説明

ENGLISH

Headers Security Advanced & HSTS WP は最高のオールインワンで、すべての WordPress ユーザー向けの無料プラグインです。このプラグインを無効にすると、サイトの構成が以前の状態に正確に戻ります。

Headers Security Advanced & HSTS WP プロジェクトは、サイトが Web サイトのセキュリティを強化するために使用できる HTTP 応答ヘッダーを実装します。プラグインはすべてのベストプラクティスを自動的に設定します (何も考える必要はありません) 。これらの HTTP 応答ヘッダーは、最新のブラウザーが簡単に予測可能な脆弱性に遭遇するのを防ぐことができます。Headers Security Advanced & HSTS WP プロジェクトは、すべてのワードプレスユーザーにこれらのヘッダーの普及と認知度と使用率を高めたいと考えています。

This plugin is developed by TentaclePlugins by irn3, we care about WordPress security and best practices.

Headers Security Advanced & の優れた機能を確認してください。 HSTS WP :

HSA Limit Login でブルートフォース攻撃をブロックします。
X-XSS-Protection
Expect-CT
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Content-Security-Policy
X-Content-Type-Options
X-Frame-Options
X-Permitted-Cross-Domain-Policies
X-Powered-By
Content-Security-Policy
Referrer-Policy
HTTP Strict Transport Security / HSTS
Content-Security-Policy
Clear-Site-Data
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Permissions-Policy
Strict-dynamic
Strict-Transport-Security
FLoC (コホートの複合学習)

Headers Security Advanced & HSTS WP は OWASP CSRF に基づき、ワードプレスサイトを保護します。OWASP CSRF を使用し、プラグインがインストールされると、出力で nonce を使用するメソッドを呼び出すことなく、CSRF を完全に軽減できます。他の脆弱なプラグイン (CSRF) があっても、サイトは安全になります。

HTTP セキュリティヘッダーは、Web サイトのセキュリティの重要な部分です。Headers Security Advanced & で自動実装後、 HSTS WP は、サイトが遭遇する可能性のある最も悪名高い種類の攻撃からユーザーを保護します。これらのヘッダーは、XSS、コードインジェクション、クリックジャッキングなどから保護します。

We have put a lot of effort into making the most important services operational with Content Security Policy (CSP), below are some examples that we have tested and used with Headers Security Advanced & HSTS WP:

CSP usage for Google Tag Manager
world’s most popular tag manager
Using CSP for Gravatar
Avatar service for WordPress and Social sites
Using CSP for WordPress Internal Media
support WordPress media
Using CSP for Youtube Embedded Video SDK
support Youtube embedded frames and JS SDK
CSP usage for CookieLaw
privacy technology to meet regulatory requirements
CSP usage for Mailchimp
support for Mailchimp automation, SDK and modules
CSP usage for Google Analytics
support for basic conversion domains such as: stats.g.doubleclick.net and www.google.com
CSP usage for Google Fonts
you’re not loading it on the page, chances are one of your SDKs is using it
Using CSP for **Facebook
support Facebook SDK functionality
Using CSP for Stripe
highly secure online payment system
Using CSP for New Relic
it’s a registration and monitoring utility
Using CSP for Linkedin Tags + SDKs
support Linkedin Insight, Linkedin Ads and SDK
Using CSP for OneTrust
OneTrust support helps companies manage privacy requirements
CSP usage for Moat
Moat support to measurement suite such as: ad verification, brand safety, advertising and coverage
CSP usage for jQuery
support of jQuery – JS library
CSP usage for Twitter Widgets & SDKs
support Connect, Widgets and the Twitter client-side SDK
Using CSP for Google Maps
support Google Maps as The ggpht used by streetview
Using CSP for Quantcast Choice
Quantcast support for privacy such as GDPR and CCPA
CSP usage for Twitter Ads & Analytics
Twitter support for advertising and Analytics
Using CSP for Paypal
PayPal support for online payment system
Using CSP for Drift
Drift and Driftt support
CSP usage for Cookiebot
cookie and tracker support, GDPR/ePrivacy and CCPA compliance
CSP usage for Vimeo Embedded Videos SDK
support frames, JS SDK, Froogaloop integration
Using CSP for AppNexus (now Xandr)
AppNexus support for custom retargeting
Using CSP for Mixpanel
support analytics tool with SDK/JS to collect client-side data
Using CSP for Font Awesome
toolkit support for fonts and icons over CSS and Less
Using CSP for Google reCAPTCHA
reCAPTCHA support for fraud and bot protection
CSP usage for Bootstrap CDN
Bootstrap support for CSS frameworks
Using CSP for HubSpot
Hubspot support with many features, used for monitoring and mkt functionality
Using CSP for Hotjar
Hotjar tracker support for analytics and metrics
Using CSP for WP.com
support for wp.com hosting
Using CSP for Akamai mPulse
support for Akamai mPulse, for origin and perimeter integrations
CSP usage for Cloudflare – Rocket-Loader & Mirage
support for Mirage libraries for performance acceleration
Using CSP for Cloudflare – CDN.js
Cloudflare’s open CDN support with multiple libraries
Using CSP for jsDelivr
support jsDelivr free CDN for Open Source

