Премахни група"
364
365 #: views/report-to.php:171
366 msgid "Add endpoint group"
367 msgstr "Добави група"
368
369 #: views/strict-transport-security.php:3
370 msgid "HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings."
371 msgstr "HTTP Strict-Transport-Security (HSTS) налага сигурни (HTTP over SSL/TLS) връзки към сървъра. Това намалява въздействието на бъгове в уеб приложенията, изтичащи сесийни данни чрез 'бисквитки' и външни връзки и защитава срещу атаки от вида 'човек-в-средата' (Man-in-the-middle). HSTS също така забранява възможността потребителят да пренебрегва предупрежденията за преговори по SSL."
372
373 #: views/timing-allow-origin.php:3
374 msgid "The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources."
375 msgstr "Timing-Allow-Origin хедъра показва дали даден ресурс предоставя пълната информация за времето. SEO инструментите използват Resource Timing API, за да анализират скоростта и теглото на ресурсите на уеб страниците."
376
377 #: views/vary.php:3
378 msgid "The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm."
379 msgstr "Vary хедъра определя как да се сравняват хедърите на бъдещите заявки, за да се реши дали може да се използва кеширана заявка, а не да се поиска нова от сървъра. Той се използва от сървъра, за да посочи кои хедъри използва при избора на представяне на ресурс в алгоритъма за договаряне на съдържание."
380
381 #: views/www-authenticate.php:3
382 msgid "HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header."
383 msgstr "HTTP поддържа няколко механизма за удостоверяване, за да контролира достъпа до страници и други ресурси. Всички тези механизми се основават на използването на 401 кода на състоянието и на WWW-Authenticate хедъра."
384
385 #: views/www-authenticate.php:79
386 msgid "Add user"
387 msgstr "Добави потребител"
388
389 #: views/www-authenticate.php:43
390 msgid "Username"
391 msgstr "Потребител"
392
393 #: views/www-authenticate.php:44
394 msgid "Password"
395 msgstr "Парола"
396
397 #: views/x-content-type-options.php:3
398 msgid "Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files."
399 msgstr "Предотвратява Internet Explorer и Google Chrome от MIME-sniffing на отговор извън обявения тип съдържание. Това важи и за Google Chrome, когато изтегляте разширения. Това намалява излагането на атаки за изтегляне и страници, показващи качено от потребителите съдържание, което чрез подходящо име може да бъде третирано от MSIE като изпълним или динамичен HTML файл."
400
401 #: views/x-dns-prefetch-control.php:3
402 msgid "The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth."
403 msgstr "X-DNS-Prefetch-Control хедъра контролира предварителното изтегляне на DNS - функция, чрез която браузърите проактивно преобразуват домейн име към IP адрес и на двете: линкове, които потребителят може да последва, както и URL адреси за елементите, посочени от документа, включително изображения, CSS, JavaScript и т.н."
404
405 #: views/x-dns-prefetch-control.php:4
406 msgid "This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link."
407 msgstr "Това предварително зареждане се извършва във фонов режим, така че DNS е вероятно да бъде resolved до момента, в който са необходими референтните елементи. Това намалява латентността, когато потребителят кликне върху връзка."
408
409 #: views/x-download-options.php:3
410 msgid "For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site's security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection."
411 msgstr "За уеб приложения, които трябва да обслужват ненадеждни HTML файлове, Microsoft IE въведе механизъм за предотвратяване на несигурното съдържание от компрометиране на сигурността на сайта ви. Когато X-Download-Options хедъра е налице със стойността noopen, потребителят е възпрепятстван да отваря директно файл за изтегляне; вместо това те трябва първо да запазят файла локално. Когато локално запазеният файл се отвори по-късно, той вече не се изпълнява в контекста за сигурност на вашия сайт, което помага да се предотврати инжектирането на скриптове."
412
413 #: views/x-frame-options.php:3
414 msgid "This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks."
415 msgstr "Този хедър може за се използва за индикация дали е позволено на браузъра да зарежда страница в &lt;frame&gt;, &lt;iframe&gt; или &lt;object&gt;. Използвайте този хедър за да избегнете clickjacking атаки."
416
417 #: views/x-permitted-cross-domain-policies.php:3
418 msgid "A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains."
419 msgstr "Файла полица за кръстосани домейни е XML документ, който предоставя на уеб клиент като Adobe Flash Player или Adobe Acrobat разрешение за обработка на данни между домейни."
420
421 #: views/x-powered-by.php:3
422 msgid "Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version."
423 msgstr "Определя технологията (например ASP.NET, PHP, JBoss, Express), поддържаща уеб приложението, т.е. скрипт езика. Препоръчително е да го премахнете или да предоставите подвеждаща информация, за да отклоните хакери, които биха могли да се насочат към определена технология/версия."
424
425 #: views/x-robots-tag.php:8
426 msgid 'The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.'
427 msgstr 'X-Robots-Tag HTTP хедъра се използва, за да покаже как да се индексира уеб страница в резултатите от публичната търсачка. Хедъра е ефективно еквивалентен на <code>&lt;meta name="robots" content="..."&gt;</code>.'
428
429 #: views/x-robots-tag.php:11
430 msgid "Google Search Central"
431 msgstr "Google Search Central"
432
433 #: views/x-ua-compatible.php:3
434 msgid "In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser."
435 msgstr "В някои случаи може да е необходимо да ограничите уеб страница до режим на документи, поддържан от по-стара версия на Windows Internet Explorer. X-UA-Compatible хедъра позволява на уеб страницата да се показва така, сякаш е била разглеждана от по-ранна версия на браузъра."
436
437 #: views/x-xss-protection.php:3
438 msgid "This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user."
439 msgstr "Този хедър активира вградения филтър за Cross-site scripting (XSS) в най-новите уеб браузъри. Обикновено това е активирано по подразбиране така, че ролята на този хедър е да активира отново филтъра за този конкретен уебсайт, ако е бил деактивиран от потребителя."
440
441 #: views/inspect.php:19
442 msgid "Use this tool to inspect the HTTP headers of your website or your competitor's website."
443 msgstr "Използвайте този инструмент, за да проверите HTTP хедърите на уебсайта си или уебсайта на вашия конкурент."
444
445 #: views/inspect.php:35
446 msgid "Auth Type"
447 msgstr "Тип удостоверяване"
448
449 #: views/inspect.php:52
450 msgid "Inspect"
451 msgstr "Провери"
452
453 #: views/ajax.php:123
454 msgid "Category"
455 msgstr "Категория"
456
457 #: views/ajax.php:118
458 msgid "Missing headers"
459 msgstr "Липсващи хедъри"
460
461 #: views/ajax.php:72
462 msgid "Response headers"
463 msgstr "Хедъри в отговора"
464
465 #: views/ajax.php:45
466 msgid "HTTP status"
467 msgstr "HTTP статус"
468
469 #: views/ajax.php:17
470 msgid "URL malformed"
471 msgstr "Неправилен URL"
472
473 #: http-headers.php:1110
474 msgid "Settings"
475 msgstr "Настройки"
...\ No newline at end of file ...\ No newline at end of file
1 # Copyright (C) 2017 HTTP Headers
2 # This file is distributed under the same license as the HTTP Headers package.
3 msgid ""
4 msgstr ""
5 "Project-Id-Version: HTTP Headers\n"
6 "POT-Creation-Date: 2017-17-12 19:26:00+02:00\n"
7 "Content-Type: text/plain; charset=UTF-8\n"
8 "Content-Transfer-Encoding: 8bit\n"
9 "MIME-Version: 1.0\n"
10 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/http-headers\n"
11 "PO-Revision-Date: 2017-17-12 19:26:00+02:00\n"
12 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
13 "Language-Team: LANGUAGE <LL@li.org>\n"
14
15 #: views/includes/config.inc.php:2
16 msgid "Off"
17 msgstr ""
18
19 #: views/includes/config.inc.php:2
20 msgid "On"
21 msgstr ""
22
23 #: views/includes/config.inc.php:5
24 msgid "Security"
25 msgstr ""
26
27 #: views/includes/config.inc.php:6
28 msgid "Access control"
29 msgstr ""
30
31 #: views/includes/config.inc.php:7
32 msgid "Authentication"
33 msgstr ""
34
35 #: views/includes/config.inc.php:8
36 msgid "Compression"
37 msgstr ""
38
39 #: views/includes/config.inc.php:9
40 msgid "Caching"
41 msgstr ""
42
43 #: views/includes/config.inc.php:10
44 msgid "Miscellaneous"
45 msgstr ""
46
47 #: views/includes/breadcrumbs.inc.php:2
48 msgid "Dashboard"
49 msgstr ""
50
51 #: views/includes/breadcrumbs.inc.php:11
52 msgid "Advanced settings"
53 msgstr ""
54
55 #: views/includes/breadcrumbs.inc.php:13
56 msgid "Inspect headers"
57 msgstr ""
58
59 #: views/index.php:13
60 msgid "Error!"
61 msgstr ""
62
63 #: views/index.php:16
64 msgid "The following file was not found. Please make sure the file exists and has write permissions:"
65 msgstr ""
66
67 #: views/index.php:18
68 msgid "Please make sure the following file has write permissions:"
69 msgstr ""
70
71 #: views/index.php:28
72 msgid "Warning!"
73 msgstr ""
74
75 #: views/index.php:40
76 msgid "Quick links"
77 msgstr ""
78
79 #: views/index.php:41
80 msgid "Getting started"
81 msgstr ""
82
83 #: views/index.php:43
84 msgid "Manual setup"
85 msgstr ""
86
87 #: views/dashboard.php:47
88 msgid "Donate"
89 msgstr ""
90
91 #: views/dashboard.php:34
92 msgid "Rate us"
93 msgstr ""
94
95 #: views/dashboard.php:35
96 msgid "Tell us what you think about this plugin"
97 msgstr ""
98
99 #: views/dashboard.php:35
100 msgid "writing a review"
101 msgstr ""
102
103 #: views/dashboard.php:36
104 msgid "Contribution"
105 msgstr ""
106
107 #: views/dashboard.php:37
108 msgid "Help us to continue developing this plugin with a small donation."
109 msgstr ""
110
111 #: views/category.php:8
112 msgid "Header"
113 msgstr ""
114
115 #: views/category.php:9
116 msgid "Value"
117 msgstr ""
118
119 #: views/category.php:10
120 msgid "Status"
121 msgstr ""
122
123 #: views/category.php:230
124 msgid "Edit"
125 msgstr ""
126
127 #: views/category.php:223
128 msgid "On"
129 msgstr ""
130
131 #: views/category.php:223
132 msgid "Off"
133 msgstr ""
134
135 #: views/advanced.php:10
136 msgid "Default mode"
137 msgstr ""
138
139 #: views/advanced.php:11
140 msgid "Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method."
141 msgstr ""
142
143 #: views/advanced.php:20
144 msgid "Use PHP to send headers (deprecated)"
145 msgstr ""
146
147 #: views/advanced.php:21
148 msgid "Use Apache (mod_headers) to send headers"
149 msgstr ""
150
151 #: views/advanced.php:40
152 msgid "Export"
153 msgstr ""
154
155 #: views/advanced.php:41
156 msgid "Export the plugin current state of settings for later use if recovery needs."
157 msgstr ""
158
159 #: views/advanced.php:46
160 msgid "Export settings"
161 msgstr ""
162
163 #: views/advanced.php:51
164 msgid "Import"
165 msgstr ""
166
167 #: views/advanced.php:52
168 msgid "Import a previously saved state of settings."
169 msgstr ""
170
171 #: views/advanced.php:58
172 msgid "Import settings"
173 msgstr ""
174
175 #: views/advanced.php:58
176 msgid "Choose file..."
177 msgstr ""
178
179 #: views/access-control-allow-credentials.php:3
180 msgid "The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true."
181 msgstr ""
182
183 #: views/access-control-allow-credentials.php:10
184 msgid "Read more at"
185 msgstr ""
186
187 #: views/access-control-allow-credentials.php:11
188 msgid "MDN Web Docs"
189 msgstr ""
190
191 #: views/access-control-allow-headers.php:3
192 msgid "The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request."
193 msgstr ""
194
195 #: views/access-control-allow-methods.php:3
196 msgid "The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request."
197 msgstr ""
198
199 #: views/access-control-allow-origin.php:3
200 msgid "The Access-Control-Allow-Origin header indicates whether a resource can be shared."
201 msgstr ""
202
203 #: views/access-control-allow-origin.php:65
204 msgid "Add origin"
205 msgstr ""
206
207 #: views/access-control-expose-headers.php:3
208 msgid "The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing."
209 msgstr ""
210
211 #: views/access-control-max-age.php:3
212 msgid "The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached."
213 msgstr ""
214
215 #: views/age.php:3
216 msgid "The Age header contains the time in seconds the object has been in a proxy cache."
217 msgstr ""
218
219 #: views/age.php:21
220 msgid "seconds"
221 msgstr ""
222
223 #: views/cache-control.php:3
224 msgid "The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response."
225 msgstr ""
226
227 #: views/connection.php:3
228 msgid "The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done."
229 msgstr ""
230
231 #: views/content-encoding.php:3
232 msgid "Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs."
233 msgstr ""
234
235 #: views/content-encoding.php:28
236 msgid "Module"
237 msgstr ""
238
239 #: views/content-encoding.php:53
240 msgid "By content type"
241 msgstr ""
242
243 #: views/content-encoding.php:98
244 msgid "By extension"
245 msgstr ""
246
247 #: views/content-security-policy.php:6
248 msgid "Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware."
249 msgstr ""
250
251 #: views/content-security-policy.php:32
252 msgid "Directive"
253 msgstr ""
254
255 #: views/content-security-policy.php:12
256 msgid "for reporting-only purposes"
257 msgstr ""
258
259 #: views/content-type.php:8
260 msgid "The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff."
261 msgstr ""
262
263 #: views/cookie-security.php:8
264 msgid "A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol."
265 msgstr ""
266
267 #: views/cookie-security.php:9
268 msgid "To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server."
269 msgstr ""
270
271 #: views/cookie-security.php:10
272 msgid "SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks."
273 msgstr ""
274
275 #: views/cookie-security.php:45
276 msgid "(PHP 7.3+ only)"
277 msgstr ""
278
279 #: views/cross-origin-resource-policy.php:8
280 msgid "The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource."
281 msgstr ""
282
283 #: views/cross-origin-embedder-policy.php:8
284 msgid "The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS)."
285 msgstr ""
286
287 #: views/cross-origin-opener-policy.php:8
288 msgid "The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents."
289 msgstr ""
290
291 #: views/cross-origin-opener-policy.php:9
292 msgid "COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks."
293 msgstr ""
294
295 #: views/cross-origin-opener-policy.php:10
296 msgid "If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations."
297 msgstr ""
298
299 #: views/custom-headers.php:3
300 msgid "Common non-standard response fields:"
301 msgstr ""
302
303 #: views/custom-headers.php:73
304 msgid "Add header"
305 msgstr ""
306
307 #: views/custom-headers.php:66
308 msgid "Delete"
309 msgstr ""
310
311 #: views/expect-ct.php:3
312 msgid "Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs."
313 msgstr ""
314
315 #: views/expires.php:3
316 msgid "The Expires header contains the date/time after which the response is considered stale."
317 msgstr ""
318
319 #: views/expires.php:4
320 msgid "Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired."
321 msgstr ""
322
323 #: views/expires.php:5
324 msgid "If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored."
325 msgstr ""
326
327 #: views/expires.php:6
328 msgid "* Works only in Apache mode"
329 msgstr ""
330
331 #: views/feature-policy.php:8
332 msgid "With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser's default behavior for certain features."
333 msgstr ""
334
335 #: views/p3p.php:3
336 msgid "The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users."
337 msgstr ""
338
339 #: views/pragma.php:3
340 msgid "The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present."
341 msgstr ""
342
343 #: views/referrer-policy.php:3
344 msgid "The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made."
345 msgstr ""
346
347 #: views/nel.php:8
348 msgid "Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers."
349 msgstr ""
350
351 #: views/report-to.php:3
352 msgid "The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin."
353 msgstr ""
354
355 #: views/report-to.php:110
356 msgid "Add endpoint"
357 msgstr ""
358
359 #: views/report-to.php:114
360 msgid "Remove endpoint"
361 msgstr ""
362
363 #: views/report-to.php:126
364 msgid "Remove group"
365 msgstr ""
366
367 #: views/report-to.php:171
368 msgid "Add endpoint group"
369 msgstr ""
370
371 #: views/strict-transport-security.php:3
372 msgid "HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings."
373 msgstr ""
374
375 #: views/timing-allow-origin.php:3
376 msgid "The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources."
377 msgstr ""
378
379 #: views/vary.php:3
380 msgid "The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm."
381 msgstr ""
382
383 #: views/www-authenticate.php:3
384 msgid "HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header."
385 msgstr ""
386
387 #: views/www-authenticate.php:79
388 msgid "Add user"
389 msgstr ""
390
391 #: views/www-authenticate.php:43
392 msgid "Username"
393 msgstr ""
394
395 #: views/www-authenticate.php:44
396 msgid "Password"
397 msgstr ""
398
399 #: views/x-content-type-options.php:3
400 msgid "Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files."
401 msgstr ""
402
403 #: views/x-dns-prefetch-control.php:3
404 msgid "The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth."
405 msgstr ""
406
407 #: views/x-dns-prefetch-control.php:4
408 msgid "This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link."
409 msgstr ""
410
411 #: views/x-download-options.php:3
412 msgid "For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site’s security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection."
413 msgstr ""
414
415 #: views/x-frame-options.php:3
416 msgid "This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks."
417 msgstr ""
418
419 #: views/x-permitted-cross-domain-policies.php:3
420 msgid "A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains."
421 msgstr ""
422
423 #: views/x-powered-by.php:3
424 msgid "Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version."
425 msgstr ""
426
427 #: views/x-robots-tag.php:8
428 msgid 'The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.'
429 msgstr ""
430
431 #: views/x-robots-tag.php:11
432 msgid "Google Search Central"
433 msgstr ""
434
435 #: views/x-ua-compatible.php:3
436 msgid "In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser."
437 msgstr ""
438
439 #: views/x-xss-protection.php:3
440 msgid "This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user."
441 msgstr ""
442
443 #: views/inspect.php:19
444 msgid "Use this tool to inspect the HTTP headers of your website or your competitor's website."
