Security Header Generator
| 开发者 | kevp75 |
|---|---|
| 更新时间 | 2024年7月31日 02:36 |
| 捐献地址: | 去捐款 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.7 |
| 版权: | GPLv3 |
| 版权网址: | 版权信息 |
标签
下载
3.0.68
3.9.77
1.3.14
1.4.09
1.6.09
1.6.10
1.7.02
2.0.08
3.6.33
1.3.13
1.9.23
1.9.27
1.9.17
1.9.18
3.0.10
1.4.11
1.5.22
1.7.03
1.8.11
1.8.14
1.8.23
1.9.11
1.9.43
1.9.44
1.9.47
1.9.51
2.0.97
2.1.09
2.1.11
2.2.13
2.2.15
3.0.09
3.0.77
3.3.01
3.6.02
3.6.11
2.0.36
3.6.22
3.4.28
4.0.01
4.1.22
4.6.01
4.1.23
5.1.29
3.2.34
3.2.37
3.4.27
3.6.44
3.6.79
3.7.23
3.8.01
3.2.33
3.5.17
3.6.46
3.8.14
3.9.01
3.9.12
5.1.31
详情介绍:
This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.
安装:
- Download the plugin, unzip it, and upload to your sites
/wp-content/plugins/directory - You can also upload it directly to your Plugins admin
- Activate the plugin through the 'Plugins' menu in WordPress
屏幕截图:
常见问题:
What is a Content Security Policy?
A Content Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
更新日志:
5.1.29
- Fix: Some undefined array keys when some settings not set
- Verify: WP Core 6.7 Compatibility
- Fix: Defaults for settings.
- Found headers were being applied after turning off setting that should not have been
- Clean Up: Versions older than 4
- Add:
sandboxdirective for Content Security Policy - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
- Fix: Application of CSP headers when there is no value set
- No longer sets the directive if nothing is configured for it.
- Fix: Some styling in the admin pages
- Remove: Deprecated CLI methods
- Update: JS Libraries for settings framework
- Verified: PHP 8.3 Compatibility
- Verified: WP Core 6.6 Compatibility
- Updated: settings fw: Fixed: PHP 8.x deprecated notices.
- Updated: Documentation
- Removed: references to implementation to avoid confusion
- Removed: CLI Generator
- Verified: WP Core 6.5 Compatibility
- Add: Apply CSP to REST API
- Please be aware, once this is switched on it will also be active for the admin area of the site.
- Hook:
wpsh_send_restapi_headers
- Verified: Core Version 6.4 compliant
- Remove:
navigate-todirective for Content Security Policy - Per: https://docs.w3cub.com/http/headers/content-security-policy/navigate-to no longer supported in any browser
- Add:
report-todirective for Content Security Policy - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
- Please be aware, this directive currently does nothing in Firefox and Safari
- Updated: Wordpress Defaults. Compliant ONLY with the following:
- Plugins: Gravity Forms
- Themes: Twenty Twenty, Twenty Twenty-One, Twenty Twenty-Two, Twenty Twenty-Three
- Updated: Wordpress Core version requirements to 5.6.10