Headers Security Advanced & HSTS WP is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).

All Free Features
The Headers Security Advanced & HSTS WP version includes all the free features.

ベストプラクティスを使用して、FLoC (コホートの複合学習) を実装しました。まず、Headers Security Advanced & を使用します。HSTS WP は、ブラウザが FLoC (Federated Learning of Cohorts) の「コホート計算」にサイトを含めないようにします。これは、document.interestCohort() を呼び出して、現在使用されているクライアントの FLoC ID を取得できないことを意味します。明らかに、これは現在アクセスしているサイトの外では何もせず、その範囲を超えてクライアントの FLoC を「無効」にしません。

FLoC はまだかなり新しく、まだ広くサポートされていませんが、プログラマーとしてプライバシー保護要素が重要であると考えているため、FLoC をオプトアウトする機能を提供することにしました ! 特別な 「FLoC の自動ブロック」 機能を作成し、常に プライバシー保護とサイバーセキュリティを備えた最高のツールを提供することを主なターゲットとフォーカスとして試みています。

Headers Security Advanced & HSTS WPを使用する前後にサイトを分析します。セキュリティヘッダーは、HTTP セキュリティヘッダーおよび HTTP Strict Transport Security / HSTS のベストプラクティスに従って自己構成されます。

Check HTTP Security Headers on securityheaders.com
Check HTTP Strict Transport Security / HSTS at hstspreload.org
webpagetest.org で WebPageTest を実行してください
Web サイトの HSTS テスト gf.dev/hsts-test を確認してください
Check CSP test website csper.io/evaluator
Check CSP Evaluator csp-evaluator.withgoogle.com
CSP Content Security Policy Generator addons.mozilla.org

このプラグインは定期的に更新されます。限定的なサポートは無料です。フィードバックをお寄せください (バグ、互換性の問題、または次の更新に関する推奨事項)。私たちはいつでも迅速です:-D.

スクリーンショット

HTTPセキュリティヘッダーのチェック (後)
HTTPセキュリティヘッダーのチェック (前)
Check HTTP Strict Transport Security / HSTS (list)
WebPageTest チェック (AFTER)
WebPageTest チェック (BEFORE)
Setting on single site installation
HTTP セキュリティヘッダーの確認 - Serpworx (後)
HTTP セキュリティヘッダーの確認 - Serpworx (前)
Site-wide security setting

インストール

ITALIAN

Vai in Plugin ‘Aggiungi nuovo’.
Cerca Headers Security Advanced & HSTS WP.
Cerca questo plugin, scaricalo e attivalo.
Vai in ‘impostazioni’ > ‘Permalink’. Cambia il tuo url di login alla voce ‘Security Url’.
Puoi cambiare questa opzione quando vuoi, Headers Security Advanced & HSTS WP viene impostato in automatico.

ENGLISH

Go to Plugins ‘Add New’.
Search for Headers Security Advanced & HSTS WP.
Search for this plugin, download and activate it.
You can change this option whenever you want, Headers Security Advanced & HSTS WP is set automatically.

FRANÇAIS

Allez dans Plugins ‘Add new’.
Recherchez Headers Security Advanced & HSTS WP.
Recherchez ce plugin, téléchargez-le et activez-le.
Vous pouvez modifier cette option quand vous le souhaitez, Headers Security Advanced & HSTS WP est réglé automatiquement.