445 msgstr ""
446
447 #: views/inspect.php:35
448 msgid "Auth Type"
449 msgstr ""
450
451 #: views/inspect.php:52
452 msgid "Inspect"
453 msgstr ""
454
455 #: views/ajax.php:123
456 msgid "Category"
457 msgstr ""
458
459 #: views/inspect.php:52
460 msgid "Inspect"
461 msgstr ""
462
463 #: views/ajax.php:118
464 msgid "Missing headers"
465 msgstr ""
466
467 #: views/ajax.php:72
468 msgid "Response headers"
469 msgstr ""
470
471 #: views/ajax.php:45
472 msgid "HTTP Status"
473 msgstr ""
474
475 #: views/ajax.php:17
476 msgid "URL malformed"
477 msgstr ""
478
479 #: http-headers.php:1110
480 msgid "Settings"
481 msgstr ""
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 // If uninstall is not called from WordPress, exit
3 if ( !defined( 'WP_UNINSTALL_PLUGIN' ) ) {
4 exit();
5 }
6
7 $options = include dirname(__FILE__) . '/views/includes/options.inc.php';
8
9 foreach ($options as $option)
10 {
11 delete_option( $option[0] );
12 }
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Access-Control-Allow-Credentials
8 <p class="description"><?php _e('The Access-Control-Allow-Credentials header indicates whether the response to request can be exposed when the credentials flag is true.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Access-Control-Allow-Credentials</legend>
17 <?php
18 $access_control_allow_credentials = get_option('hh_access_control_allow_credentials', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_credentials" value="<?php echo $k; ?>"<?php checked($access_control_allow_credentials, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-acac' ); ?>
28 <?php do_settings_sections( 'http-headers-acac' ); ?>
29 <select name="hh_access_control_allow_credentials_value" class="http-header-value"<?php echo $access_control_allow_credentials == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('true');
32 $access_control_allow_credentials_value = get_option('hh_access_control_allow_credentials_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($access_control_allow_credentials_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Access-Control-Allow-Headers
8 <p class="description"><?php _e('The Access-Control-Allow-Headers header is returned by the server in a response to a preflight request and informs the browser about the HTTP headers that can be used in the actual request.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Access-Control-Allow-Credentials</legend>
17 <?php
18 $access_control_allow_headers = get_option('hh_access_control_allow_headers', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_headers" value="<?php echo $k; ?>"<?php checked($access_control_allow_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-acah' ); ?>
28 <?php do_settings_sections( 'http-headers-acah' ); ?>
29 <table><tbody><tr>
30 <?php
31 $access_control_allow_headers_value = get_option('hh_access_control_allow_headers_value');
32 if (!$access_control_allow_headers_value)
33 {
34 $access_control_allow_headers_value = array();
35 }
36 $i = 0;
37 array_unshift($headers_list, '*');
38 foreach ($headers_list as $item) {
39 if (in_array($item, $cors_safe_request_headers)) {
40 continue;
41 }
42 if ($i % 3 === 0) {
43 ?></tr><tr><?php
44 }
45 ?><td><label><input type="checkbox" class="http-header-value" name="hh_access_control_allow_headers_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_allow_headers_value) ? NULL : ' checked'; ?><?php echo $access_control_allow_headers == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
46 $i += 1;
47 }
48 ?>
49 </tr></tbody></table>
50 <table><tbody>
51 <?php
52 $access_control_allow_headers_custom = get_option('hh_access_control_allow_headers_custom');
53 if (is_array($access_control_allow_headers_custom))
54 {
55 foreach ($access_control_allow_headers_custom as $header)
56 {
57 ?>
58 <tr>
59 <td><input type="text" name="hh_access_control_allow_headers_custom[]"
60 class="http-header-value" size="35"
61 value="<?php echo esc_attr($header); ?>"<?php echo $access_control_allow_headers == 1 ? NULL : ' readonly'; ?> />
62 </td>
63 <td>
64 <button type="button" class="button button-small hh-btn-delete-ac"
65 title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button>
66 </td>
67 </tr>
68 <?php
69 }
70 }
71 ?>
72 <tr>
73 <td colspan="2">
74 <button type="button" class="button hh-btn-add-ac" data-name="hh_access_control_allow_headers_custom[]">+ <?php _e('Add header', 'http-headers'); ?></button>
75 </td>
76 </tr>
77 </tbody></table>
78 </td>
79 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Access-Control-Allow-Methods
8 <p class="description"><?php _e('The Access-Control-Allow-Methods header is returned by the server in a response to a preflight request and informs the browser about the HTTP methods that can be used in the actual request.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Access-Control-Allow-Methods</legend>
17 <?php
18 $access_control_allow_methods = get_option('hh_access_control_allow_methods', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_methods" value="<?php echo $k; ?>"<?php checked($access_control_allow_methods, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-acam' ); ?>
28 <?php do_settings_sections( 'http-headers-acam' ); ?>
29 <?php
30 $items = array('*', 'GET', 'POST', 'OPTIONS', 'HEAD', 'PUT', 'DELETE', 'TRACE', 'CONNECT', 'PATCH');
31 $access_control_allow_methods_value = get_option('hh_access_control_allow_methods_value');
32 if (!$access_control_allow_methods_value)
33 {
34 $access_control_allow_methods_value = array();
35 }
36 foreach ($items as $item)
37 {
38 ?><p><label><input type="checkbox" class="http-header-value" name="hh_access_control_allow_methods_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_allow_methods_value) ? NULL : ' checked'; ?><?php echo $access_control_allow_methods == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></p><?php
39 }
40 ?>
41 </td>
42 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Access-Control-Allow-Origin
8 <p class="description"><?php _e('The Access-Control-Allow-Origin header indicates whether a resource can be shared.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Access-Control-Allow-Origin</legend>
17 <?php
18 $access_control_allow_origin = get_option('hh_access_control_allow_origin', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_access_control_allow_origin" value="<?php echo $k; ?>"<?php checked($access_control_allow_origin, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-acao' ); ?>
28 <?php do_settings_sections( 'http-headers-acao' ); ?>
29 <?php
30 $access_control_allow_origin_url = get_option('hh_access_control_allow_origin_url');
31 if (is_scalar($access_control_allow_origin_url))
32 {
33 $access_control_allow_origin_url = array($access_control_allow_origin_url);
34 }
35 if (!is_array($access_control_allow_origin_url))
36 {
37 $access_control_allow_origin_url = array(NULL);
38 }
39 ?>
40 <table>
41 <tr>
42 <td>
43 <select name="hh_access_control_allow_origin_value" class="http-header-value"<?php echo $access_control_allow_origin == 1 ? NULL : ' readonly'; ?>>
44 <?php
45 $items = array('*', 'origin', 'null');
46 $access_control_allow_origin_value = get_option('hh_access_control_allow_origin_value');
47 foreach ($items as $item) {
48 ?><option value="<?php echo $item; ?>"<?php selected($access_control_allow_origin_value, $item); ?>><?php echo $item; ?></option><?php
49 }
50 ?>
51 </select>
52 </td>
53 <td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>"><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr(@$access_control_allow_origin_url[0]); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
54 <td class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">&nbsp;</td>
55 </tr>
56 <?php
57 foreach ($access_control_allow_origin_url as $i => $url)
58 {
59 if ($i == 0)
60 {
61 continue;
62 }
63 ?>
64 <tr class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
65 <td>&nbsp;</td>
66 <td><input type="text" name="hh_access_control_allow_origin_url[]" class="http-header-value" placeholder="http://domain.com" size="35" value="<?php echo esc_attr($url); ?>"<?php echo $access_control_allow_origin == 1 && $access_control_allow_origin_value == 'origin' ? NULL : ' readonly'; ?> /></td>
67 <td><button type="button" class="button button-small hh-btn-delete-origin" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
68 </tr>
69 <?php
70 }
71 ?>
72 <tr class="hh-acao<?php echo $access_control_allow_origin_value != 'origin' ? ' hh-hidden' : NULL; ?>">
73 <td>&nbsp;</td>
74 <td><button type="button" class="button hh-btn-add-origin">+ <?php _e('Add origin', 'http-headers'); ?></button></td>
75 <td>&nbsp;</td>
76 </tr>
77 </table>
78 </td>
79 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Access-Control-Expose-Headers
8 <p class="description"><?php _e('The Access-Control-Expose-Headers response header brings information about headers that browsers could allow accessing.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Access-Control-Expose-Headers</legend>
17 <?php
18 $access_control_expose_headers = get_option('hh_access_control_expose_headers', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_access_control_expose_headers" value="<?php echo $k; ?>"<?php checked($access_control_expose_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-aceh' ); ?>
28 <?php do_settings_sections( 'http-headers-aceh' ); ?>
29
30 <?php
31 $access_control_expose_headers_value = get_option('hh_access_control_expose_headers_value');
32 if (!$access_control_expose_headers_value)
33 {
34 $access_control_expose_headers_value = array();
35 }
36 ?>
37 <table><tbody><tr>
38 <?php
39 $i = 0;
40 array_unshift($headers_list, '*');
41 foreach ($headers_list as $item) {
42 if (in_array($item, $cors_safe_response_headers) || in_array($item, $cors_safe_request_headers))
43 {
44 continue;
45 }
46 if ($i % 3 === 0) {
47 ?></tr><tr><?php
48 }
49 ?><td><label><input type="checkbox" class="http-header-value" name="hh_access_control_expose_headers_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $access_control_expose_headers_value) ? NULL : ' checked'; ?><?php echo $access_control_expose_headers == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
50 $i += 1;
51 }
52 ?>
53 </tr>
54 </tbody></table>
55 <table><tbody>
56 <?php
57 $access_control_expose_headers_custom = get_option('hh_access_control_expose_headers_custom');
58 if (is_array($access_control_expose_headers_custom))
59 {
60 foreach ($access_control_expose_headers_custom as $header)
61 {
62 ?>
63 <tr>
64 <td><input type="text" name="hh_access_control_expose_headers_custom[]" class="http-header-value" size="35" value="<?php echo esc_attr($header); ?>"<?php echo $access_control_expose_headers == 1 ? NULL : ' readonly'; ?> /></td>
65 <td><button type="button" class="button button-small hh-btn-delete-ac" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
66 </tr>
67 <?php
68 }
69 }
70 ?>
71 <tr>
72 <td colspan="2">
73 <button type="button" class="button hh-btn-add-ac" data-name="hh_access_control_expose_headers_custom[]">+ <?php _e('Add header', 'http-headers'); ?></button>
74 </td>
75 </tr>
76 </tbody></table>
77 </td>
78 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Access-Control-Max-Age
8 <p class="description"><?php _e('The Access-Control-Max-Age header indicates how much time, the result of a preflight request, can be cached.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Access-Control-Max-Age</legend>
17 <?php
18 $access_control_max_age = get_option('hh_access_control_max_age', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_access_control_max_age" value="<?php echo $k; ?>"<?php checked($access_control_max_age, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-acma' ); ?>
28 <?php do_settings_sections( 'http-headers-acma' ); ?>
29 <input type="text" name="hh_access_control_max_age_value" class="http-header-value" value="<?php echo esc_attr(get_option('hh_access_control_max_age_value')); ?>"<?php echo $access_control_max_age == 1 ? NULL : ' checked'; ?>>
30 <?php _e('seconds', 'http-headers'); ?>
31 </td>
32 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 include dirname(__FILE__) . '/includes/config.inc.php';
6 include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
7 ?>
8 <form method="post" action="options.php" accept-charset="utf-8">
9 <?php settings_fields( 'http-headers-mtd' ); ?>
10 <?php do_settings_sections( 'http-headers-mtd' ); ?>
11 <div style="overflow: hidden">
12 <div style="float: left; width: 49%">
13 <table class="hh-index-table">
14 <thead>
15 <tr>
16 <th>Directive</th>
17 <th>Value</th>
18 </tr>
19 </thead>
20 <tbody>
21 <tr class="active">
22 <td>PHP version</td>
23 <td><?php echo PHP_VERSION; ?></td>
24 </tr>
25 <tr class="active">
26 <td>Server Software</td>
27 <td><?php echo getenv('SERVER_SOFTWARE'); ?></td>
28 </tr>
29 <tr class="active">
30 <td>Server API</td>
31 <td><?php echo PHP_SAPI; ?></td>
32 </tr>
33 <tr class="active">
34 <td>user_ini.filename</td>
35 <td><?php echo ini_get('user_ini.filename'); ?></td>
36 </tr>
37 </tbody>
38 </table>
39 </div>
40 <section class="hh-panel" style="float: right; width: 49%; box-sizing: border-box; margin: 0">
41 <table style="width: 100%">
42 <thead>
43 <tr>
44 <th colspan="2" style="text-align: left"><?php _e('Setup Location', 'http-headers'); ?></th>
45 </tr>
46 </thead>
47 <tbody>
48 <tr>
49 <td>Location of <code>.htaccess</code></td>
50 <td><input type="text" name="hh_htaccess_path" placeholder="<?php echo get_home_path(); ?>.htaccess" style="width: 100%" value="<?php echo get_option('hh_htaccess_path'); ?>"></td>
51 </tr>
52 <tr>
53 <td>Location of <code>.user.ini</code></td>
54 <td><input type="text" name="hh_user_ini_path" placeholder="<?php echo get_home_path(); ?>.user.ini" style="width: 100%" value="<?php echo get_option('hh_user_ini_path'); ?>"></td>
55 </tr>
56 <tr>
57 <td>Location of <code>.hh-htpasswd</code></td>
58 <td><input type="text" name="hh_htpasswd_path" placeholder="<?php echo get_home_path(); ?>.hh-htpasswd" style="width: 100%" value="<?php echo get_option('hh_htpasswd_path'); ?>"></td>
59 </tr>
60 <tr>
61 <td>Location of <code>.hh-htdigest</code></td>
62 <td><input type="text" name="hh_htdigest_path" placeholder="<?php echo get_home_path(); ?>.hh-htdigest" style="width: 100%" value="<?php echo get_option('hh_htdigest_path'); ?>"></td>
63 </tr>
64 <tr>
65 <td></td>
66 <td><?php submit_button(null, 'primary', null, false); ?></td>
67 </tr>
68 </tbody>
69 </table>
70 </section>
71 </div>
72
73 <section class="hh-panel">
74 <table class="form-table hh-table">
75 <tbody>
76 <tr valign="top">
77 <th scope="row"><?php _e('Default mode', 'http-headers'); ?>
78 <p class="description"><?php _e('Choose a method for sending of headers. Usually, the PHP method works perfectly. However, some third-party plugins like WP Super Cache may require switching to Apache method.', 'http-headers'); ?></p>
79 </th>
80 <td>&nbsp;</td>
81 <td>
82 <fieldset>
83 <?php
84 $items = array(
85 'php' => __('Use PHP to send headers (deprecated)', 'http-headers'),
86 'htaccess' => __('Use Apache (mod_headers) to send headers', 'http-headers'),
87 );
88 $method = get_option('hh_method');
89 foreach ($items as $key => $val) {
90 ?><p><label><input type="radio" name="hh_method" value="<?php echo $key; ?>"<?php checked($method, $key, true); ?>><?php echo $val; ?></label></p><?php
91 }
92 ?>
93 </fieldset>
94 </td>
95 </tr>
96 </tbody>
97 </table>
98 <?php submit_button(); ?>
99 </section>
100 </form>
101
102 <section class="hh-panel">
103 <table class="form-table hh-table">
104 <tbody>
105 <tr valign="top">
106 <th scope="row"><?php _e('Export', 'http-headers'); ?>
107 <p class="description"><?php _e('Export the plugin current state of settings for later use if recovery needs.', 'http-headers'); ?></p>
108 </th>
109 <td>&nbsp;</td>
110 <td>
111 <fieldset>
112 <form method="post" action="<?php echo admin_url('admin-post.php'); ?>" target="_blank">
113 <?php wp_nonce_field('export'); ?>
114 <input type="hidden" name="action" value="export">
115 <button type="submit" class="button button-primary"><?php _e('Export settings', 'http-headers'); ?></button>
116 </form>
117 </fieldset>
118 </td>
119 </tr>
120 <tr valign="top">
121 <th scope="row"><?php _e('Import', 'http-headers'); ?>
122 <p class="description"><?php _e('Import a previously saved state of settings.', 'http-headers'); ?></p>
123 </th>
124 <td>&nbsp;</td>
125 <td>
126 <fieldset>
127 <form method="post" action="<?php echo admin_url('admin-post.php'); ?>" enctype="multipart/form-data">
128 <?php wp_nonce_field('import'); ?>
129 <input type="hidden" name="action" value="import">
130 <input type="file" name="file" id="hh-import-file" class="hh-hidden">
131 <div class="button-group">
132 <button type="button" class="button hh-btn-import-choose"><?php _e('Choose file...', 'http-headers'); ?></button>
133 <button type="submit" class="button button-primary"><?php _e('Import settings', 'http-headers'); ?></button>
134 </div>
135 <p id="hh-import-name"></p>
136 </form>
137 </fieldset>
138 </td>
139 </tr>
140 </tbody>
141 </table>
142 </section>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Age
8 <p class="description"><?php _e('The Age header contains the time in seconds the object has been in a proxy cache.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Age"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Age</legend>
17 <?php
18 $age = get_option('hh_age', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_age" value="<?php echo $k; ?>"<?php checked($age, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-age' ); ?>
28 <?php do_settings_sections( 'http-headers-age' ); ?>
29 <input type="text" name="hh_age_value" class="http-header-value" size="5" value="<?php echo esc_attr(get_option('hh_age_value')); ?>"<?php echo $age == 1 ? NULL : ' checked'; ?>>
30 <?php _e('seconds', 'http-headers'); ?>
31 </td>
32 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!(isset($_POST['url']) && preg_match('|^https?://|', $_POST['url'])))
3 {
4 ?>
5 <section class="hh-panel">
6 <h3><span class="hh-highlight"><?php _e('URL malformed', 'http-headers'); ?></span></h3>
7 </section>
8 <?php
9 exit;
10 }
11
12 include 'includes/config.inc.php';
13
14 $args = array();
15
16 if (isset($_POST['authentication'], $_POST['username'], $_POST['password'])
17 && !empty($_POST['username'])
18 && !empty($_POST['password'])
19 )
20 {
21 $args['headers'] = array(
22 'Authorization' => sprintf('Basic %s', base64_encode($_POST['username'] .':'. $_POST['password']))
23 );
24 }
25
26 $response = wp_remote_head($_POST['url'], $args);
27 $status = wp_remote_retrieve_response_code($response);
28 $dictionary = wp_remote_retrieve_headers($response);
29 $responseHeaders = $dictionary ? $dictionary->getAll() : array();
30
31 if ($status !== 200)
