开发者 | kevp75 |
---|---|
更新时间 | 2025年5月30日 19:31 |
捐献地址: | 去捐款 |
PHP版本: | 8.1 及以上 |
WordPress版本: | 6.9 |
版权: | GPLv3 |
版权网址: | 版权信息 |
/wp-content/plugins/
directoryIt is a simplified way to set security headings for your website which will help mitigate attacks.
A Content Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.
This is where it gets complicated. You will need to browser your website and track all external resources and types. For an example, we have included WordPress defaults. Once you have done this initial tracking you can add the sources in the plugins Content Security Policy sources, and hit the 'Save' button. Once you have initially configured it, I would recommend repeating the process above as many times as it takes to gather all of them. It can take quite a number of times to accomplish this, some external resources like iframes, scripts, and even stylesheets can pull in their own external items that will not show until the parent items are included.
In the Standard Security Header tab in the plugin settings, turn on the "upgrade insecure requests" and hit 'Save'.
Sure is, in the plugin settings, look for the Documentation tab.
Sure can. In the plugin settings, look for the Export/Import Settings tab.
You can reach out at the plugins page in the WordPress.org plugin respository.
Please understand, I cannot generate the proper headers for you through the wordpress.org support due to the amount of time it could take to do it along with the access I would need. However, I can be contacted here: https://kevp.us/contact and we can discuss it.
sandbox
directive for Content Security Policywpsh_send_restapi_headers
navigate-to
directive for Content Security Policyreport-to
directive for Content Security Policywpsh_acam_header
wpsh_acac_header
require-corp
and unsafe-none
require-corp
will require you to configure the Cross-Origin-Resource-Policy headerget_page_by_title
rtrim
wpsh_corp_header
send_headers
or admin_init
actions between Core 6.2 and Core 6.2.2document-domain
from the Permissions-Policy headerexecution-while-not-rendered
from the Permissions-Policy headerexecution-while-out-of-viewport
from the Permissions-Policy headernavigation-override
from the Permissions-Policy headergamepad
from the Permissions-Policy headerhid
to the Permissions-Policy Headeridentity-credentials-get
to the Permissions-Policy Headeridle-detection
to the Permissions-Policy Headerpublickey-credentials-create
to the Permissions-Policy Headerscreen-wake-lock
to the Permissions-Policy Headerserial
to the Permissions-Policy Headerweb-share
to the Permissions-Policy Headerprefetch-src
from the Content-Security-PolicyWarning: Undefined array key "Permissions-Policy"
KCP_CSPGEN_Headers::kp_get_generated_csp(): Return value must be of type array, string returned
wpsh_TEMP_settings
. I will have this automatically removed in a future updatewpsh_expectct_header