DEUTSCH

Gehen Sie zu Plugins ‘Neu hinzufügen’.
Suchen Sie nach Headers Security Advanced & HSTS WP.
Suchen Sie nach diesem Plugin, laden Sie es herunter und aktivieren Sie es.
Sie können diese Option jederzeit ändern, Headers Security Advanced & HSTS WP wird automatisch eingestellt.

FAQ

どうすれば A+ グレードを取得できますか ?

A+ グレードを獲得するには、サイトがすべての HTTP レスポンスヘッダーを発行し、チェックする必要があります。これは、訪問者のセキュリティを向上させるための高いレベルの取り組みを示しています。

おすすめのヘッダーは ?

HTTP 接続を介して、Content-Security-Policy、X-Content-Type-Options、X-Frame-Options、および X-XSS-Protection を取得します。HTTPS 接続を介して、Strict-Transport-Security と Public-Key-Pins の2つの追加ヘッダーの存在がチェックされます。

プラグインが有効化されると、テストが実行されます (前後): https://securityheaders.com/

プラグインによって速度が低下することはありますか ?

いいえ、Headers Security Advanced & HSTS WP は高速で安全で、SEO や Web サイトの速度には影響しません。

HSTS (Strict Transport Security) とは何ですか ?

これは、サイトが HTTPS で実行されている場合にブラウザに安全な接続を強制的に使用させるソリューションとして作成されました。 Web サーバーに追加され、Strict-Transport-Security として応答ヘッダーに反映されるセキュリティヘッダーです。 HSTS は、次の異常に対処するため必要です。

Preload HSTSの使用前後のチェック

このステップは、ウェブサイトやドメインを承認済みの HSTS リストに送信するために重要です。このリストは Google が公式にまとめたもので、Chrome、Firefox、Opera、Safari、IE11、Edge で使用されています。サイトを公式の HSTS プリロードディレクトリに転送できます。 (‘https://hstspreload.org/’)

どのように HTTP Strict Transport Security (HSTS) を使用しますか

サイトで Preload HSTS を使用する場合は、アクティブ化する前にいくつかの要件があります。

有効な SSL 証明書を取得します。とにかくこれなしでは何もできません。
すべての HTTP トラフィックを HTTPS にリダイレクトする必要があります (永続的な301リダイレクトを使用することをお勧めします)。これは、サイトを HTTPS のみにする必要があることを意味します。
HTTPS ですべてのサブドメインも提供する必要があります。サブドメインがある場合は、SSL 証明書が必要になります。

ベースドメイン (例: example.com) の HSTS ヘッダーは既に構成されているため、プラグインを有効にするだけで済みます。

サイトの HSTS ステータスを確認したい場合は、ここで確認できます: https://hstspreload.org/

バグの報告や機能のリクエストはできますか ?

You can report bugs or request new features right support@tentacleplugins[dot]com

Google の広告技術である FLoC を無効にします

FLoC は、すべてのサイトでのユーザーアクティビティを監視し、その情報をブラウザーに保存し、機械学習を使用してユーザーを同様の関心を持つコホートに配置するメガトラッカーです。このようにして、広告主は同様の関心を持つ人々のグループをターゲットにすることができます。さらに、Google 独自のテストによると、FLoC は Cookie よりも少なくとも95% 多いコンバージョンを達成しています。

FLoC by Google を無効にしているのはどうしてですか ?

Scott Helme は、5月3日の時点で、最初の100万のドメインのうち967が Permissions-Policy ヘッダーで FLoC の interest-cohort を無効にしていると報告しました。そのリストには、The Guardian や IKEA などのいくつかの大きなサイトが含まれていました。

CloudFlare と Headers Security Advanced & を使用できますか ? HSTS WP プラグイン ?