32 {
33 ?>
34 <section class="hh-panel">
35 <h3><span class="hh-highlight"><?php _e('HTTP Status', 'http-headers'); ?>: <?php echo $status; ?></span></h3>
36 <p><?php
37 switch ($status)
38 {
39 case 400:
40 echo 'Bad Request';
41 break;
42 case 401:
43 echo 'Unauthorized';
44 break;
45 case 403:
46 echo 'Forbidden';
47 break;
48 case 404:
49 echo 'Not Found';
50 break;
51 case 405:
52 echo 'Method Not Allowed';
53 break;
54 default:
55 }
56 ?></p>
57 </section>
58 <?php
59 exit;
60 }
61 ?>
62 <section class="hh-panel">
63 <h3><span class="hh-highlight"><?php _e('Response headers', 'http-headers'); ?></span></h3>
64 <table class="hh-results">
65 <thead>
66 <tr>
67 <th style="width: 30%"><?php _e('Header', 'http-headers'); ?></th>
68 <th><?php _e('Value', 'http-headers'); ?></th>
69 </tr>
70 </thead>
71 <tbody>
72 <?php
73 $reportOnly = array('content-security-policy-report-only');
74 foreach ($responseHeaders as $k => $v)
75 {
76 $k = strtolower($k);
77 $found = in_array($k, $reportOnly);
78 $v = is_array($v) ? join(", ", $v) : $v;
79 ?>
80 <tr<?php echo array_key_exists($k, $headers) || $found ? ' class="hh-found"' : NULL; ?>>
81 <td><?php echo htmlspecialchars($k); ?></td>
82 <td><?php echo htmlspecialchars($v); ?></td>
83 </tr>
84 <?php
85 }
86 ?>
87 </tbody>
88 </table>
89 </section>
90 <?php
91 $special = array('content-security-policy');
92 $exclude = array('custom-headers', 'cookie-security', 'x-powered-by');
93 $missing = array();
94 foreach ($headers as $k => $v)
95 {
96 if (!array_key_exists($k, $responseHeaders)
97 && !in_array($k, $exclude)
98 && !(in_array($k, $special) && array_key_exists($k . '-report-only', $responseHeaders) ))
99 {
100 $missing[$k] = @$categories[$v[2]];
101 }
102 }
103
104 if (!empty($missing))
105 {
106 asort($missing);
107 ?>
108 <section class="hh-panel">
109 <h3><span class="hh-highlight"><?php _e('Missing headers', 'http-headers'); ?></span></h3>
110 <table class="hh-results">
111 <thead>
112 <tr>
113 <th style="width: 30%"><?php _e('Header', 'http-headers'); ?></th>
114 <th><?php _e('Category', 'http-headers'); ?></th>
115 </tr>
116 </thead>
117 <tbody>
118 <?php
119 foreach ($missing as $k => $v)
120 {
121 ?>
122 <tr>
123 <td><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;header=<?php echo htmlspecialchars($k); ?>"><?php echo $k; ?></a></td>
124 <td><?php echo $v; ?></td>
125 </tr>
126 <?php
127 }
128 ?>
129 </tbody>
130 </table>
131 </section>
132 <?php
133 }
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Cache-Control
8 <p class="description"><?php _e('The Cache-Control general-header field is used to specify directives for caching mechanisms in both, requests and responses. Caching directives are unidirectional, meaning that a given directive in a request is not implying that the same directive is to be given in the response.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Cache-Control</legend>
17 <?php
18 $cache_control = get_option('hh_cache_control', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_cache_control" value="<?php echo $k; ?>"<?php checked($cache_control, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-cc' ); ?>
28 <?php do_settings_sections( 'http-headers-cc' ); ?>
29 <?php
30 $items = array(
31 'must-revalidate' => 'bool',
32 'no-cache' => 'bool',
33 'no-store' => 'bool',
34 'no-transform' => 'bool',
35 'public' => 'bool',
36 'private' => 'bool',
37 'proxy-revalidate' => 'bool',
38 'max-age' => 'int',
39 's-maxage' => 'int',
40 'immutable' => 'bool',
41 'stale-while-revalidate' => 'int',
42 'stale-if-error' => 'int',
43 );
44 ?>
45 <table>
46 <?php
47 $cache_control_value = get_option('hh_cache_control_value');
48 if (!$cache_control_value)
49 {
50 $cache_control_value = array();
51 }
52 foreach ($items as $item => $type)
53 {
54 ?>
55 <tr>
56 <td><label for="hh_cache_control_value_<?php echo $item; ?>"><?php echo $item; ?></label></td>
57 <td><?php
58 switch ($type) {
59 case 'bool':
60 ?><input type="checkbox" class="http-header-value" name="hh_cache_control_value[<?php echo $item; ?>]" id="hh_cache_control_value_<?php echo $item; ?>" value="1"<?php checked(array_key_exists($item, $cache_control_value), 1, true); ?>><?php
61 break;
62 case 'int':
63 ?><input type="text" class="http-header-value" name="hh_cache_control_value[<?php echo $item; ?>]" id="hh_cache_control_value_<?php echo $item; ?>" size="6" value="<?php echo array_key_exists($item, $cache_control_value) && strlen($cache_control_value[$item]) > 0 ? (int) $cache_control_value[$item] : NULL; ?>"> <?php _e('seconds', 'http-headers');
64 break;
65 }
66 ?>
67 </td>
68 </tr>
69 <?php
70 }
71 ?>
72 </table>
73 </td>
74 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 include dirname(__FILE__) . '/includes/config.inc.php';
6 include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
7 ?>
8 <table class="hh-index-table">
9 <thead>
10 <tr>
11 <th><?php _e('Header', 'http-headers'); ?></th>
12 <th style="width: 45%"><?php _e('Value', 'http-headers'); ?></th>
13 <th class="hh-status"><?php _e('Status', 'http-headers'); ?></th>
14 <th></th>
15 </tr>
16 </thead>
17 <tbody>
18 <?php
19 foreach ($headers as $index => $item)
20 {
21 if (@$_GET['category'] != $item[2])
22 {
23 continue;
24 }
25
26 $key = $item[1];
27
28 $option = get_option($key, 0);
29 $isOn = (int) $option === 1;
30 $value = NULL;
31 if ($isOn)
32 {
33 $value = get_option($key .'_value');
34 switch ($key)
35 {
36 case 'hh_age':
37 $value = (int) $value;
38 break;
39 case 'hh_p3p':
40 if (!empty($value))
41 {
42 $value = sprintf('CP="%s"', join(' ', array_keys($value)));
43 }
44 break;
45 case 'hh_x_xxs_protection':
46 if ($value == '1; report=') {
47 $value .= get_option('hh_x_xxs_protection_uri');
48 }
49 break;
50 case 'hh_x_powered_by':
51 if (get_option('hh_x_powered_by_option') == 'unset') {
52 $value = '[Unset]';
53 }
54 break;
55 case 'hh_x_frame_options':
56 $value = strtoupper($value);
57 if ($value == 'ALLOW-FROM')
58 {
59 $value .= ' ' . get_option('hh_x_frame_options_domain');
60 }
61 break;
62 case 'hh_strict_transport_security':
63 $tmp = array();
64 $hh_strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
65 if ($hh_strict_transport_security_max_age !== false)
66 {
67 $tmp[] = sprintf('max-age=%u', $hh_strict_transport_security_max_age);
68 if (get_option('hh_strict_transport_security_sub_domains'))
69 {
70 $tmp[] = 'includeSubDomains';
71 }
72 if (get_option('hh_strict_transport_security_preload'))
73 {
74 $tmp[] = 'preload';
75 }
76 } else {
77 $tmp = array(get_option('hh_strict_transport_security_value'));
78 }
79 if (!empty($tmp))
80 {
81 $value = join('; ', $tmp);
82 }
83 break;
84 case 'hh_timing_allow_origin':
85 if ($value == 'origin')
86 {
87 $value = get_option('hh_timing_allow_origin_url');
88 }
89 break;
90 case 'hh_access_control_allow_origin':
91 if ($value == 'origin')
92 {
93 $value = join('<br>', get_option('hh_access_control_allow_origin_url', array()));
94 }
95 break;
96 case 'hh_access_control_expose_headers':
97 case 'hh_access_control_allow_headers':
98 case 'hh_access_control_allow_methods':
99 $value = join(', ', array_keys($value));
100 break;
101 case 'hh_content_security_policy':
102 $value = build_csp_value($value);
103 if (get_option('hh_content_security_policy_report_only')) {
104 $item[0] .= '-Report-Only';
105 }
106 break;
107 case 'hh_content_encoding':
108 $value = !$value ? null : join(', ', array_keys($value));
109
110 $ext = get_option('hh_content_encoding_ext');
111 if (!empty($ext)) {
112 $ext = join(', ', array_keys($ext));
113 $value .= (!empty($value) ? '<br>' : null) . $ext;
114 }
115 $module = get_option('hh_content_encoding_module');
116 switch ($module) {
117 case 'brotli_deflate':
118 $enc = 'br, gzip';
119 break;
120 case 'brotli':
121 $enc = 'br';
122 break;
123 case 'deflate':
124 default:
125 $enc = 'gzip';
126 break;
127 }
128
129 $value = !empty($value) ? sprintf('%s (%s)', $enc, $value) : $enc;
130 break;
131 case 'hh_vary':
132 $value = !$value ? null : join(', ', array_keys($value));
133 break;
134 case 'hh_www_authenticate':
135 $value = get_option('hh_www_authenticate_type');
136 break;
137 case 'hh_cache_control':
138 $tmp = array();
139 foreach ($value as $k => $v) {
140 if (in_array($k, array('max-age', 's-maxage', 'stale-while-revalidate', 'stale-if-error'))) {
141 if (strlen($v) > 0) {
142 $tmp[] = sprintf("%s=%u", $k, $v);
143 }
144 } else {
145 $tmp[] = $k;
146 }
147 }
148 $value = join(', ', $tmp);
149 break;
150 case 'hh_expires':
151 $tmp = array();
152 $types = get_option('hh_expires_type', array());
153 foreach ($types as $type => $whatever) {
154 list($base, $period, $suffix) = explode('_', $value[$type]);
155 if (in_array($base, array('access', 'modification'))) {
156 $tmp[] = $type != 'default'
157 ? sprintf('%s = "%s plus %u %s"', $type, $base, $period, $suffix)
158 : sprintf('default = "%s plus %u %s"', $base, $period, $suffix);
159 } elseif ($base == 'invalid') {
160 $tmp[] = $type != 'default'
161 ? sprintf('%s = A0', $type)
162 : sprintf('default = A0');
163 }
164 }
165 $value = join('<br>', $tmp);
166 break;
167 case 'hh_cookie_security':
168 if (is_array($value)) {
169 if (isset($value['SameSite']) && !is_samesite_supported()) {
170 unset($value['SameSite']);
171 }
172 }
173 $value = is_array($value) && !empty($value)
174 ? '&#10004; ' . join(' &#10004; ', array_keys($value))
175 : NULL;
176 break;
177 case 'hh_expect_ct':
178 $tmp = array();
179 $tmp[] = sprintf('max-age=%u', get_option('hh_expect_ct_max_age'));
180 if (get_option('hh_expect_ct_enforce') == 1) {
181 $tmp[] = 'enforce';
182 }
183 $tmp[] = sprintf('report-uri="%s"', get_option('hh_expect_ct_report_uri'));
184 $value = join(', ', $tmp);
185 break;
186 case 'hh_custom_headers':
187 $_names = array($item[0]);
188 $_values = array('&nbsp;');
189 foreach ($value['name'] as $key => $name)
190 {
191 if (!empty($name) && !empty($value['value'][$key]))
192 {
193 $_names[] = '<p class="hh-p">&nbsp;&nbsp;&nbsp;&nbsp;'.$name.'</p>';
194 $_values[] = '<p class="hh-p">'.$value['value'][$key].'</p>';
195 }
196 }
197 $item[0] = join('', $_names);
198 $value = join('', $_values);
199 break;
200 case 'hh_report_to':
201 $value = get_http_header('report_to');
202 break;
203 case 'hh_nel':
204 $value = get_http_header('nel');
205 break;
206 case 'hh_feature_policy':
207 $value = get_http_header('feature_policy');
208 break;
209 case 'hh_permissions_policy':
210 $value = get_http_header('permissions_policy');
211 break;
212 case 'hh_x_robots_tag':
213 $value = get_http_header('x_robots_tag');
214 break;
215 case 'hh_clear_site_data':
216 $value = '"' . join('", "', array_keys($value)) . '"';
217 break;
218 case 'hh_content_type':
219 $tmp = array();
220 foreach ($value as $key => $val) {
221 $tmp[] = sprintf(".%s => %s", $key, $val);
222 }
223 $value = join("<br>", $tmp);
224 break;
225 default:
226 $value = !is_array($value) ? $value : join(', ', $value);
227 }
228 }
229 $status = $isOn ? __('On', 'http-headers') : __('Off', 'http-headers');
230 ?>
231 <tr<?php echo $isOn ? ' class="active"' : NULL; ?>>
232 <td><?php echo $item[0]; ?></td>
233 <td><?php echo $value; ?></td>
234 <td class="hh-status hh-status-<?php echo $isOn ? 'on' : 'off'; ?>"><span><?php echo $status; ?></span></td>
235 <td><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&header=<?php
236 echo $index; ?>"><?php _e('Edit', 'http-headers'); ?></a></td>
237 </tr>
238 <?php
239 }
240 ?>
241 </tbody>
242 </table>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Clear-Site-Data
8 <p class="description"><?php _e('The Clear-Site-Data header clears browsing data (cookies, storage, cache) associated with the requesting website. It allows web developers to have more control over the data stored locally by a browser for their origins.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Clear-Site-Data</legend>
17 <?php
18 $clear_site_data = get_option('hh_clear_site_data', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_clear_site_data" value="<?php echo $k; ?>"<?php checked($clear_site_data, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-csd' ); ?>
28 <?php do_settings_sections( 'http-headers-csd' ); ?>
29 <?php
30 $items = array(
31 'cache' => 'bool',
32 'cookies' => 'bool',
33 'storage' => 'bool',
34 'executionContexts' => 'bool',
35 '*' => 'bool',
36 );
37 ?>
38 <table>
39 <?php
40 $clear_site_data_value = get_option('hh_clear_site_data_value');
41 if (!$clear_site_data_value)
42 {
43 $clear_site_data_value = array();
44 }
45 foreach ($items as $item => $type)
46 {
47 ?>
48 <tr>
49 <td><label for="hh_clear_site_data_value_<?php echo $item; ?>">"<?php echo $item; ?>"</label></td>
50 <td><?php
51 switch ($type) {
52 case 'bool':
53 ?><input type="checkbox" class="http-header-value" name="hh_clear_site_data_value[<?php echo $item; ?>]" id="hh_clear_site_data_value_<?php echo $item; ?>" value="1"<?php checked(array_key_exists($item, $clear_site_data_value), 1, true); ?>><?php
54 break;
55 }
56 ?>
57 </td>
58 </tr>
59 <?php
60 }
61 ?>
62 </table>
63 </td>
64 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Connection
8 <p class="description"><?php _e('The Connection general header controls whether or not the network connection stays open after the current transaction finishes. If the value sent is keep-alive, the connection is persistent and not closed, allowing for subsequent requests to the same server to be done.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Connection"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Connection</legend>
17 <?php
18 $connection = get_option('hh_connection', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_connection" value="<?php echo $k; ?>"<?php checked($connection, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-con' ); ?>
28 <?php do_settings_sections( 'http-headers-con' ); ?>
29 <select name="hh_connection_value" class="http-header-value"<?php echo $connection == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('keep-alive', 'close');
32 $connection_value = get_option('hh_connection_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($connection_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Content-Encoding
8 <p class="description"><?php _e('Compression is an important way to increase the performance of a Web site. For some documents, size reduction of up to 70% lowers the bandwidth capacity needs.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Content-Encoding</legend>
17 <?php
18 $content_encoding = get_option('hh_content_encoding', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_content_encoding" value="<?php echo $k; ?>"<?php checked($content_encoding, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-ce' ); ?>
28 <?php do_settings_sections( 'http-headers-ce' ); ?>
29 <table>
30 <tbody>
31 <tr>
32 <th colspan="2"><?php _e('Module', 'http-headers'); ?></th>
33 </tr>
34 <?php
35 $content_encoding_module = get_option('hh_content_encoding_module');
36 ?>
37 <tr>
38 <td colspan="2" class="hh-td-inner">
39 <table style="width: 100%">
40 <tbody>
41 <tr>
42 <td>
43 <label><input type="radio" name="hh_content_encoding_module" value="deflate"<?php echo $content_encoding_module == 'deflate' || !$content_encoding_module ? ' checked' : NULL; ?>> <?php _e('DEFLATE', 'http-headers'); ?></label>
44 </td>
45 <td>
46 <label><input type="radio" name="hh_content_encoding_module" value="brotli"<?php checked($content_encoding_module, 'brotli'); ?>> <?php _e('BROTLI', 'http-headers'); ?></label>
47 </td>
48 <td>
49 <label><input type="radio" name="hh_content_encoding_module" value="brotli_deflate"<?php checked($content_encoding_module, 'brotli_deflate'); ?>> <?php _e('BROTLI; DEFLATE', 'http-headers'); ?></label>
50 </td>
51 </tr>
52 </tbody>
53 </table>
54 </td>
55 </tr>
56 <tr>
57 <th colspan="2"><?php _e('By content type', 'http-headers'); ?></th>
58 </tr><tr>
59 <?php
60 $items = array(
61 'application/javascript',
62 'application/x-javascript',
63 'application/json',
64 'application/ld+json',
65 'application/manifest+json',
66 'application/rdf+xml',
67 'application/rss+xml',
68 'application/schema+json',
69 'application/vnd.geo+json',
70 'application/x-web-app-manifest+json',
71 'application/vnd.ms-fontobject',
72 'application/x-font-ttf',
73 'application/xhtml+xml',
74 'application/xml',
75 'font/opentype',
76 'font/eot',
77 'image/bmp',
78 'image/svg+xml',
79 'image/x-icon',
80 'image/vnd.microsoft.icon',
81 'text/javascript',
82 'text/css',
83 'text/html',
84 'text/plain',
85 'text/x-component',
86 'text/xml',
87 );
88 $content_encoding_value = get_option('hh_content_encoding_value');
89 if (!$content_encoding_value) {
90 $content_encoding_value = array();
91 }
92 foreach ($items as $i => $item) {
93 if ($i > 0 && $i % 2 === 0) {
94 ?></tr><tr><?php
95 }
96 ?><td><label><input type="checkbox" class="http-header-value" name="hh_content_encoding_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $content_encoding_value) ? NULL : ' checked'; ?><?php echo $content_encoding == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
97 }
98 ?>
99 </tr>
100
101 <tr>
102 <th colspan="2"><?php _e('By extension', 'http-headers'); ?></th>
103 </tr>
104 <tr>
105 <?php
106 $content_encoding_ext = get_option('hh_content_encoding_ext');
107 if (!$content_encoding_ext) {
108 $content_encoding_ext = array();
109 }
110 $items = array('php', 'html', 'js', 'css', 'json', 'xml', 'svg', 'txt', 'bmp', 'ico', 'ttf', 'otf', 'eot');
111 foreach ($items as $i => $item) {
112 if ($i > 0 && $i % 2 === 0) {
113 ?></tr><tr><?php
114 }
115 ?><td><label><input type="checkbox" class="http-header-value" name="hh_content_encoding_ext[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $content_encoding_ext) ? NULL : ' checked'; ?><?php echo $content_encoding == 1 ? NULL : ' readonly'; ?> /> *.<?php echo $item; ?></label></td><?php
116 }
117 ?>
118 </tr>
119
120 </tbody></table>
121 </td>
122 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 $content_security_policy = get_option('hh_content_security_policy', 0);
6 ?>
7 <tr valign="top">
8 <th scope="row">Content Security Policy
9 <p class="description"><?php _e('Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware.', 'http-headers'); ?></p>
10
11 <p>
12 <label><input type="checkbox" class="http-header-value"
13 name="hh_content_security_policy_report_only" value="1"
14 <?php checked(get_option('hh_content_security_policy_report_only'), 1, true); ?>
15 <?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?> /> "Report-Only" (<?php _e('for reporting-only purposes', 'http-headers'); ?>)</label>
16 </p>
17 <hr>
18 <p class="description">Useful tools:</p>
19 <p class="description">
20 <a target="_blank" href="https://zinoui.com/tools/sri-generator">SRI Hash Generator</a>
21 - generates subresource integrity hashes using a cryptographic algorithm.
22 </p>
23 <p class="description">
24 <a target="_blank" href="https://zinoui.com/tools/csp-hash">CSP Hash Generator</a>
25 - generates CSP hashes to use in script-src and style-src directives.
26 </p>
27 <hr>
28 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
29 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
30 </p>
31 </th>
32 <td>
33 <fieldset>
34 <legend class="screen-reader-text">Content-Security-Policy</legend>
35 <?php
36 foreach ($bools as $k => $v)
37 {
38 ?><p><label><input type="radio" class="http-header" name="hh_content_security_policy" value="<?php echo $k; ?>"<?php checked($content_security_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
39 }
40 ?>
41 </fieldset>
42 </td>
43 <td>
44 <?php settings_fields( 'http-headers-csp' ); ?>
45 <?php do_settings_sections( 'http-headers-csp' ); ?>
46 <table>
47 <tbody>
48 <tr>
49 <td><strong><?php _e('Directive', 'http-headers'); ?></strong></td>
50 <td><strong><?php _e('Value', 'http-headers'); ?></strong></td>
51 </tr>
52 <?php
53 $directives = array(
54 'default-src',
55 'script-src',
56 'style-src',
57 'img-src',
58 'connect-src',
59 'font-src',
60 'media-src',
61 'report-uri',
62 'child-src',
63 'form-action',
64 'frame-ancestors',
65 'object-src',
66 'frame-src',
67 'worker-src',
68 'manifest-src',
69 'navigate-to',
70 'prefetch-src',
71 'base-uri',
72 'plugin-types',
73 'report-to',
74 'sandbox',
75 'require-sri-for',
76 'block-all-mixed-content',
77 'upgrade-insecure-requests',
78 );
79 $csp_value = get_option('hh_content_security_policy_value');
80 foreach ($directives as $item)
81 {
82 ?>
83 <tr>
84 <td><?php echo $item; ?></td>
85 <td>
86 <?php
87
88 if ($item == 'sandbox')
89 {
90 include 'includes/csp-sandbox.inc.php';
91
92 } elseif (in_array($item, array('block-all-mixed-content', 'upgrade-insecure-requests'))) {
93
94 include 'includes/csp-inc.inc.php';
95
96 } elseif (in_array($item, array('report-to', 'plugin-types'))) {
97
98 include 'includes/csp-text.inc.php';
99
100 } elseif ($item == 'require-sri-for') {
101
102 include 'includes/csp-sri.inc.php';
103
104 } else {
105
106 include 'includes/csp-src.inc.php';
107
108 }
109 ?>
110 </td>
111 </tr>
112 <?php
113 }
114 ?>
115 </tbody>
116 </table>
117 </td>
118 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Content-Type
8 <p class="description"><?php _e('The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content actually is. Browsers will do MIME sniffing in some cases and will not necessarily follow the value of this header; to prevent this behavior, the header X-Content-Type-Options can be set to nosniff.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Content-Type</legend>
17 <?php
18 $content_type = get_option('hh_content_type', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_content_type" value="<?php echo $k; ?>"<?php checked($content_type, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields('http-headers-cty'); ?>
28 <?php do_settings_sections('http-headers-cty'); ?>
29 <?php
30 $content_type_value = get_option('hh_content_type_value');
31 if (!$content_type_value) {
32 $content_type_value = array();
33 }
34
35 $map = array(
36 'eot' => 'application/vnd.ms-fontobject',
37 'otf' => 'application/x-font-opentype',
38 'svg' => 'image/svg+xml',
39 'ttf' => 'application/x-font-ttf',
40 'woff' => 'application/font-woff',
41 'woff2' => 'application/font-woff2',
42 'jsonp' => 'application/javascript',
43 );
44 ?>
45 <table>
46 <tbody>
47 <tr>
48 <td></td>
49 <td><strong><?php _e('Extension', 'http-headers'); ?></strong></td>
50 <td><strong><?php _e('Media type', 'http-headers'); ?></strong></td>
51 </tr>
52 <?php
53 foreach ($map as $ext => $media_type)
54 {
55 ?>
56 <tr>
57 <td>
58 <input type="checkbox" class="http-header-value"
59 name="hh_content_type_value[<?php echo $ext; ?>]"
60 value="<?php echo $media_type; ?>"<?php
61 echo !(array_key_exists($ext, $content_type_value) && $content_type_value[$ext] == $media_type) ? NULL : ' checked';
62 echo $content_type == 1 ? NULL : ' readonly'; ?>></td>
63 <td>.<?php echo $ext; ?></td>
64 <td><?php echo $media_type; ?></td>
65 </tr>
66 <?php
67 }
68 ?>
69 </tbody>
70 </table>
71 </td>
72 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Cookie security
8 <p class="description"><?php _e('A secure cookie is only sent to the server with a encrypted request over the HTTPS protocol.', 'http-headers'); ?></p>
9 <p class="description"><?php _e("To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server.", 'http-headers'); ?></p>
10 <p class="description"><?php _e('SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks.', 'http-headers'); ?></p>
11 <hr>
12 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
13 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Secure_and_HttpOnly_cookies"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
14 </p>
15 </th>
16 <td>
17 <fieldset>
18 <legend class="screen-reader-text">Cookie security</legend>
19 <?php
20 $cookie_security = get_option('hh_cookie_security', 0);
21 foreach ($bools as $k => $v)
22 {
23 ?><p><label><input type="radio" class="http-header" name="hh_cookie_security" value="<?php echo $k; ?>"<?php checked($cookie_security, $k); ?> /> <?php echo $v; ?></label></p><?php
24 }
25 ?>
26 </fieldset>
27 </td>
28 <td>
29 <?php settings_fields( 'http-headers-cose' ); ?>
30 <?php do_settings_sections( 'http-headers-cose' ); ?>
31 <?php
32 $items = array('Secure', 'HttpOnly', 'SameSite');
33 $cookie_security_value = get_option('hh_cookie_security_value');
34 foreach ($items as $item)
35 {
36 $is_checked = is_array($cookie_security_value) && array_key_exists($item, $cookie_security_value);
37 ?>
38 <p>
39 <label><input type="checkbox"
40 class="http-header-value"
41 name="hh_cookie_security_value[<?php echo $item; ?>]"
42 value="1"<?php echo !$is_checked ? NULL : ' checked'; ?><?php echo $cookie_security == 1 ? NULL : ' readonly'; ?>> <?php echo $item; ?><?php
43 ?></label>
44 </p>
45 <?php
46 if ($item == 'SameSite')
47 {
48 foreach (array('None', 'Lax', 'Strict') as $s_val)
49 {
50 ?>
51 <p class="hh-csv-value<?php echo !$is_checked ? ' hh-hidden' : NULL; ?>">
52 <label><input type="radio"
53 class="http-header-value"
54 name="hh_cookie_security_value[SameSite]"
55 value="<?php echo $s_val; ?>"<?php echo !is_array($cookie_security_value) || !array_key_exists($item, $cookie_security_value) || $cookie_security_value[$item] != $s_val ? NULL : ' checked'; ?><?php echo $cookie_security == 1 ? NULL : ' readonly'; ?>> <?php echo $s_val; ?></label>
56 </p>
57 <?php
58 }
59 }
60 }
61 ?>
62 </td>
63 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Cross-Origin-Embedder-Policy
8 <p class="description"><?php _e("The HTTP Cross-Origin-Embedder-Policy (COEP) response header prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).", 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Cross-Origin-Embedder-Policy</legend>
17 <?php
18 $cross_origin_embedder_policy = get_option('hh_cross_origin_embedder_policy', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_cross_origin_embedder_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_embedder_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-coep' ); ?>
28 <?php do_settings_sections( 'http-headers-coep' ); ?>
29 <select name="hh_cross_origin_embedder_policy_value" class="http-header-value"<?php echo $cross_origin_embedder_policy == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('unsafe-none', 'require-corp');
32 $cross_origin_embedder_policy_value = get_option('hh_cross_origin_embedder_policy_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($cross_origin_embedder_policy_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Cross-Origin-Opener-Policy
8 <p class="description"><?php _e('The HTTP Cross-Origin-Opener-Policy (COOP) response header allows you to ensure a top-level document does not share a browsing context group with cross-origin documents.', 'http-headers'); ?></p>
9 <p class="description"><?php _e("COOP will process-isolate your document and potential attackers can't access to your global object if they were opening it in a popup, preventing a set of cross-origin attacks dubbed XS-Leaks.", 'http-headers'); ?></p>
10 <p class="description"><?php _e('If a cross-origin document with COOP is opened in a new window, the opening document will not have a reference to it, and the window.opener property of the new window will be null. This allows you to have more control over references to a window than rel=noopener, which only affects outgoing navigations.', 'http-headers'); ?></p>
11 <hr>
12 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
13 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
14 </p>
15 </th>
16 <td>
17 <fieldset>
18 <legend class="screen-reader-text">Cross-Origin-Opener-Policy</legend>
19 <?php
20 $cross_origin_opener_policy = get_option('hh_cross_origin_opener_policy', 0);
21 foreach ($bools as $k => $v)
22 {
23 ?><p><label><input type="radio" class="http-header" name="hh_cross_origin_opener_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_opener_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
24 }
25 ?>
26 </fieldset>
27 </td>
28 <td>
29 <?php settings_fields( 'http-headers-coop' ); ?>
30 <?php do_settings_sections( 'http-headers-coop' ); ?>
31 <select name="hh_cross_origin_opener_policy_value" class="http-header-value"<?php echo $cross_origin_opener_policy == 1 ? NULL : ' readonly'; ?>>
32 <?php
33 $items = array('unsafe-none', 'same-origin-allow-popups', 'same-origin');
34 $cross_origin_opener_policy_value = get_option('hh_cross_origin_opener_policy_value');
35 foreach ($items as $item) {
36 ?><option value="<?php echo $item; ?>"<?php selected($cross_origin_opener_policy_value, $item); ?>><?php echo $item; ?></option><?php
37 }
38 ?>
39 </select>
40 </td>
41 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Cross-Origin-Resource-Policy
8 <p class="description"><?php _e('The HTTP Cross-Origin-Resource-Policy response header conveys a desire that the browser blocks no-cors cross-origin/cross-site requests to the given resource.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Cross-Origin-Resource-Policy</legend>
17 <?php
18 $cross_origin_resource_policy = get_option('hh_cross_origin_resource_policy', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_cross_origin_resource_policy" value="<?php echo $k; ?>"<?php checked($cross_origin_resource_policy, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-corp' ); ?>
28 <?php do_settings_sections( 'http-headers-corp' ); ?>
29 <select name="hh_cross_origin_resource_policy_value" class="http-header-value"<?php echo $cross_origin_resource_policy == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('same-site', 'same-origin', 'cross-origin');
32 $cross_origin_resource_policy_value = get_option('hh_cross_origin_resource_policy_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($cross_origin_resource_policy_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Custom headers
8 <p class="description"><?php _e('Common non-standard response fields:', 'http-headers'); ?>
9 <br>X-Pingback
10 <br>X-Cache
11 <br>X-Edge-Location
12 <br>X-HTTP-Method-Override
13 <br>X-Csrf-Token
14 <br>X-Request-ID
15 <br>X-Correlation-ID
16 <br>X-Content-Duration
17 </p>
18 </th>
19 <td>
20 <fieldset>
21 <legend class="screen-reader-text">Custom headers</legend>
22 <?php
23 $custom_headers = get_option('hh_custom_headers', 0);
24 foreach ($bools as $k => $v)
25 {
26 ?><p><label><input type="radio" class="http-header" name="hh_custom_headers" value="<?php echo $k; ?>"<?php checked($custom_headers, $k); ?> /> <?php echo $v; ?></label></p><?php
27 }
28 ?>
29 </fieldset>
30 </td>
31 <td>
32 <?php settings_fields( 'http-headers-che' ); ?>
33 <?php do_settings_sections( 'http-headers-che' ); ?>
34 <?php
35 $custom_headers_value = get_option('hh_custom_headers_value');
36 if (!$custom_headers_value) {
37 $custom_headers_value = array();
38 }
39 ?>
40 <table>
41 <thead>
42 <tr>
43 <th><?php _e('Header', 'http-headers'); ?></th>
44 <th><?php _e('Value', 'http-headers'); ?></th>
45 <th></th>
46 </tr>
47 </thead>
48 <tbody>
49 <?php
50 if (empty($custom_headers_value))
51 {
52 ?>
53 <tr>
54 <td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name"></td>
55 <td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="<?php esc_attr_e('Value', 'http-headers'); ?>"></td>
56 <td></td>
57 </tr>
58 <?php
59 } else {
60 foreach ($custom_headers_value['name'] as $key => $name)
61 {
62 if (empty($name) || empty($custom_headers_value['value'][$key]))
63 {
64 continue;
65 }
66 ?>
67 <tr>
68 <td><input type="text" name="hh_custom_headers_value[name][]" class="http-header-value" placeholder="X-Custom-Name" value="<?php echo esc_attr($name); ?>"<?php echo $custom_headers == 1 ? NULL : ' readonly'; ?>></td>
69 <td><input type="text" name="hh_custom_headers_value[value][]" class="http-header-value" placeholder="<?php esc_attr_e('Value', 'http-headers'); ?>" value="<?php echo esc_attr($custom_headers_value['value'][$key]); ?>"<?php echo $custom_headers == 1 ? NULL : ' readonly'; ?>></td>
70 <td><button type="button" class="button button-small hh-btn-delete-header" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button></td>
71 </tr>
72 <?php
73 }
74 }
75 ?>
76 <tr>
77 <td colspan="3"><button type="button" class="button" id="hh-btn-add-header">+ <?php _e('Add header', 'http-headers'); ?></button></td>
78 </tr>
79 </tbody>
80 </table>
81 </td>
82 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 include dirname(__FILE__) . '/includes/config.inc.php';
6 ?>
7 <div class="hh-wrapper">
8 <div class="hh-categories">
9 <?php
10 $tmp = array();
11 foreach ($headers as $item)
12 {
13 if (!isset($tmp[$item[2]]))
14 {
15 $tmp[$item[2]] = array('total' => 0, 'on' => 0);
16 }
17 $tmp[$item[2]]['total'] += 1;
18 if (get_option($item[1]) == 1)
19 {
20 $tmp[$item[2]]['on'] += 1;
21 }
22 }
23 foreach ($categories as $key => $val)
24 {
25 ?>
26 <a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;category=<?php echo $key; ?>" class="hh-category">
27 <i></i>
28 <span><?php echo $key[0]; ?></span>
29 <strong><?php echo $val; ?></strong>(<?php printf('%u/%u', @$tmp[$key]['on'], @$tmp[$key]['total']); ?>)</a>
30 <?php
31 }
32 ?>
33 </div>
34
35 <div class="hh-sidebar">
36 <div class="hh-sidebar-inner">
37 <h3><?php _e('Rate us', 'http-headers'); ?></h3>
38 <p><?php _e('Tell us what you think about this plugin', 'http-headers'); ?> <a href="https://wordpress.org/support/plugin/http-headers/reviews/?rate=5#new-post"><?php _e('writing a review', 'http-headers'); ?></a>.</p>
39 <h3><?php _e('Contribution', 'http-headers'); ?></h3>
40 <p><?php _e('Help us to continue developing this plugin with a small donation.', 'http-headers'); ?></p>
41 <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_blank">
42 <input type="hidden" name="cmd" value="_xclick">
43 <input type="hidden" name="business" value="biggie@abv.bg">
44 <input type="hidden" name="item_name" value="HTTP Headers Donation">
45 <input type="hidden" name="no_shipping" value="1">
46 <input type="hidden" name="lc" value="US">
47 <input type="hidden" name="currency_code" value="USD">
48 <input type="hidden" name="item_number" value="">
49 $ <input type="text" name="amount" value="5" size="3">
50 <button type="submit" class="button"><?php _e('Donate', 'http-headers'); ?></button>
51 </form>
52 </div>
53 </div>
54 </div>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Expect-CT
8 <p class="description"><?php _e('Expect-CT is an HTTP header that allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. When a site enables the Expect-CT header, they are requesting that Chrome check that any certificate for that site appears in public CT logs.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Expect-CT</legend>
17 <?php
18 $expect_ct = get_option('hh_expect_ct', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_expect_ct" value="<?php echo $k; ?>"<?php checked($expect_ct, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-ect' ); ?>
28 <?php do_settings_sections( 'http-headers-ect' ); ?>
29 <table>
30 <tr>
31 <td>max-age:</td>
32 <td><select name="hh_expect_ct_max_age" class="http-header-value"<?php echo $expect_ct == 1 ? NULL : ' readonly'; ?>>
33 <?php
34 $items = array('3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year');
35 $expect_ct_max_age = get_option('hh_expect_ct_max_age');
36 foreach ($items as $key => $item) {
37 ?><option value="<?php echo $key; ?>"<?php selected($expect_ct_max_age, $key); ?>><?php echo $item; ?></option><?php
38 }
39 ?>
40 </select></td>
41 </tr>
42 <tr>
43 <td>report-uri:</td>
44 <td><input type="text" class="http-header-value" name="hh_expect_ct_report_uri" value="<?php echo esc_attr(get_option('hh_expect_ct_report_uri')); ?>" placeholder="https://example.com/ct-report"<?php echo $expect_ct == 1 ? NULL : ' readonly'; ?> /></td>
45 </tr>
46 <tr>
47 <td>enforce:</td>
48 <td><input type="checkbox" class="http-header-value" name="hh_expect_ct_enforce" value="1"<?php checked(get_option('hh_expect_ct_enforce'), 1, true); ?><?php echo $expect_ct == 1 ? NULL : ' readonly'; ?> /></td>
49 </tr>
50 </table>
51 </td>
52 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Expires
8 <p class="description"><?php _e('The Expires header contains the date/time after which the response is considered stale.', 'http-headers'); ?></p>
9 <p class="description"><?php _e('Invalid dates, like the value 0, represent a date in the past and mean that the resource is already expired.', 'http-headers'); ?></p>
10 <p class="description"><?php _e("If there is a Cache-Control header with the 'max-age' or 's-max-age' directive in the response, the Expires header is ignored.", 'http-headers'); ?></p>
11 <p class="description"><?php _e('* Works only in Apache mode', 'http-headers'); ?></p>
12
13 <hr>
14 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
15 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
16 </p>
17 </th>
18 <td>