プラグインの更新後に異常が発生していますか ? はいの場合は、次の手順に従ってください : CloudFlare クライアントエリアのキャッシュを直接クリアします。

Cloudflare ダッシュボードにログインし、アカウントとドメインを選択します。
キャッシュ > 構成を選択します。
「キャッシュパージ」で、「カスタムパージ」を選択します。カスタムパージウィンドウが表示されます。
「パージ方法」で、「URL」を選択します。
例に示されている形式を使用して、テキストフィールドに適切な値を入力します。
追加の指示に従ってフォームに記入します。
入力したデータを確認します。
クリックして削除します。

これは、cloudFlare が原因です。

評価

24killen 2023年9月23日

A good common ground

testwp75 2023年9月21日

Some WP experts told me it's better to fix this server side with some HTACCESS rules, so i don't understand the goal of this tool?

amanlikezadok2 2023年9月19日

Since I installed the plugin over a year ago, I haven’t had any issue at all. Keep at it, guys!

raytan12 2023年9月18日

This is a great plugin to have!

banija 2023年8月20日

i think wordpress core should be implement this work by default

mohobook 2023年8月4日

Many thanks for this contribution, it helped us with PCI compliance

48件のレビューをすべて表示

貢献者と開発者

Headers Security Advanced & HSTS WP はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。

“Headers Security Advanced & HSTS WP” は3ロケールに翻訳されています。翻訳者のみなさん、翻訳へのご協力ありがとうございます。

“Headers Security Advanced & HSTS WP” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

コードを閲覧するか、SVN リポジトリをチェックするか、開発ログを RSS で購読してみてください。

変更履歴

5.0.29

5.0.28

5.0.27

5.0.26

5.0.25

5.0.24

5.0.23

5.0.22

We don’t want to tell you what to do, but here’s the point: if you’ve updated the Headers Security Advanced & HSTS WP plugin last time, you’ve seen that when we suggest doing so, we don’t just say it and leave it at that. Well, with this 5.0.22 version we’ve added and fixed a lot (we got rid of some bugs, tidied up some pesky pixels and updated the graphics) and it all works great. Are we agreed? Touch “update” and we’ll provide you with the most beautiful, fastest, and most impressive plugin around. Enjoy!
– Fixed: thanks to @erku’s contribution, several changes were implemented to improve compliance with WordPress coding standards, leaving only a few exceptions necessary for the project to work optimally. Specifically, a PHPCS configuration file was added to handle coding rules and a properly structured composer.json file to handle dependencies. In addition, changes were made to the @alexclassroom translatable strings to improve the consistency and quality of translations within the application. These overall changes help improve code readability, facilitate future maintenance, and ensure better cross-language compatibility for users.
– Fixed: you could encounter errors with multisite and htaccess formatting.

5.0.21

5.0.20

We don’t want to tell you what to do, but here’s the point: if you’ve updated the Headers Security Advanced & HSTS WP plugin last time, you’ve seen that when we suggest doing so, we don’t just say it and leave it at that. Well, with this 5.0.20 version we’ve added and fixed a lot (we got rid of some bugs, tidied up some pesky pixels and updated the graphics) and it all works great. But it’s not all! We’ve also added a brand new and improved interface with a modern design to make your experience even more enjoyable. Are you ready for a new HSTS values customization experience? Do it in style! With the modern and functional interface, you can now customize your HSTS values like a true stylupator! Are we agreed? Touch “update” and we’ll provide you with the most beautiful, fastest, and most impressive plugin around. Enjoy!
– Fixed: solved problem with “best practices” on Lighthouse and Google Insight.
– Fixed: A problem could occur with the concatenation of an object of type string.
– Error Fixed: The plugin generated 237 characters with unexpected output during activation. If you notice “headers already sent” notes, problems with syndication feeds, or other issues, try disabling or removing this plugin.

5.0.19

We don’t want to tell you what to do, but here’s the point: if you’ve updated the Headers Security Advanced & HSTS WP plugin last time, you’ve seen that when we suggest doing so, we don’t just say it and leave it at that. Well, with this 5.0.19 version we’ve added and fixed a lot (we got rid of some bugs, tidied up some pesky pixels and updated the graphics) and it all works great. But it’s not all! We’ve also added a brand new and improved interface with a modern design to make your experience even more enjoyable. Are you ready for a new HSTS values customization experience? Do it in style! With the modern and functional interface, you can now customize your HSTS values like a true stylupator! Are we agreed? Touch “update” and we’ll provide you with the most beautiful, fastest, and most impressive plugin around. Enjoy!
– Fixed: Updated and tested some answers for HSTS preload.
– Fixed: Issue that caused a problem with the CSS selector.
– Fixed: A problem could occur with the concatenation of an object of type string.
– Error Fixed: The plugin generated 237 characters with unexpected output during activation. If you notice “headers already sent” notes, problems with syndication feeds, or other issues, try disabling or removing this plugin.