19 <fieldset>
20 <legend class="screen-reader-text">Expires</legend>
21 <?php
22 $expires = get_option('hh_expires', 0);
23 foreach ($bools as $k => $v)
24 {
25 ?><p><label><input type="radio" class="http-header" name="hh_expires" value="<?php echo $k; ?>"<?php checked($expires, $k); ?> /> <?php echo $v; ?></label></p><?php
26 }
27 ?>
28 </fieldset>
29 </td>
30 <td>
31 <?php settings_fields( 'http-headers-exp' ); ?>
32 <?php do_settings_sections( 'http-headers-exp' ); ?>
33 <table>
34 <?php
35 $types = array(
36 'default',
37 'text/css',
38 'text/javascript',
39 'text/plain',
40 'image/gif',
41 'image/png',
42 'image/jpeg',
43 'image/x-icon',
44 'application/x-javascript',
45 'application/javascript',
46 'application/x-icon',
47 );
48 $items = array(
49 'invalid_0_date' => '0 (invalid date)',
50 'access_1_hour' => 'Access +1 hour',
51 'access_6_hours' => 'Access +6 hours',
52 'access_12_hours' => 'Access +12 hours',
53 'access_1_day' => 'Access +1 day',
54 'access_3_days' => 'Access +3 days',
55 'access_1_week' => 'Access +1 week',
56 'access_2_weeks' => 'Access +2 weeks',
57 'access_1_month' => 'Access +1 month',
58 'access_3_months' => 'Access +3 months',
59 'access_6_months' => 'Access +6 months',
60 'access_1_year' => 'Access +1 year',
61 'modification_1_hour' => 'Modification +1 hour',
62 'modification_6_hours' => 'Modification +6 hours',
63 'modification_12_hours' => 'Modification +12 hours',
64 'modification_1_day' => 'Modification +1 day',
65 'modification_3_days' => 'Modification +3 days',
66 'modification_1_week' => 'Modification +1 week',
67 'modification_2_weeks' => 'Modification +2 weeks',
68 'modification_1_month' => 'Modification +1 month',
69 'modification_3_months' => 'Modification +3 months',
70 'modification_6_months' => 'Modification +6 months',
71 'modification_1_year' => 'Modification +1 year',
72 );
73 $expires_value = get_option('hh_expires_value');
74 $expires_type = get_option('hh_expires_type');
75 if (!$expires_value)
76 {
77 $expires_value = array();
78 }
79 if (!$expires_type)
80 {
81 $expires_type = array();
82 }
83 foreach ($types as $type) {
84 ?>
85 <tr>
86 <td><input type="checkbox" class="http-header-value" name="hh_expires_type[<?php echo $type; ?>]" value="1"<?php echo !is_array($expires_type) || !array_key_exists($type, $expires_type) ? NULL : ' checked'; ?><?php echo $expires == 1 ? NULL : ' readonly'; ?>></td>
87 <td><?php echo $type; ?></td>
88 <td>
89 <select class="http-header-value" name="hh_expires_value[<?php echo $type; ?>]"<?php echo $expires == 1 ? NULL : ' readonly'; ?>>
90 <?php
91 foreach ($items as $k => $v) {
92 $val_type = !empty($expires_value[$type]) ? $expires_value[$type] : '';
93 ?><option value="<?php echo $k; ?>"<?php selected($val_type, $k); ?>><?php echo $v; ?></option><?php
94 }
95 ?>
96 </select>
97 </td>
98 </tr>
99 <?php
100 }
101 ?>
102 </table>
103 </td>
104 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Feature-Policy
8 <p class="description"><?php _e('With Feature Policy, you opt-in to a set of policies for the browser to enforce on specific features used throughout your site. These policies restrict what APIs the site can access or modify the browser\'s default behavior for certain features.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Feature-Policy</legend>
17 <?php
18 $feature_policy = get_option('hh_feature_policy', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_feature_policy" value="<?php echo $k; ?>"<?php checked($feature_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-fp' ); ?>
28 <?php do_settings_sections( 'http-headers-fp' ); ?>
29 <table>
30 <tbody>
31 <?php
32 $features = array(
33 'accelerometer',
34 'ambient-light-sensor',
35 'autoplay',
36 'camera',
37 'cookie',
38 'docwrite',
39 'domain',
40 'encrypted-media',
41 'fullscreen',
42 'geolocation',
43 'gyroscope',
44 'magnetometer',
45 'microphone',
46 'midi',
47 'payment',
48 'picture-in-picture',
49 'speaker',
50 'sync-script',
51 'sync-xhr',
52 'unsized-media',
53 'usb',
54 'vertical-scroll',
55 'vibrate',
56 'vr',
57 );
58 $origins = array("'self'", "'none'", '*', 'origin(s)');
59
60 $feature_policy_value = get_option('hh_feature_policy_value');
61 $feature_policy_feature = get_option('hh_feature_policy_feature');
62 $feature_policy_origin = get_option('hh_feature_policy_origin');
63 if (!$feature_policy_value)
64 {
65 $feature_policy_value = array();
66 }
67 if (!$feature_policy_feature)
68 {
69 $feature_policy_feature = array();
70 }
71 if (!$feature_policy_origin)
72 {
73 $feature_policy_origin = array();
74 }
75
76 foreach ($features as $feature)
77 {
78 ?>
79 <tr>
80 <td><input type="checkbox" name="hh_feature_policy_feature[<?php echo $feature; ?>]" class="http-header-value"
81 value="1"<?php echo !is_array($feature_policy_feature) || !array_key_exists($feature, $feature_policy_feature) ? NULL : ' checked'; ?><?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>></td>
82 <td><?php echo $feature; ?></td>
83 <td>
84 <select name="hh_feature_policy_value[<?php echo $feature; ?>]"
85 class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
86 <?php
87 foreach ($origins as $origin)
88 {
89 ?><option value="<?php echo $origin; ?>"<?php selected(@$feature_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
90 }
91 ?>
92 </select>
93 <input type="text" name="hh_feature_policy_origin[<?php echo $feature; ?>]"
94 value="<?php echo @$feature_policy_origin[$feature]; ?>" size="30"<?php echo isset($feature_policy_value[$feature]) && in_array($feature_policy_value[$feature], array('origin(s)', "'self'")) ? NULL : ' style="display: none"'; ?>
95 class="http-header-value"<?php echo $feature_policy == 1 ? NULL : ' readonly'; ?>>
96 </td>
97 </tr>
98 <?php
99 }
100 ?>
101 </tbody>
102 </table>
103 </td>
104 </td>
105 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 include dirname(__FILE__) . '/includes/config.inc.php';
6 include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
7 ?>
8
9 <section class="hh-panel">
10 <form method="post" action="options.php">
11 <table class="form-table hh-table">
12 <tbody>
13 <?php
14 $header_file = sprintf('%s/%s.php', dirname(__FILE__), basename($_GET['header']));
15 if (is_file($header_file))
16 {
17 include $header_file;
18 }
19 ?>
20 </tbody>
21 </table>
22 <?php submit_button(); ?>
23 </form>
24 </section>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <ul class="hh-breadcrumbs">
7 <li><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers"><?php _e('Dashboard', 'http-headers'); ?></a></li>
8 <?php
9 if (isset($_GET['category']))
10 {
11 ?><li><?php echo @$categories[$_GET['category']]; ?></li><?php
12 } elseif (isset($_GET['header'])) {
13 ?><li><a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;category=<?php echo htmlspecialchars($headers[$_GET['header']][2]); ?>"><?php echo @$categories[$headers[$_GET['header']][2]]; ?></a></li><?php
14 ?><li><?php echo @$headers[$_GET['header']][0]; ?></li><?php
15 } elseif (isset($_GET['tab']) && $_GET['tab'] == 'advanced') {
16 ?><li><?php _e('Advanced settings', 'http-headers'); ?></li><?php
17 } elseif (isset($_GET['tab']) && $_GET['tab'] == 'manual') {
18 ?><li><?php _e('Manual setup', 'http-headers'); ?></li><?php
19 } elseif (isset($_GET['tab']) && $_GET['tab'] == 'inspect') {
20 ?><li><?php _e('Inspect headers', 'http-headers'); ?></li><?php
21 }
22 ?>
23 </ul>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 $bools = array(
6 0 => __('Off', 'http-headers'),
7 1 => __('On', 'http-headers'),
8 );
9
10 $categories = array(
11 'security' => __('Security', 'http-headers'),
12 'access-control' => __('Access control', 'http-headers'),
13 'authentication' => __('Authentication', 'http-headers'),
14 'compression' => __('Compression', 'http-headers'),
15 'caching' => __('Caching', 'http-headers'),
16 'misc' => __('Miscellaneous', 'http-headers'),
17 );
18
19 $headers = array(
20 'x-frame-options' => array('X-Frame-Options', 'hh_x_frame_options', 'security'),
21 'x-xss-protection' => array('X-XSS-Protection', 'hh_x_xxs_protection', 'security'),
22 'x-content-type-options' => array('X-Content-Type-Options', 'hh_x_content_type_options', 'security'),
23 'x-ua-compatible' => array('X-UA-Compatible', 'hh_x_ua_compatible', 'misc'),
24 'strict-transport-security' => array('Strict-Transport-Security', 'hh_strict_transport_security', 'security'),
25 'p3p' => array('P3P', 'hh_p3p', 'access-control'),
26 'referrer-policy' => array('Referrer-Policy', 'hh_referrer_policy', 'security'),
27 'content-security-policy' => array('Content-Security-Policy', 'hh_content_security_policy', 'security'),
28 'access-control-allow-origin' => array('Access-Control-Allow-Origin', 'hh_access_control_allow_origin', 'access-control'),
29 'access-control-allow-credentials' => array('Access-Control-Allow-Credentials', 'hh_access_control_allow_credentials', 'access-control'),
30 'access-control-max-age' => array('Access-Control-Max-Age', 'hh_access_control_max_age', 'access-control'),
31 'access-control-allow-methods' => array('Access-Control-Allow-Methods', 'hh_access_control_allow_methods', 'access-control'),
32 'access-control-allow-headers' => array('Access-Control-Allow-Headers', 'hh_access_control_allow_headers', 'access-control'),
33 'access-control-expose-headers' => array('Access-Control-Expose-Headers', 'hh_access_control_expose_headers', 'access-control'),
34 'content-encoding' => array('Content-Encoding', 'hh_content_encoding', 'compression'),
35 'vary' => array('Vary', 'hh_vary', 'compression'),
36 'x-powered-by' => array('X-Powered-By', 'hh_x_powered_by', 'misc'),
37 'www-authenticate' => array('WWW-Authenticate', 'hh_www_authenticate', 'authentication'),
38 'cache-control' => array('Cache-Control', 'hh_cache_control', 'caching'),
39 'expires' => array('Expires', 'hh_expires', 'caching'),
40 'pragma' => array('Pragma', 'hh_pragma', 'caching'),
41 'age' => array('Age', 'hh_age', 'caching'),
42 'connection' => array('Connection', 'hh_connection', 'misc'),
43 'cookie-security' => array('Cookie security', 'hh_cookie_security', 'security'),
44 'expect-ct' => array('Expect-CT', 'hh_expect_ct', 'security'),
45 'timing-allow-origin' => array('Timing-Allow-Origin', 'hh_timing_allow_origin', 'access-control'),
46 'custom-headers' => array('Custom headers', 'hh_custom_headers', 'misc'),
47 'x-dns-prefetch-control' => array('X-DNS-Prefetch-Control', 'hh_x_dns_prefetch_control', 'security'),
48 'x-download-options' => array('X-Download-Options', 'hh_x_download_options', 'security'),
49 'x-permitted-cross-domain-policies' => array('X-Permitted-Cross-Domain-Policies', 'hh_x_permitted_cross_domain_policies', 'security'),
50 'report-to' => array('Report-To', 'hh_report_to', 'security'),
51 'feature-policy' => array('Feature-Policy', 'hh_feature_policy', 'security'),
52 'permissions-policy' => array('Permissions-Policy', 'hh_permissions_policy', 'security'),
53 'clear-site-data' => array('Clear-Site-Data', 'hh_clear_site_data', 'security'),
54 'content-type' => array('Content-Type', 'hh_content_type', 'misc'),
55 'cross-origin-resource-policy' => array('Cross-Origin-Resource-Policy', 'hh_cross_origin_resource_policy', 'security'),
56 'nel' => array('NEL', 'hh_nel', 'misc'),
57 'cross-origin-embedder-policy' => array('Cross-Origin-Embedder-Policy', 'hh_cross_origin_embedder_policy', 'security'),
58 'cross-origin-opener-policy' => array('Cross-Origin-Opener-Policy', 'hh_cross_origin_opener_policy', 'security'),
59 'x-robots-tag' => array('X-Robots-Tag', 'hh_x_robots_tag', 'misc'),
60 );
61
62 $headers_list = array(
63 'Accept',
64 'Accept-Charset',
65 'Accept-Encoding',
66 'Accept-Language',
67 'Accept-Datetime',
68 'Authorization',
69 'Cache-Control',
70 'Connection',
71 'Permanent',
72 'Cookie',
73 'Content-Length',
74 'Content-MD5',
75 'Content-Type',
76 'Date',
77 'Expect',
78 'Forwarded',
79 'From',
80 'Host',
81 'Permanent',
82 'If-Match',
83 'If-Modified-Since',
84 'If-None-Match',
85 'If-Range',
86 'If-Unmodified-Since',
87 'Max-Forwards',
88 'Origin',
89 'Pragma',
90 'Proxy-Authorization',
91 'Range',
92 'Referer',
93 'TE',
94 'User-Agent',
95 'Upgrade',
96 'Via',
97 'Warning',
98 'X-Requested-With',
99 'DNT',
100 'X-Forwarded-For',
101 'X-Forwarded-Host',
102 'X-Forwarded-Proto',
103 'Front-End-Https',
104 'X-Http-Method-Override',
105 'X-ATT-DeviceId',
106 'X-Wap-Profile',
107 'Proxy-Connection',
108 'X-UIDH',
109 'X-Csrf-Token',
110 'X-PINGOTHER',
111 'X-WP-Nonce',
112 );
113
114 $cors_safe_request_headers = array(
115 'Accept',
116 'Accept-Language',
117 'Content-Language',
118 'Content-Type',
119 );
120
121 $cors_safe_response_headers = array(
122 'Cache-Control',
123 'Content-Language',
124 'Content-Type',
125 'Expires',
126 'Last-Modified',
127 'Pragma',
128 );
...\ No newline at end of file ...\ No newline at end of file
1 <input type="checkbox"
2 name="hh_content_security_policy_value[<?php echo $item; ?>]"
3 value="1"<?php echo isset($csp_value[$item]) ? ' checked' : NULL; ?>
4 class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 $sandbox = array(
3 'allow-forms',
4 'allow-same-origin',
5 'allow-scripts',
6 'allow-popups',
7 'allow-modals',
8 'allow-downloads',
9 'allow-orientation-lock',
10 'allow-pointer-lock',
11 'allow-presentation',
12 'allow-popups-to-escape-sandbox',
13 'allow-top-navigation',
14 'allow-top-navigation-by-user-activation',
15 );
16 foreach ($sandbox as $origin)
17 {
18 ?>
19 <p>
20 <input type="checkbox"
21 name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
22 id="csp-<?php echo $item; ?>-<?php echo $origin; ?>"
23 value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
24 class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
25 <label for="csp-<?php echo $item; ?>-<?php echo $origin; ?>"><?php echo $origin; ?></label>
26 </p>
27 <?php
28 }
29 ?>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 $origins = array(
3 'wildcard' => '*',
4 'self' => "'self'",
5 'none' => "'none'",
6 'unsafe-inline' => "'unsafe-inline'",
7 'unsafe-eval' => "'unsafe-eval'",
8 'strict-dynamic' => "'strict-dynamic'",
9 'report-sample' => "'report-sample'",
10 'http' => 'http:',
11 'https' => 'https:',
12 'data' => 'data:',
13 'mediastream' => 'mediastream:',
14 'blob' => 'blob:',
15 'filesystem' => 'filesystem:',
16 );
17
18 foreach ($origins as $k => $origin)
19 {
20 ?>
21 <p<?php echo $origin == '*' || !isset($csp_value[$item]['*']) ? NULL : ' style="display: none"'; ?>>
22 <input type="checkbox"
23 name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
24 id="csp-<?php echo $item; ?>-<?php echo $k; ?>"
25 value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
26 class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
27 <label for="csp-<?php echo $item; ?>-<?php echo $k; ?>"><?php echo $origin; ?></label>
28 </p>
29 <?php
30 }
31
32 switch ($item) {
33 case 'script-src':
34 $host_sources = array(
35 'js.example.com',
36 'http://js.example.com',
37 'https://js.example.com',
38 );
39 break;
40 case 'style-src':
41 $host_sources = array(
42 'css.example.com',
43 'http://css.example.com',
44 'https://css.example.com',
45 );
46 break;
47 case 'img-src':
48 $host_sources = array(
49 'img.example.com',
50 'http://img.example.com',
51 'https://img.example.com',
52 );
53 break;
54 case 'font-src':
55 $host_sources = array(
56 'font.example.com',
57 'http://font.example.com',
58 'https://font.example.com',
59 );
60 break;
61 case 'default-src':
62 $host_sources = array(
63 'http://*.example.com',
64 'mail.example.com:443',
65 'https://assets.example.com',
66 'cdn.example.com',
67 );
68 break;
69 default:
70 $host_sources = array(
71 'https://store.example.com',
72 'store.example.com',
73 '*.example.com',
74 );
75 }
76 shuffle($host_sources);
77 ?>
78 <p<?php echo !isset($csp_value[$item]['*']) ? NULL : ' style="display: none"'; ?>>
79 <input type="text"
80 name="hh_content_security_policy_value[<?php echo $item; ?>][source]"
81 class="http-header-value"
82 size="40"
83 placeholder="<?php echo $host_sources[0]; ?>"
84 value="<?php echo esc_attr(@$csp_value[$item]['source']); ?>"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>
85 </p>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 $origins = array(
3 'script',
4 'style',
5 );
6
7 foreach ($origins as $origin)
8 {
9 ?>
10 <p>
11 <input type="checkbox"
12 name="hh_content_security_policy_value[<?php echo $item; ?>][<?php echo $origin; ?>]"
13 id="csp-<?php echo $item; ?>-<?php echo $origin; ?>"
14 value="1"<?php echo isset($csp_value[$item][$origin]) ? ' checked' : NULL; ?>
15 class="http-header-value"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
16 <label for="csp-<?php echo $item; ?>-<?php echo $origin; ?>"><?php echo $origin; ?></label>
17 </p>
18 <?php
19 }
20 ?>
...\ No newline at end of file ...\ No newline at end of file
1 <input type="text" name="hh_content_security_policy_value[<?php echo $item; ?>]" class="http-header-value" size="40"
2 value="<?php echo esc_attr(@$csp_value[$item]); ?>"<?php echo $content_security_policy == 1 ? NULL : ' readonly'; ?>>
3 <?php
4 if ($item == 'plugin-types')
5 {
6 ?>
7 <br>
8 <em>Example: application/x-shockwave-flash application/x-java-applet</em>
9 <?php
10 }
11 ?>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 return array(
3 array('hh_method', 'htaccess'),
4 array('hh_htaccess_path', str_replace('\\', '/', ABSPATH) . '.htaccess'),
5 array('hh_user_ini_path', str_replace('\\', '/', ABSPATH) . '.user.ini'),
6 array('hh_htpasswd_path', str_replace('\\', '/', ABSPATH) . '.hh-htpasswd'),
7 array('hh_htdigest_path', str_replace('\\', '/', ABSPATH) . '.hh-htdigest'),
8 array('hh_x_frame_options', 0),
9 array('hh_x_frame_options_value', ''),
10 array('hh_x_frame_options_domain', ''),
11 array('hh_x_xxs_protection', 0),
12 array('hh_x_xxs_protection_value', ''),
13 array('hh_x_xxs_protection_uri', ''),
14 array('hh_x_content_type_options', 0),
15 array('hh_x_content_type_options_value', ''),
16 array('hh_strict_transport_security', 0),
17 array('hh_strict_transport_security_value', ''), //obsolete
18 array('hh_strict_transport_security_max_age', ''),
19 array('hh_strict_transport_security_sub_domains', ''),
20 array('hh_strict_transport_security_preload', ''),
21 array('hh_public_key_pins', 0),
22 array('hh_public_key_pins_sha256_1', ''),
23 array('hh_public_key_pins_sha256_2', ''),
24 array('hh_public_key_pins_max_age', ''),
25 array('hh_public_key_pins_sub_domains', ''),
26 array('hh_public_key_pins_report_uri', ''),
27 array('hh_public_key_pins_report_only', ''),
28 array('hh_x_ua_compatible', 0),
29 array('hh_x_ua_compatible_value', ''),
30 array('hh_p3p', 0),
31 array('hh_p3p_value', ''),
32 array('hh_referrer_policy', 0),
33 array('hh_referrer_policy_value', ''),
34 array('hh_content_security_policy', 0),
35 array('hh_content_security_policy_value', ''),
36 array('hh_content_security_policy_report_only', ''),
37 array('hh_access_control_allow_origin', 0),
38 array('hh_access_control_allow_origin_value', ''),
39 array('hh_access_control_allow_origin_url', ''),
40 array('hh_access_control_allow_credentials', 0),
41 array('hh_access_control_allow_credentials_value', ''),
42 array('hh_access_control_allow_methods', 0),
43 array('hh_access_control_allow_methods_value', ''),
44 array('hh_access_control_allow_headers', 0),
45 array('hh_access_control_allow_headers_value', ''),
46 array('hh_access_control_allow_headers_custom', ''),
47 array('hh_access_control_expose_headers', 0),
48 array('hh_access_control_expose_headers_value', ''),
49 array('hh_access_control_expose_headers_custom', ''),
50 array('hh_access_control_max_age', 0),
51 array('hh_access_control_max_age_value', ''),
52 array('hh_content_encoding', 0),
53 array('hh_content_encoding_module', ''),
54 array('hh_content_encoding_value', ''),
55 array('hh_content_encoding_ext', ''),
56 array('hh_vary', 0),
57 array('hh_vary_value', ''),
58 array('hh_x_powered_by', 0),
59 array('hh_x_powered_by_option', ''),
60 array('hh_x_powered_by_value', ''),
61 array('hh_www_authenticate', 0),
62 array('hh_www_authenticate_type', ''),
63 array('hh_www_authenticate_realm', ''),
64 array('hh_www_authenticate_user', ''),
65 array('hh_www_authenticate_pswd', ''),
66 array('hh_cache_control', 0),
67 array('hh_cache_control_value', ''),
68 array('hh_age', 0),
69 array('hh_age_value', ''),
70 array('hh_pragma', 0),
71 array('hh_pragma_value', ''),
72 array('hh_expires', 0),
73 array('hh_expires_value', ''),
74 array('hh_expires_type', ''),
75 array('hh_connection', 0),
76 array('hh_connection_value', ''),
77 array('hh_cookie_security', 0),
78 array('hh_cookie_security_value', ''),
79 array('hh_expect_ct', 0),
80 array('hh_expect_ct_max_age', ''),
81 array('hh_expect_ct_report_uri', ''),
82 array('hh_expect_ct_enforce', ''),
83 array('hh_timing_allow_origin', 0),
84 array('hh_timing_allow_origin_value', ''),
85 array('hh_timing_allow_origin_url', ''),
86 array('hh_x_permitted_cross_domain_policies', 0),
87 array('hh_x_permitted_cross_domain_policies_value', ''),
88 array('hh_x_download_options', 0),
89 array('hh_x_download_options_value', ''),
90 array('hh_x_dns_prefetch_control', 0),
91 array('hh_x_dns_prefetch_control_value', ''),
92 array('hh_custom_headers', 0),
93 array('hh_custom_headers_value', ''),
94 array('hh_report_to', 0),
95 array('hh_report_to_value', ''),
96 array('hh_feature_policy', 0),
97 array('hh_feature_policy_feature', ''),
98 array('hh_feature_policy_origin', ''),
99 array('hh_feature_policy_value', ''),
100 array('hh_permissions_policy', 0),
101 array('hh_permissions_policy_feature', ''),
102 array('hh_permissions_policy_origin', ''),
103 array('hh_permissions_policy_value', ''),
104 array('hh_clear_site_data', 0),
105 array('hh_clear_site_data_value', ''),
106 array('hh_content_type', 0),
107 array('hh_content_type_value', ''),
108 array('hh_content_nel', 0),
109 array('hh_content_nel_value', ''),
110 array('hh_x_robots_tag', 0),
111 array('hh_x_robots_tag_value', ''),
112 );
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <div class="wrap">
7 <h1>HTTP Headers</h1>
8 <?php
9 $check = check_web_server_requirements();
10 if ($check !== true) {
11 ?>
12 <div class="notice notice-error">
13 <h2><?php _e('Error!', 'http-headers'); ?></h2>
14 <?php
15 if ($check == -1) {
16 ?><p><?php _e('The following file was not found. Please make sure the file exists and has write permissions:', 'http-headers'); ?> <code><?php echo get_web_server_filename(); ?></code></p><?php
17 } elseif ($check == -2) {
18 ?><p><?php _e('Please make sure the following file has write permissions:', 'http-headers'); ?> <code><?php echo get_web_server_filename(); ?></code></p><?php
19 }
20 ?>
21 </div>
22 <?php
23 }
24 $check = check_php_requirements();
25 if ($check !== true) {
26 ?>
27 <div class="notice notice-warning">
28 <h2><?php _e('Warning!', 'http-headers'); ?></h2>
29 <?php
30 if ($check == -1) {
31 ?><p><?php _e('The following file was not found. Please make sure the file exists and has write permissions:', 'http-headers'); ?> <code><?php echo get_user_ini_filename(); ?></code></p><?php
32 } elseif ($check == -2) {
33 ?><p><?php _e('Please make sure the following file has write permissions:', 'http-headers'); ?> <code><?php echo get_user_ini_filename(); ?></code></p><?php
34 }
35 ?>
36 </div>
37 <?php
38 }
39 ?>
40 <p><?php _e('Quick links', 'http-headers'); ?>:
41 <a href="https://zinoui.com/blog/http-headers-for-wordpress" target="_blank" title="HTTP Headers"><?php _e('Getting started', 'http-headers'); ?></a>,
42 <a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=advanced"><?php _e('Advanced settings', 'http-headers'); ?></a>,
43 <a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=manual"><?php _e('Manual setup', 'http-headers'); ?></a>,
44 <a href="<?php echo get_admin_url(); ?>options-general.php?page=http-headers&amp;tab=inspect"><?php _e('Inspect headers', 'http-headers'); ?></a>
45 </p>
46 <?php
47 if (isset($_GET['header']) && !empty($_GET['header']))
48 {
49 include dirname(__FILE__) . '/header.php';
50 } elseif (isset($_GET['tab']) && $_GET['tab'] == 'advanced') {
51 include dirname(__FILE__) . '/advanced.php';
52 } elseif (isset($_GET['tab']) && $_GET['tab'] == 'manual') {
53 include dirname(__FILE__) . '/manual.php';
54 } elseif (isset($_GET['tab']) && $_GET['tab'] == 'inspect') {
55 include dirname(__FILE__) . '/inspect.php';
56 } elseif (isset($_GET['category'])) {
57 include dirname(__FILE__) . '/category.php';
58 } else {
59 include dirname(__FILE__) . '/dashboard.php';
60 }
61 ?>
62 </div>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 include dirname(__FILE__) . '/includes/config.inc.php';
6 include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
7 ?>
8 <section class="hh-panel">
9 <h3><span class="hh-highlight"><?php _e('Inspect headers', 'http-headers'); ?></span></h3>
10 <p><?php _e("Use this tool to inspect the HTTP headers of your website or your competitor's website.", 'http-headers'); ?></p>
11 <div class="form-wrap">
12 <form action="<?php echo admin_url('admin-ajax.php'); ?>" method="get" id="frmIspect">
13 <?php wp_nonce_field('inspect'); ?>
14 <input type="hidden" name="action" value="inspect">
15 <div class="form-row">
16 <div class="form-field form-col-6">
17 <label class="form-label">URL:</label>
18 <input type="text" name="url" size="40" placeholder="<?php echo home_url('/'); ?>" value="<?php echo home_url('/'); ?>">
19 </div>
20 <div class="form-field form-col-6">
21 <label class="form-label">&nbsp;</label>
22 <label><input type="checkbox" name="authentication" id="authentication"><?php _e('Authentication', 'http-headers'); ?></label>
23 </div>
24 </div>
25 <div id="box-authentication" style="display: none">
26 <div class="form-row">
27 <div class="form-field form-col-6">
28 <label class="form-label" for="username"><?php _e('Username', 'http-headers'); ?>:</label>
29 <input type="text" name="username">
30 </div>
31 <div class="form-field form-col-6">
32 <label class="form-label" for="password"><?php _e('Password', 'http-headers'); ?>:</label>
33 <input type="text" name="password">
34 </div>
35 </div>
36 </div>
37 <?php submit_button(__('Inspect', 'http-headers')); ?>
38 </form>
39 </div>
40 </section>
41
42 <div id="hh-result"></div>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 include dirname(__FILE__) . '/includes/breadcrumbs.inc.php';
6 ?>
7 <div class="hh-tabs">
8 <ul>
9 <li class="hh-active"><a href="#hh-tab-1">Apache</a></li>
10 <li><a href="#hh-tab-2">Nginx</a></li>
11 </ul>
12 <div id="hh-tab-1" class="hh-tab-active">
13 <h3><span class="hh-highlight"><?php echo get_htaccess_filename(); ?></span></h3>
14 <textarea class="hh-textarea-manual" rows="20" readonly><?php
15 $lines = apache_headers_directives();
16 if ($lines)
17 {
18 echo join("\n", $lines);
19 echo "\n\n";
20 }
21
22 $lines = apache_auth_directives();
23 if ($lines)
24 {
25 echo join("\n", $lines);
26 echo "\n\n";
27 }
28
29 $lines = apache_content_encoding_directives();
30 if ($lines)
31 {
32 echo join("\n", $lines);
33 echo "\n\n";
34 }
35
36 $lines = apache_expires_directives();
37 if ($lines)
38 {
39 echo join("\n", $lines);
40 echo "\n\n";
41 }
42
43 $lines = apache_cookie_security_directives();
44 if ($lines)
45 {
46 echo join("\n", $lines);
47 echo "\n\n";
48 }
49
50 $lines = apache_timing_directives();
51 echo join("\n", $lines);
52 ?></textarea>
53 <?php
54 $credentials = apache_auth_credentials();
55 if ($credentials)
56 {
57 ?>
58 <h3><span class="hh-highlight"><?php echo $credentials['ht_file']; ?></span></h3>
59 <textarea class="hh-textarea-manual" rows="5" readonly><?php
60 echo $credentials['auth'];
61 ?></textarea><?php
62 }
63 ?>
64 </div>
65 <div id="hh-tab-2" class="hh-hidden">
66 <textarea class="hh-textarea-manual" rows="20" readonly><?php
67 $lines = nginx_headers_directives();
68 if ($lines)
69 {
70 echo join("\n", $lines);
71 echo "\n\n";
72 }
73
74 $lines = nginx_auth_directives();
75 if ($lines)
76 {
77 echo join("\n", $lines);
78 echo "\n\n";
79 }
80
81 $lines = nginx_content_encoding_directives();
82 if ($lines)
83 {
84 echo join("\n", $lines);
85 echo "\n\n";
86 }
87
88 $lines = nginx_expires_directives();
89 if ($lines)
90 {
91 echo join("\n", $lines);
92 echo "\n\n";
93 }
94
95 $lines = nginx_cookie_security_directives();
96 if ($lines)
97 {
98 echo join("\n", $lines);
99 echo "\n\n";
100 }
101
102 $lines = nginx_timing_directives();
103 if ($lines)
104 {
105 echo join("\n", $lines);
106 echo "\n\n";
107 }
108 ?></textarea>
109 <?php
110 $credentials = nginx_auth_credentials();
111 if ($credentials)
112 {
113 ?>
114 <h3><span class="hh-highlight"><?php echo $credentials['ht_file']; ?></span></h3>
115 <textarea class="hh-textarea-manual" rows="5" readonly><?php
116 echo $credentials['auth'];
117 ?></textarea><?php
118 }
119 ?>
120 </div>
121 </div>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">NEL
8 <p class="description"><?php _e('Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">NEL</legend>
17 <?php
18 $nel = get_option('hh_nel', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_nel" value="<?php echo $k; ?>"<?php checked($nel, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-nel' ); ?>
28 <?php do_settings_sections( 'http-headers-nel' ); ?>
29 <?php
30 $nel_value = get_option('hh_nel_value', array());
31
32 $report_to = isset($nel_value['report_to']) ? $nel_value['report_to'] : NULL;
33 $max_age = isset($nel_value['max_age']) ? $nel_value['max_age'] : NULL;
34 $include_subdomains = isset($nel_value['include_subdomains']) ? $nel_value['include_subdomains'] : NULL;
35 $success_fraction = isset($nel_value['success_fraction']) ? $nel_value['success_fraction'] : NULL;
36 $failure_fraction = isset($nel_value['failure_fraction']) ? $nel_value['failure_fraction'] : NULL;
37 $request_headers = isset($nel_value['request_headers']) ? $nel_value['request_headers'] : NULL;
38 $response_headers = isset($nel_value['response_headers']) ? $nel_value['response_headers'] : NULL;
39 ?>
40 <table>
41 <tr>
42 <td>report_to:</td>
43 <td><input type="text" class="http-header-value" name="hh_nel_value[report_to]" value="<?php echo esc_attr($report_to); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
44 </tr>
45 <tr>
46 <td>max_age:</td>
47 <td><select name="hh_nel_value[max_age]" class="http-header-value"<?php echo $nel == 1 ? NULL : ' readonly'; ?>>
48 <?php
49 $items = array('3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year');
50 foreach ($items as $key => $item) {
51 ?><option value="<?php echo $key; ?>"<?php selected($max_age, $key); ?>><?php echo $item; ?></option><?php
52 }
53 ?>
54 </select></td>
55 </tr>
56 <tr>
57 <td>include_subdomains:</td>
58 <td><input type="checkbox" class="http-header-value" name="hh_nel_value[include_subdomains]" value="1"<?php checked($include_subdomains, 1, true); ?><?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
59 </tr>
60 <tr>
61 <td>success_fraction:</td>
62 <td><input type="number" class="http-header-value" name="hh_nel_value[success_fraction]" value="<?php echo esc_attr($success_fraction); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?> min="0.0" max="1.0" step="0.1"></td>
63 </tr>
64 <tr>
65 <td>failure_fraction:</td>
66 <td><input type="number" class="http-header-value" name="hh_nel_value[failure_fraction]" value="<?php echo esc_attr($failure_fraction); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?> min="0.0" max="1.0" step="0.1"></td>
67 </tr>
68 <tr>
69 <td>request_headers:</td>
70 <td><input type="text" class="http-header-value" name="hh_nel_value[request_headers]" value="<?php echo esc_attr($request_headers); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
71 </tr>
72 <tr>
73 <td>response_headers:</td>
74 <td><input type="text" class="http-header-value" name="hh_nel_value[response_headers]" value="<?php echo esc_attr($response_headers); ?>"<?php echo $nel == 1 ? NULL : ' readonly'; ?>></td>
75 </tr>
76 </table>
77 </td>
78 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">P3P
8 <p class="description"><?php _e('The Platform for Privacy Preferences Project (P3P) is a protocol allowing websites to declare their intended use of information they collect about web browser users.', 'http-headers'); ?></p>
9 </th>
10 <td>
11 <fieldset>
12 <legend class="screen-reader-text">P3P</legend>
13 <?php
14 $p3p = get_option('hh_p3p', 0);
15 foreach ($bools as $k => $v)
16 {
17 ?><p><label><input type="radio" class="http-header" name="hh_p3p" value="<?php echo $k; ?>"<?php checked($p3p, $k); ?> /> <?php echo $v; ?></label></p><?php
18 }
19 ?>
20 </fieldset>
21 </td>
22 <td>
23 <?php settings_fields( 'http-headers-p3p' ); ?>
24 <?php do_settings_sections( 'http-headers-p3p' ); ?>
25 <?php
26 $p3p_value = get_option('hh_p3p_value');
27 if (!$p3p_value)
28 {
29 $p3p_value = array();
30 }
31 $in_creq = array('ADM', 'DEV', 'TAI', 'PSA', 'PSD', 'IVA', 'IVD', 'CON', 'HIS', 'TEL', 'OTP', 'DEL', 'SAM', 'UNR', 'PUB', 'OTR',);
32 $creq = array('a', 'i', 'o');
33 ?>
34 <table>
35 <tbody>
36 <tr>
37 <td>Compact ACCESS</td>
38 <td class="hh-td-inner">
39 <table><tbody><tr><?php
40 $items = array('NOI', 'ALL', 'CAO', 'IDC', 'OTI', 'NON');
41 foreach ($items as $i => $item) {
42 if ($i > 0 && $i % 4 === 0) {
43 ?></tr><tr><?php
44 }
45 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
46 }
47 ?></tr></tbody></table>
48 </td>
49 </tr>
50 <tr>
51 <td>Compact DISPUTES</td>
52 <td class="hh-td-inner">
53 <table><tbody><tr><?php
54 $items = array('DSP');
55 foreach ($items as $i => $item) {
56 if ($i > 0 && $i % 4 === 0) {
57 ?></tr><tr><?php
58 }
59 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
60 }
61 ?></tr></tbody></table>
62 </td>
63 </tr>
64 <tr>
65 <td>Compact REMEDIES</td>
66 <td class="hh-td-inner">
67 <table><tbody><tr><?php
68 $items = array('COR', 'MON', 'LAW');
69 foreach ($items as $i => $item) {
70 if ($i > 0 && $i % 4 === 0) {
71 ?></tr><tr><?php
72 }
73 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
74 }
75 ?></tr></tbody></table>
76 </td>
77 </tr>
78 <tr>
79 <td>Compact NON-IDENTIFIABLE</td>
80 <td class="hh-td-inner">
81 <table><tbody><tr><?php
82 $items = array('NID');
83 foreach ($items as $i => $item) {
84 if ($i > 0 && $i % 4 === 0) {
85 ?></tr><tr><?php
86 }
87 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
88 }
89 ?></tr></tbody></table>
90 </td>
91 </tr>
92 <tr>
93 <td>Compact PURPOSE</td>
94 <td class="hh-td-inner">
95 <table><tbody><tr><?php
96 $items = array('CUR', 'ADM', 'DEV', 'TAI', 'PSA', 'PSD', 'IVA', 'IVD', 'CON', 'HIS', 'TEL', 'OTP');
97 foreach ($items as $i => $item) {
98 if ($i > 0 && $i % 4 === 0) {
99 ?></tr><tr><?php
100 }
101 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
102 }
103 ?></tr></tbody></table>
104 </td>
105 </tr>
106 <tr>
107 <td>Compact RECIPIENT</td>
108 <td class="hh-td-inner">
109 <table><tbody><tr><?php
110 $items = array('OUR', 'DEL', 'SAM', 'UNR', 'PUB', 'OTR');
111 foreach ($items as $i => $item) {
112 if ($i > 0 && $i % 4 === 0) {
113 ?></tr><tr><?php
114 }
115 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
116 }
117 ?></tr></tbody></table>
118 </td>
119 </tr>
120 <tr>
121 <td>Compact RETENTION</td>
122 <td class="hh-td-inner">
123 <table><tbody><tr><?php
124 $items = array('NOR', 'STP', 'LEG', 'BUS', 'IND');
125 foreach ($items as $i => $item) {
126 if ($i > 0 && $i % 4 === 0) {
127 ?></tr><tr><?php
128 }
129 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
130 }
131 ?></tr></tbody></table>
132 </td>
133 </tr>
134 <tr>
135 <td>Compact CATEGORIES</td>
136 <td class="hh-td-inner">
137 <table><tbody><tr><?php
138 $items = array('PHY', 'ONL', 'UNI', 'PUR', 'FIN', 'COM', 'NAV', 'INT', 'DEM', 'CNT', 'STA', 'POL', 'HEA', 'PRE', 'LOC', 'GOV', 'OTC');
139 foreach ($items as $i => $item) {
140 if ($i > 0 && $i % 4 === 0) {
141 ?></tr><tr><?php
142 }
143 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
144 }
145 ?></tr></tbody></table>
146 </td>
147 </tr>
148 <tr>
149 <td>Compact TEST</td>
150 <td class="hh-td-inner">
151 <table><tbody><tr><?php
152 $items = array('TST');