5.0.18

We don’t want to tell you what to do, but here’s the point: if you’ve updated the Headers Security Advanced & HSTS WP plugin last time, you’ve seen that when we suggest doing so, we don’t just say it and leave it at that. Well, with this 5.0.18 version we’ve added and fixed a lot (we got rid of some bugs, tidied up some pesky pixels and updated the graphics) and it all works great. But it’s not all! We’ve also added a brand new and improved interface with a modern design to make your experience even more enjoyable. Are you ready for a new HSTS values customization experience? Do it in style! With the modern and functional interface, you can now customize your HSTS values like a true stylupator! Are we agreed? Touch “update” and we’ll provide you with the most beautiful, fastest, and most impressive plugin around. Enjoy!
– Fixed: Updated and tested some answers for HSTS preload.
– Update: Donation button (PayPal) has been made independent, this no longer uses fonts by Google.
– Fixed: Issue that caused a problem with the CSS selector.
– Error Fixed: The plugin generated 237 characters with unexpected output during activation. If you notice “headers already sent” notes, problems with syndication feeds, or other issues, try disabling or removing this plugin.

5.0.17

We don’t want to tell you what to do, but here’s the point: if you’ve updated the Headers Security Advanced & HSTS WP plugin last time, you’ve seen that when we suggest doing so, we don’t just say it and leave it at that. Well, with this 5.0.16 version we’ve added and fixed a lot (we got rid of some bugs, tidied up some pesky pixels and updated the graphics) and it all works great. But it’s not all! We’ve also added a brand new and improved interface with a modern design to make your experience even more enjoyable. Are you ready for a new HSTS values customization experience? Do it in style! With the modern and functional interface, you can now customize your HSTS values like a true stylupator! Are we agreed? Touch “update” and we’ll provide you with the most beautiful, fastest, and most impressive plugin around. Enjoy!
– New: added page to customize HSTS header values (max-age, includeSubDomains and Preload).
– New: Beta: We implemented a survey to listen to all users and implement new customization features in the plugin.
– Fixed: Donation button (BuyMeCoffee) has been made independent, this no longer uses fonts by Google.
– Fixed: Updated and tested some answers for HSTS preload.
– Update: Donation button (PayPal) has been made independent, this no longer uses fonts by Google.
– Update: After some testing, the header was implemented to force requests to one’s domain at https://.
– Update: Issue that caused the Plugin blocking social access to be blocked.
– Error Fixed: The plugin generated 237 characters with unexpected output during activation. If you notice “headers already sent” notes, problems with syndication feeds, or other issues, try disabling or removing this plugin.

5.0.16

We don’t want to tell you what to do, but here’s the point: if you’ve updated the Headers Security Advanced & HSTS WP plugin last time, you’ve seen that when we suggest doing so, we don’t just say it and leave it at that. Well, with this 5.0.16 version we’ve added and fixed a lot (we got rid of some bugs, tidied up some pesky pixels and updated the graphics) and it all works great. But it’s not all! We’ve also added a brand new and improved interface with a modern design to make your experience even more enjoyable. Are you ready for a new HSTS values customization experience? Do it in style! With the modern and functional interface, you can now customize your HSTS values like a true stylupator! Are we agreed? Touch “update” and we’ll provide you with the most beautiful, fastest, and most impressive plugin around. Enjoy!
– New: added page to customize HSTS header values (max-age, includeSubDomains and Preload).
– New: Beta: We implemented a survey to listen to all users and implement new customization features in the plugin.
– Fixed: Donation button (BuyMeCoffee) has been made independent, this no longer uses fonts by Google.
– Fixed: Updated and tested some answers for HSTS preload.
– Update: Donation button (PayPal) has been made independent, this no longer uses fonts by Google.
– Update: After some testing, the header was implemented to force requests to one’s domain at https://.
– Update: Issue that caused the Plugin blocking social access to be blocked.