153 foreach ($items as $i => $item) {
154 if ($i > 0 && $i % 4 === 0) {
155 ?></tr><tr><?php
156 }
157 ?><td><label><input type="checkbox" class="http-header-value" name="hh_p3p_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $p3p_value) ? NULL : ' checked'; ?><?php echo $p3p == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></td><?php
158 }
159 ?></tr></tbody></table>
160 </td>
161 </tr>
162 </tbody>
163 </table>
164
165 </td>
166 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Permissions-Policy
8 <p class="description"><?php _e('Permissions Policy is a web platform API which gives a website the ability to allow or block the use of browser features in its own frame or in iframes that it embeds.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://www.w3.org/TR/permissions-policy-1/"><?php _e('W3C Working Draft', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Permissions-Policy</legend>
17 <?php
18 $permissions_policy = get_option('hh_permissions_policy', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_permissions_policy" value="<?php echo $k; ?>"<?php checked($permissions_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-pp' ); ?>
28 <?php do_settings_sections( 'http-headers-pp' ); ?>
29 <table>
30 <tbody>
31 <?php
32 # https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md
33 $features = array(
34 'accelerometer',
35 'ambient-light-sensor',
36 'autoplay',
37 'battery',
38 'camera',
39 'cross-origin-isolated',
40 'display-capture',
41 'document-domain',
42 'encrypted-media',
43 'execution-while-not-rendered',
44 'execution-while-out-of-viewport',
45 'fullscreen',
46 'geolocation',
47 'gyroscope',
48 'interest-cohort',
49 'layout-animations',
50 'legacy-image-formats',
51 'magnetometer',
52 'microphone',
53 'midi',
54 'navigation-override',
55 'oversized-images',
56 'payment',
57 'picture-in-picture',
58 'publickey-credentials-get',
59 'screen-wake-lock',
60 'sync-script',
61 'sync-xhr',
62 'usb',
63 'vertical-scroll',
64 'web-share',
65 'wake-lock',
66 'xr-spatial-tracking',
67 );
68 $origins = array('none', 'self', '*', 'origin(s)');
69
70 $permissions_policy_value = get_option('hh_permissions_policy_value');
71 $permissions_policy_feature = get_option('hh_permissions_policy_feature');
72 $permissions_policy_origin = get_option('hh_permissions_policy_origin');
73 if (!$permissions_policy_value)
74 {
75 $permissions_policy_value = array();
76 }
77 if (!$permissions_policy_feature)
78 {
79 $permissions_policy_feature = array();
80 }
81 if (!$permissions_policy_origin)
82 {
83 $permissions_policy_origin = array();
84 }
85
86 foreach ($features as $feature)
87 {
88 ?>
89 <tr>
90 <td><input type="checkbox" name="hh_permissions_policy_feature[<?php echo $feature; ?>]" class="http-header-value"
91 value="1"<?php echo !is_array($permissions_policy_feature) || !array_key_exists($feature, $permissions_policy_feature) ? NULL : ' checked'; ?><?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>></td>
92 <td><?php echo $feature; ?></td>
93 <td>
94 <select name="hh_permissions_policy_value[<?php echo $feature; ?>]"
95 class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
96 <?php
97 foreach ($origins as $origin)
98 {
99 ?><option value="<?php echo $origin; ?>"<?php selected(@$permissions_policy_value[$feature], $origin); ?>><?php echo $origin; ?></option><?php
100 }
101 ?>
102 </select>
103 <input type="text" name="hh_permissions_policy_origin[<?php echo $feature; ?>]"
104 value="<?php echo htmlspecialchars( @$permissions_policy_origin[$feature] ); ?>" size="30"<?php echo isset($permissions_policy_value[$feature]) && in_array($permissions_policy_value[$feature], array('origin(s)', 'self')) ? NULL : ' style="display: none"'; ?>
105 class="http-header-value"<?php echo $permissions_policy == 1 ? NULL : ' readonly'; ?>>
106 </td>
107 </tr>
108 <?php
109 }
110 ?>
111 </tbody>
112 </table>
113 </td>
114 </td>
115 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Pragma
8 <p class="description"><?php _e('The Pragma HTTP/1.0 general header is an implementation-specific header that may have various effects along the request-response chain. It is used for backwards compatibility with HTTP/1.0 caches where the Cache-Control HTTP/1.1 header is not yet present.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Pragma</legend>
17 <?php
18 $pragma = get_option('hh_pragma', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_pragma" value="<?php echo $k; ?>"<?php checked($pragma, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-pra' ); ?>
28 <?php do_settings_sections( 'http-headers-pra' ); ?>
29 <select name="hh_pragma_value" class="http-header-value"<?php echo $pragma == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('no-cache');
32 $pragma_value = get_option('hh_pragma_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($pragma_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Referrer-Policy
8 <p class="description"><?php _e('The Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included with requests made.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Referrer-Policy</legend>
17 <?php
18 $referrer_policy = get_option('hh_referrer_policy', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_referrer_policy" value="<?php echo $k; ?>"<?php checked($referrer_policy, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-rp' ); ?>
28 <?php do_settings_sections( 'http-headers-rp' ); ?>
29 <select name="hh_referrer_policy_value" class="http-header-value"<?php echo $referrer_policy == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array("", "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "strict-origin", "origin-when-cross-origin", "strict-origin-when-cross-origin", "unsafe-url");
32 $referrer_policy_value = get_option('hh_referrer_policy_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($referrer_policy_value, $item); ?>><?php echo !empty($item) ? $item : '(empty string)'; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Report-To
8 <p class="description"><?php _e('The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.', 'http-headers'); ?></p>
9 </th>
10 <td>
11 <fieldset>
12 <legend class="screen-reader-text">Report-To</legend>
13 <?php
14 $report_to = get_option('hh_report_to', 0);
15 foreach ($bools as $k => $v)
16 {
17 ?><p><label><input type="radio" class="http-header" name="hh_report_to" value="<?php echo $k; ?>"<?php checked($report_to, $k, true); ?> /> <?php echo $v; ?></label></p><?php
18 }
19 ?>
20 </fieldset>
21 <?php settings_fields( 'http-headers-rt' ); ?>
22 <?php do_settings_sections( 'http-headers-rt' ); ?>
23 </td>
24 </tr>
25 <?php
26 $default_value = array(
27 array(
28 'endpoints' => array(),
29 'group' => '',
30 'max_age' => '',
31 )
32 );
33 $report_to_value = get_option('hh_report_to_value');
34 if (!is_array($report_to_value) || empty($report_to_value))
35 {
36 $report_to_value = $default_value;
37 }
38 ?>
39 <tr>
40 <td colspan="2">
41 <div style="max-width: 1024px; overflow-x: auto">
42 <table class="hh-bordered hh-p-sm">
43 <tr>
44 <th rowspan="2" class="hh-center hh-middle">group</th>
45 <th rowspan="2" class="hh-center hh-middle">max_age</th>
46 <th rowspan="2" class="hh-center hh-middle">include_subdomains</th>
47 <th colspan="3" class="hh-center">endpoints</th>
48 <th>&nbsp;</th>
49 <th>&nbsp;</th>
50 </tr>
51 <tr>
52 <th class="hh-center">url</th>
53 <th class="hh-center">priority</th>
54 <th class="hh-center">weight</th>
55 <th>&nbsp;</th>
56 <th>&nbsp;</th>
57 </tr>
58 <?php
59 $items = array('0' => '0 (Delete entire reporting cache)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years');
60 $i = 0;
61 foreach ($report_to_value as $item)
62 {
63 if (isset($item['endpoints']) && !empty($item['endpoints']))
64 {
65 $cnt = count($item['endpoints']);
66 $c = 0;
67 foreach ($item['endpoints'] as $k => $v)
68 {
69 $classes = array();
70 if ($c == 0)
71 {
72 if ($i == 0)
73 {
74 $classes[] = 'hh-tr-first';
75 }
76 $classes[] = 'hh-tr-group-start';
77 }
78
79 if ($c == $cnt - 1)
80 {
81 $classes[] = 'hh-tr-group-end';
82 }
83 ?>
84 <tr class="<?php echo join(' ', $classes); ?>">
85 <?php
86 if ($c == 0)
87 {
88 ?>
89 <td rowspan="<?php echo $cnt; ?>" class="hh-middle"><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][group]" value="<?php echo esc_attr($item['group']); ?>" placeholder="csp-endpoint"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>></td>
90 <td rowspan="<?php echo $cnt; ?>" class="hh-middle"><select class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][max_age]"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>>
91 <?php
92 foreach ($items as $key => $val) {
93 ?><option value="<?php echo $key; ?>"<?php selected($item['max_age'], $key); ?>><?php echo $val; ?></option><?php
94 }
95 ?>
96 </select></td>
97 <td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
98 <?php
99 }
100 ?>
101
102 <td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][url]" value="<?php echo esc_attr($v['url']); ?>" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>
103 <td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][priority]" value="<?php echo esc_attr($v['priority']); ?>" min="0" step="1"></td>
104 <td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][<?php echo $k; ?>][weight]" value="<?php echo esc_attr($v['weight']); ?>" min="0" step="1"></td>
105
106 <td><?php
107 if ($c == 0)
108 {
109 ?>
110 <button type="button" class="button hh-btn-add-endpoint"><?php _e('Add endpoint', 'http-headers'); ?></button>
111 <?php
112 } else {
113 ?>
114 <button type="button" class="button hh-btn-delete-endpoint"><?php _e('Remove endpoint', 'http-headers'); ?></button>
115 <?php
116 }
117 ?></td>
118 <?php
119 if ($c == 0)
120 {
121 ?>
122 <td rowspan="<?php echo $cnt; ?>" class="hh-middle hh-center"><?php
123 if ($i > 0)
124 {
125 ?>
126 <button type="button" class="button hh-btn-delete-endpoint-group" title="<?php esc_attr_e('Delete', 'http-headers'); ?>"><?php _e('Remove group', 'http-headers'); ?></button>
127 <?php
128 }
129 ?></td>
130 <?php
131 }
132 ?>
133 </tr>
134 <?php
135 $c += 1;
136 }
137 } else {
138 ?>
139 <tr class="hh-tr-first hh-tr-group-start hh-tr-group-end">
140 <td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][group]" value="<?php echo esc_attr($item['group']); ?>" placeholder="csp-endpoint"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>></td>
141 <td><select class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][max_age]"<?php echo $report_to == 1 ? NULL : ' readonly'; ?>>
142 <?php
143 foreach ($items as $key => $val) {
144 ?><option value="<?php echo $key; ?>"<?php selected($item['max_age'], $key); ?>><?php echo $val; ?></option><?php
145 }
146 ?>
147 </select></td>
148 <td class="hh-center"><input type="checkbox" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][include_subdomains]" value="1"<?php checked(@$item['include_subdomains'], 1, true); ?><?php echo $report_to == 1 ? NULL : ' readonly'; ?> /></td>
149
150 <td><input type="text" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][url]" placeholder="https://example.com/report/csp"<?php echo $report_to == 1 ? NULL : ' readonly'; ?> size="40"></td>
151 <td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][priority]" min="0" step="1"></td>
152 <td><input type="number" class="http-header-value" name="hh_report_to_value[<?php echo $i; ?>][endpoints][0][weight]" min="0" step="1"></td>
153
154 <td>
155 <button type="button" class="button hh-btn-add-endpoint"><?php _e('Add endpoint', 'http-headers'); ?></button>
156 </td>
157 <td rowspan="1"><?php
158 if ($i > 0)
159 {
160 ?><button type="button" class="button hh-btn-delete-endpoint-group" title="<?php esc_attr_e('Delete', 'http-headers'); ?>"><?php _e('Remove group', 'http-headers'); ?></button><?php
161 }
162 ?></td>
163 </tr>
164 <?php
165 }
166 $i += 1;
167 }
168 ?>
169 <tr>
170 <td colspan="8">
171 <button type="button" class="button" id="hh-btn-add-endpoint-group">+ <?php _e('Add endpoint group', 'http-headers'); ?></button>
172 </td>
173 </tr>
174 </table>
175 </div>
176 </td>
177 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">Strict-Transport-Security
8 <p class="description"><?php _e("HTTP Strict-Transport-Security (HSTS) enforces secure (HTTP over SSL/TLS) connections to the server. This reduces impact of bugs in web applications leaking session data through cookies and external links and defends against Man-in-the-middle attacks. HSTS also disables the ability for user's to ignore SSL negotiation warnings.", 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Strict-Transport-Security</legend>
17 <?php
18 $strict_transport_security = get_option('hh_strict_transport_security', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_strict_transport_security" value="<?php echo $k; ?>"<?php checked($strict_transport_security, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-sts' ); ?>
28 <?php do_settings_sections( 'http-headers-sts' ); ?>
29 <table>
30 <tr>
31 <td>max-age:</td>
32 <td><select name="hh_strict_transport_security_max_age" class="http-header-value"<?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?>>
33 <?php
34 $items = array('0' => '0 (Delete entire HSTS Policy)', '3600' => '1 hour', '86400' => '1 day', '604800' => '7 days', '2592000' => '30 days', '5184000' => '60 days', '7776000' => '90 days', '31536000' => '1 year', '63072000' => '2 years');
35 $strict_transport_security_max_age = get_option('hh_strict_transport_security_max_age');
36 foreach ($items as $key => $item) {
37 ?><option value="<?php echo $key; ?>"<?php selected($strict_transport_security_max_age, $key); ?>><?php echo $item; ?></option><?php
38 }
39 ?>
40 </select></td>
41 </tr>
42 <tr>
43 <td>includeSubDomains:</td>
44 <td><input type="checkbox" class="http-header-value" name="hh_strict_transport_security_sub_domains" value="1"<?php checked(get_option('hh_strict_transport_security_sub_domains'), 1, true); ?><?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?> /></td>
45 </tr>
46 <tr>
47 <td>preload:</td>
48 <td><input type="checkbox" class="http-header-value" name="hh_strict_transport_security_preload" value="1"<?php checked(get_option('hh_strict_transport_security_preload'), 1, true); ?><?php echo $strict_transport_security == 1 ? NULL : ' readonly'; ?> /></td>
49 </tr>
50 </table>
51 </td>
52 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Timing-Allow-Origin
8 <p class="description"><?php _e('The Timing-Allow-Origin header indicates whether a resource provides the complete timing information. SEO tools use the Resource Timing API to analyze the speed and weight of your web page resources.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Timing-Allow-Origin"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Timing-Allow-Origin</legend>
17 <?php
18 $timing_allow_origin = get_option('hh_timing_allow_origin', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_timing_allow_origin" value="<?php echo $k; ?>"<?php checked($timing_allow_origin, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-tao' ); ?>
28 <?php do_settings_sections( 'http-headers-tao' ); ?>
29 <select name="hh_timing_allow_origin_value" class="http-header-value"<?php echo $timing_allow_origin == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('*', 'origin');
32 $timing_allow_origin_value = get_option('hh_timing_allow_origin_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($timing_allow_origin_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 <input type="text" name="hh_timing_allow_origin_url" class="http-header-value" placeholder="http://domain.com" value="<?php echo esc_attr(get_option('hh_timing_allow_origin_url')); ?>" size="35"<?php echo $timing_allow_origin == 1 && $timing_allow_origin_value == 'origin' ? NULL : ' style="display: none" readonly'; ?> />
39 </td>
40 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr>
7 <th scope="row">Vary
8 <p class="description"><?php _e('The Vary HTTP response header determines how to match future request headers to decide whether a cached response can be used rather than requesting a fresh one from the origin server. It is used by the server to indicate which headers it used when selecting a representation of a resource in a content negotiation algorithm.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Vary"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">Vary</legend>
17 <?php
18 $vary = get_option('hh_vary', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_vary" value="<?php echo $k; ?>"<?php checked($vary, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-vary' ); ?>
28 <?php do_settings_sections( 'http-headers-vary' ); ?>
29 <table>
30 <tbody>
31 <tr>
32 <td>
33 <?php
34 $items = array(
35 '*', 'Accept-Encoding', 'User-Agent', 'Referer', 'Cookie',
36 );
37 $vary_value = get_option('hh_vary_value');
38 if (!$vary_value) {
39 $vary_value = array();
40 }
41 foreach ($items as $item)
42 {
43 ?><p><label><input type="checkbox" class="http-header-value" name="hh_vary_value[<?php echo $item; ?>]" value="1"<?php echo !array_key_exists($item, $vary_value) ? NULL : ' checked'; ?><?php echo $vary == 1 ? NULL : ' readonly'; ?> /> <?php echo $item; ?></label></p><?php
44 }
45 ?>
46 </td>
47 </tr>
48 </tbody>
49 </table>
50 </td>
51 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">WWW-Authenticate
8 <p class="description"><?php _e('HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">WWW-Authenticate</legend>
17 <?php
18 $www_authenticate = get_option ( 'hh_www_authenticate', 0 );
19 foreach ( $bools as $k => $v ) {
20 ?><p>
21 <label><input type="radio" class="http-header" name="hh_www_authenticate" value="<?php echo $k; ?>" <?php checked($www_authenticate, $k, true); ?> /> <?php echo $v; ?></label>
22 </p><?php
23 }
24 ?>
25 </fieldset>
26 </td>
27 <td>
28 <?php settings_fields( 'http-headers-wwa' ); ?>
29 <?php do_settings_sections( 'http-headers-wwa' ); ?>
30 <table>
31 <tbody>
32 <tr>
33 <td>Type</td>
34 <td colspan="3">
35 <select name="hh_www_authenticate_type" class="http-header-value"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>>
36 <?php
37 $items = array ('Basic', 'Digest');
38 $www_authenticate_type = get_option ( 'hh_www_authenticate_type' );
39 foreach ( $items as $item ) {
40 ?><option value="<?php echo $item; ?>" <?php selected($www_authenticate_type, $item); ?>><?php echo $item; ?></option><?php
41 }
42 ?>
43 </select>
44 </td>
45 </tr>
46 <tr>
47 <td>Realm</td>
48 <td colspan="3"><input type="text" name="hh_www_authenticate_realm" class="http-header-value" size="30" value="<?php echo esc_attr(get_option('hh_www_authenticate_realm')); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?> placeholder="Restricted area"></td>
49 </tr>
50 <tr>
51 <td>&nbsp;</td>
52 <td><strong><?php _e('Username', 'http-headers'); ?></strong></td>
53 <td><strong><?php _e('Password', 'http-headers'); ?></strong></td>
54 <td>&nbsp;</td>
55 </tr>
56 <?php
57 $usernames = get_option('hh_www_authenticate_user', array());
58 $passwords = get_option('hh_www_authenticate_pswd', array());
59 if (!is_array($usernames)) {
60 $usernames = array($usernames);
61 }
62 if (!is_array($passwords)) {
63 $passwords = array($passwords);
64 }
65 $i = 0;
66 foreach ($usernames as $k => $user) {
67 ?>
68 <tr>
69 <td>&nbsp;</td>
70 <td><input type="text" name="hh_www_authenticate_user[]" class="http-header-value" value="<?php echo esc_attr($user); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>></td>
71 <td><input type="text" name="hh_www_authenticate_pswd[]" class="http-header-value" value="<?php echo esc_attr($passwords[$k]); ?>"<?php echo $www_authenticate == 1 ? NULL : ' readonly'; ?>></td>
72 <td><?php
73 if ($i > 0)
74 {
75 ?><button type="button" class="button button-small hh-btn-delete-user" title="<?php esc_attr_e('Delete', 'http-headers'); ?>">x</button><?php
76 } else {
77 echo "&nbsp;";
78 }
79 ?></td>
80 </tr>
81 <?php
82 $i += 1;
83 }
84 ?>
85 <tr>
86 <td>&nbsp;</td>
87 <td colspan="3">
88 <button type="button" class="button hh-btn-add-user">+ <?php _e('Add user', 'http-headers'); ?></button>
89 </td>
90 </tr>
91 </tbody>
92 </table>
93 </td>
94 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-Content-Type-Options
8 <p class="description"><?php _e('Prevents Internet Explorer and Google Chrome from MIME-sniffing a response away from the declared content-type. This also applies to Google Chrome, when downloading extensions. This reduces exposure to drive-by download attacks and sites serving user uploaded content that, by clever naming, could be treated by MSIE as executable or dynamic HTML files.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">X-Content-Type-Options</legend>
17 <?php
18 $x_content_type_options = get_option('hh_x_content_type_options', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_x_content_type_options" value="<?php echo $k; ?>"<?php checked($x_content_type_options, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-cto' ); ?>
28 <?php do_settings_sections( 'http-headers-cto' ); ?>
29 <select name="hh_x_content_type_options_value" class="http-header-value"<?php echo $x_content_type_options == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('nosniff');
32 $x_content_type_options_value = get_option('hh_x_content_type_options_value');
33 foreach ($items as $item) {
34 ?><option value="<?php echo $item; ?>"<?php selected($x_content_type_options_value, $item); ?>><?php echo $item; ?></option><?php
35 }
36 ?>
37 </select>
38 </td>
39 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-DNS-Prefetch-Control
8 <p class="description"><?php _e('The X-DNS-Prefetch-Control HTTP response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on both links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth.', 'http-headers'); ?></p>
9 <p class="description"><?php _e('This prefetching is performed in the background, so that the DNS is likely to have been resolved by the time the referenced items are needed. This reduces latency when the user clicks a link.', 'http-headers'); ?></p>
10 <hr>
11 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
12 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
13 </p>
14 </th>
15 <td>
16 <fieldset>
17 <legend class="screen-reader-text">X-DNS-Prefetch-Control</legend>
18 <?php
19 $x_dns_prefetch_control = get_option('hh_x_dns_prefetch_control', 0);
20 foreach ($bools as $k => $v)
21 {
22 ?><p><label><input type="radio" class="http-header" name="hh_x_dns_prefetch_control" value="<?php echo $k; ?>"<?php checked($x_dns_prefetch_control, $k); ?> /> <?php echo $v; ?></label></p><?php
23 }
24 ?>
25 </fieldset>
26 </td>
27 <td>
28 <?php settings_fields( 'http-headers-xdpc' ); ?>
29 <?php do_settings_sections( 'http-headers-xdpc' ); ?>
30 <select name="hh_x_dns_prefetch_control_value" class="http-header-value"<?php echo $x_dns_prefetch_control == 1 ? NULL : ' readonly'; ?>>
31 <?php
32 $items = array('on', 'off');
33 $x_dns_prefetch_control_value = get_option('hh_x_dns_prefetch_control_value');
34 foreach ($items as $item) {
35 ?><option value="<?php echo $item; ?>"<?php selected($x_dns_prefetch_control_value, $item); ?>><?php echo $item; ?></option><?php
36 }
37 ?>
38 </select>
39 </td>
40 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-Download-Options
8 <p class="description"><?php _e("For web applications that need to serve untrusted HTML files, Microsoft IE introduced a mechanism to help prevent the untrusted content from compromising your site's security. When the X-Download-Options header is present with the value noopen, the user is prevented from opening a file download directly; instead, they must first save the file locally. When the locally saved file is later opened, it no longer executes in the security context of your site, helping to prevent script injection.", 'http-headers'); ?></p>
9 </th>
10 <td>
11 <fieldset>
12 <legend class="screen-reader-text">X-Download-Options</legend>
13 <?php
14 $x_download_options = get_option('hh_x_download_options', 0);
15 foreach ($bools as $k => $v)
16 {
17 ?><p><label><input type="radio" class="http-header" name="hh_x_download_options" value="<?php echo $k; ?>"<?php checked($x_download_options, $k); ?> /> <?php echo $v; ?></label></p><?php
18 }
19 ?>
20 </fieldset>
21 </td>
22 <td>
23 <?php settings_fields( 'http-headers-xdo' ); ?>
24 <?php do_settings_sections( 'http-headers-xdo' ); ?>
25 <select name="hh_x_download_options_value" class="http-header-value"<?php echo $x_download_options == 1 ? NULL : ' readonly'; ?>>
26 <?php
27 $items = array('noopen');
28 $x_download_options_value = get_option('hh_x_download_options_value');
29 foreach ($items as $item) {
30 ?><option value="<?php echo $item; ?>"<?php selected($x_download_options_value, $item); ?>><?php echo $item; ?></option><?php
31 }
32 ?>
33 </select>
34 </td>
35 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-Frame-Options
8 <p class="description"><?php _e('This header can be used to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt;, &lt;iframe&gt; or &lt;object&gt;. Use this to avoid clickjacking attacks.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">X-Frame-Options</legend>
17 <?php
18 $x_frame_options = get_option('hh_x_frame_options', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_x_frame_options" value="<?php echo $k; ?>"<?php checked($x_frame_options, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-xfo' ); ?>
28 <?php do_settings_sections( 'http-headers-xfo' ); ?>
29 <select name="hh_x_frame_options_value" class="http-header-value"<?php echo $x_frame_options == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('deny', 'sameorigin', 'allow-from');
32 $x_frame_options_value = get_option('hh_x_frame_options_value');
33 foreach ($items as $item)
34 {
35 ?><option value="<?php echo $item; ?>"<?php selected($x_frame_options_value, $item); ?>><?php echo strtoupper($item); ?></option><?php
36 }
37 ?>
38 </select>
39 <input type="text" name="hh_x_frame_options_domain" class="http-header-value" placeholder="Domain" value="<?php echo esc_attr(get_option('hh_x_frame_options_domain')); ?>"<?php echo $x_frame_options == 1 && $x_frame_options_value == 'allow-from' ? NULL : ' style="display: none" readonly'; ?> />
40 </td>
41 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-Permitted-Cross-Domain-Policies
8 <p class="description"><?php _e('A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains.', 'http-headers'); ?></p>
9 </th>
10 <td>
11 <fieldset>
12 <legend class="screen-reader-text">X-Permitted-Cross-Domain-Policies</legend>
13 <?php
14 $x_permitted_cross_domain_policies = get_option('hh_x_permitted_cross_domain_policies', 0);
15 foreach ($bools as $k => $v)
16 {
17 ?><p><label><input type="radio" class="http-header" name="hh_x_permitted_cross_domain_policies" value="<?php echo $k; ?>"<?php checked($x_permitted_cross_domain_policies, $k); ?> /> <?php echo $v; ?></label></p><?php
18 }
19 ?>
20 </fieldset>
21 </td>
22 <td>
23 <?php settings_fields( 'http-headers-xpcd' ); ?>
24 <?php do_settings_sections( 'http-headers-xpcd' ); ?>
25 <select name="hh_x_permitted_cross_domain_policies_value" class="http-header-value"<?php echo $x_permitted_cross_domain_policies == 1 ? NULL : ' readonly'; ?>>
26 <?php
27 $items = array('none', 'master-only', 'by-content-type', 'by-ftp-filename', 'all');
28 $x_permitted_cross_domain_policies_value = get_option('hh_x_permitted_cross_domain_policies_value');
29 foreach ($items as $item) {
30 ?><option value="<?php echo $item; ?>"<?php selected($x_permitted_cross_domain_policies_value, $item); ?>><?php echo $item; ?></option><?php
31 }
32 ?>
33 </select>
34 </td>
35 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-Powered-By
8 <p class="description"><?php _e('Specifies the technology (e.g. ASP.NET, PHP, JBoss, Express) supporting the web application, i.e. the scripting language. It is recommended to remove it or provide misleading information to throw off hackers that might target a particular technology/version.', 'http-headers'); ?></p>
9 </th>
10 <td>
11 <fieldset>
12 <legend class="screen-reader-text">X-Powered-By</legend>
13 <?php
14 $x_powered_by = get_option ( 'hh_x_powered_by', 0 );
15 foreach ( $bools as $k => $v ) {
16 ?><p>
17 <label><input type="radio" class="http-header" name="hh_x_powered_by" value="<?php echo $k; ?>" <?php checked($x_powered_by, $k, true); ?> /> <?php echo $v; ?></label>
18 </p><?php
19 }
20 ?>
21 </fieldset>
22 </td>
23 <td>
24 <?php settings_fields( 'http-headers-xpb' ); ?>
25 <?php do_settings_sections( 'http-headers-xpb' ); ?>
26 <select name="hh_x_powered_by_option" class="http-header-value"<?php echo $x_powered_by == 1 ? NULL : ' readonly'; ?>>
27 <?php
28 $items = array (
29 'unset' => 'Unset',
30 'set' => 'Set',
31 );
32 $x_powered_by_option = get_option ( 'hh_x_powered_by_option' );
33 foreach ( $items as $k => $v ) {
34 ?><option value="<?php echo $k; ?>" <?php selected($x_powered_by_option, $k); ?>><?php echo $v; ?></option><?php
35 }
36 ?>
37 </select>
38 <input type="text" name="hh_x_powered_by_value" class="http-header-value" placeholder="PHP/<?php echo PHP_VERSION; ?>" value="<?php echo esc_attr(get_option('hh_x_powered_by_value')); ?>"
39 <?php echo $x_powered_by == 1 && $x_powered_by_option == 'set' ? NULL : ' style="display: none" readonly'; ?> />
40 </td>
41 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-Robots-Tag
8 <p class="description"><?php _e('The X-Robots-Tag HTTP header is used to indicate how a web page is to be indexed within public search engine results. The header is effectively equivalent to <code>&lt;meta name="robots" content="..."&gt;</code>.', 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developers.google.com/search/docs/advanced/robots/robots_meta_tag"><?php _e('Google Search Central', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">X-Robots-Tag</legend>
17 <?php
18 $x_robots_tag = get_option('hh_x_robots_tag', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_x_robots_tag" value="<?php echo $k; ?>"<?php checked($x_robots_tag, $k); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-rob' ); ?>
28 <?php do_settings_sections( 'http-headers-rob' ); ?>
29 <?php
30 $items = array(
31 'all' => 'bool',
32 'noindex' => 'bool',
33 'nofollow' => 'bool',
34 'none' => 'bool',
35 'noarchive' => 'bool',
36 'nosnippet' => 'bool',
37 'max-snippet' => 'number',
38 'max-image-preview' => 'setting',
39 'max-video-preview' => 'number',
40 'notranslate' => 'bool',
41 'noimageindex' => 'bool',
42 'unavailable_after' => 'datetime',
43 );
44 ?>
45 <table>
46 <?php
47 $x_robots_tag_value = get_option('hh_x_robots_tag_value');
48 if (!$x_robots_tag_value)
49 {
50 $x_robots_tag_value = array();
51 }
52 foreach ($items as $item => $type)
53 {
54 ?>
55 <tr>
56 <td><label for="hh_x_robots_tag_value_<?php echo $item; ?>"><?php echo $item; ?></label></td>
57 <td><?php
58 switch ($type) {
59 case 'bool':
60 ?><input type="checkbox" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
61 id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
62 value="1"<?php checked(array_key_exists($item, $x_robots_tag_value), 1, true); ?>><?php
63 break;
64 case 'number':
65 ?><input type="number" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
66 id="hh_x_robots_tag_value_<?php echo $item; ?>"
67 size="6" min="-1" step="1"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
68 value="<?php echo array_key_exists($item, $x_robots_tag_value) && strlen($x_robots_tag_value[$item]) > 0 ? (int) $x_robots_tag_value[$item] : NULL; ?>"><?php
69 break;
70 case 'setting':
71 ?><select class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
72 id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>>
73 <option value="">---</option>
74 <?php
75 foreach (array('none', 'standard', 'large') as $k)
76 {
77 ?><option value="<?php echo $k; ?>"<?php echo array_key_exists($item, $x_robots_tag_value) && $k == $x_robots_tag_value[$item] ? ' selected="selected"' : NULL; ?>><?php echo $k; ?></option><?php
78 }
79 ?>
80 </select><?php
81 break;
82 case 'datetime':
83 ?><input type="date" class="http-header-value" name="hh_x_robots_tag_value[<?php echo $item; ?>]"
84 id="hh_x_robots_tag_value_<?php echo $item; ?>"<?php echo $x_robots_tag == 1 ? NULL : ' readonly'; ?>
85 value="<?php echo array_key_exists($item, $x_robots_tag_value) && strlen($x_robots_tag_value[$item]) > 0 ? $x_robots_tag_value[$item] : NULL; ?>"><?php
86 break;
87 }
88 ?>
89 </td>
90 </tr>
91 <?php
92 }
93 ?>
94 </table>
95 </td>
96 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-UA-Compatible
8 <p class="description"><?php _e('In some cases, it might be necessary to restrict a webpage to a document mode supported by an older version of Windows Internet Explorer. Here we look at the x-ua-compatible header, which allows a webpage to be displayed as if it were viewed by an earlier version of the browser.', 'http-headers'); ?></p>
9 </th>
10 <td>
11 <fieldset>
12 <legend class="screen-reader-text">X-UA-Compatible</legend>
13 <?php
14 $x_ua_compatible = get_option('hh_x_ua_compatible', 0);
15 foreach ($bools as $k => $v)
16 {
17 ?><p><label><input type="radio" class="http-header" name="hh_x_ua_compatible" value="<?php echo $k; ?>"<?php checked($x_ua_compatible, $k, true); ?> /> <?php echo $v; ?></label></p><?php
18 }
19 ?>
20 </fieldset>
21 </td>
22 <td>
23 <?php settings_fields( 'http-headers-uac' ); ?>
24 <?php do_settings_sections( 'http-headers-uac' ); ?>
25 <select name="hh_x_ua_compatible_value" class="http-header-value"<?php echo $x_ua_compatible == 1 ? NULL : ' readonly'; ?>>
26 <?php
27 $items = array('IE=7', 'IE=8', 'IE=9', 'IE=10', 'IE=edge', 'IE=edge,chrome=1');
28 $x_ua_compatible_value = get_option('hh_x_ua_compatible_value');
29 foreach ($items as $item) {
30 ?><option value="<?php echo $item; ?>"<?php selected($x_ua_compatible_value, $item); ?>><?php echo $item; ?></option><?php
31 }
32 ?>
33 </select>
34 </td>
35 </tr>
...\ No newline at end of file ...\ No newline at end of file
1 <?php
2 if (!defined('ABSPATH')) {
3 exit;
4 }
5 ?>
6 <tr valign="top">
7 <th scope="row">X-XSS-Protection
8 <p class="description"><?php _e("This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. It's usually enabled by default anyway, so the role of this header is to re-enable the filter for this particular website if it was disabled by the user.", 'http-headers'); ?></p>
9 <hr>
10 <p class="description"><?php _e('Read more at', 'http-headers'); ?>
11 <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection"><?php _e('MDN Web Docs', 'http-headers'); ?></a>
12 </p>
13 </th>
14 <td>
15 <fieldset>
16 <legend class="screen-reader-text">X-XSS-Protection</legend>
17 <?php
18 $x_xxs_protection = get_option('hh_x_xxs_protection', 0);
19 foreach ($bools as $k => $v)
20 {
21 ?><p><label><input type="radio" class="http-header" name="hh_x_xxs_protection" value="<?php echo $k; ?>"<?php checked($x_xxs_protection, $k, true); ?> /> <?php echo $v; ?></label></p><?php
22 }
23 ?>
24 </fieldset>
25 </td>
26 <td>
27 <?php settings_fields( 'http-headers-xss' ); ?>
28 <?php do_settings_sections( 'http-headers-xss' ); ?>
29 <select name="hh_x_xxs_protection_value" class="http-header-value"<?php echo $x_xxs_protection == 1 ? NULL : ' readonly'; ?>>
30 <?php
31 $items = array('0', '1', '1; mode=block', '1; report=');
32 $x_xxs_protection_value = get_option('hh_x_xxs_protection_value');
33 foreach ($items as $item)
34 {
35 ?><option value="<?php echo $item; ?>"<?php selected($x_xxs_protection_value, $item); ?>><?php echo $item; ?></option><?php
36 }
37 ?>
38 </select>
39 <input type="text" name="hh_x_xxs_protection_uri" class="http-header-value" placeholder="Reporting URI" value="<?php echo esc_attr(get_option('hh_x_xxs_protection_uri')); ?>"<?php echo $x_xxs_protection == 1 && $x_xxs_protection_value == '1; report=' ? NULL : ' style="display: none" readonly'; ?> />
40 </td>
41 </tr>
...\ No newline at end of file ...\ No newline at end of file