5.0.14

We don’t want to tell you what to do, but here’s the thing: if you updated the Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don’t just say it. Well, with this version 5.0.14 we have added and fixed a lot of things (we got rid of some bugs, fixed some annoying pixels, and refreshed the graphics) and everything works great. Do we agree? Tap “update” and we will give you the best-looking, fastest and most impressive plugin around with the best updates in the world. Enjoy
– New: Donation button (PayPal) has been made independent, this no longer uses fonts by Google.
– New: After some testing, the header was implemented to force requests to one’s domain at https://.
– Fixed: Donation button (BuyMeCoffee) has been made independent, this no longer uses fonts by Google.
– Fixed: Updated and tested some answers for HSTS preload.
– Update: Issue that caused the Plugin blocking social access to be blocked.

5.0.13

We don’t want to tell you what to do, but here’s the thing: if you updated the Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don’t just say it. Well, with this version 5.0.13 we have added and fixed a lot of things (we got rid of some bugs, fixed some annoying pixels, and refreshed the graphics) and everything works great. Do we agree? Tap “update” and we will give you the best-looking, fastest and most impressive plugin around with the best updates in the world. Enjoy
– Update: There could have been problems with accessing the url /wp-admin and causing a 502 error, we found the annoying bug and now everything should work great.
– Update: Donation button (Buy Me Coffee) has been made independent, this no longer uses fonts by Google.
– Fixed: Updated and tested some answers for HSTS preload.
– Fixed: Issue that caused the Plugin blocking social access to be blocked.

5.0.10

ho ho ho merry christmas! We don’t want to tell you what to do, but here’s the thing: if you updated the Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don’t just say it. Well, with this version 5.0.10 we have added and fixed a lot of things (we got rid of some bugs, fixed some annoying pixels, and refreshed the graphics) and everything works great. Do we agree? Tap “update” and we will give you the best-looking, fastest and most impressive plugin around with the best updates in the world. Enjoy
– Fixed: There could have been problems with accessing the url /wp-admin and causing a 502 error, we found the annoying bug and now everything should work great.
– Fixed: Donation button (Buy Me Coffee) has been made independent, this no longer uses fonts by Google.
– Fidex: Exterminated difficult Bugs and optimized loading speed and code optimization.
– Update: updated and tested some answers for HSTS preload.
– Update: Expect-CT functionality has been removed because it is no longer recommended. Although some browsers may still support it, I decided to avoid using it and changed the existing code;
– New: Added instructions on how to perform cache clearing with the CloudFlare service.
– New: Compatibility with WordPress 6.1.1 has been updated.

5.0.06

5.0.05

5.0.04

5.0.03

We don’t want to tell you what to do, but here’s the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 5.0.03 (we’ve exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
– Update: some issues that could occur on some browsers and operating systems that implemented payment systems (Stripe, Paypal) have been resolved and fixed;
– New: new header security directives (Permissions-Policy) have been implemented and tested, here are some directives: new security directives for the header (Permissions-Policy) have been implemented and tested, here are some directives: accelerometer, ambient-light-sensor, autoplay, battery, camera, cross-origin-isolated, display-capture, document-domain, encrypted-media, execution-while-not-rendered, execution-while-out-of-viewport, fullscreen, geolocation, gyroscope, keyboard-map, magnetometer, microphone, midi=, navigation-override, payment, picture-in-picture, publickey-credentials-get, screen-wake-lock, sync-xhr, usb, web-share, xr-spatial-tracking, gamepad, conversion-measurement, focus-without-user-activation, serial, window-placement, vertical-scroll.

5.0.02

5.0.01

We don’t want to tell you what to do, but here’s the thing: if you updated Headers Security Advanced & HSTS WP plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 5.0.01 (we’ve exterminated some bugs, fixed some annoying pixels and refreshed the graphics) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Enjoy
– Fixed: issue with using gateweay of stripe payments (in praticular the use of external layers like checkout.stripe.com);
– Fixed: issue with the use of some stric-dynamic directives that could cause a warning to be displayed in the DOM;
– Update: Fixed eliminated annoying bugs and we are ready to reduce the weight of the plugin by 18%;
– Update: Compatibility with Cloudflare CDN Alternatives, Fastly Deliver, Akamai CDN, CloudFront CDN, Google Cloud CDN, Microsoft Azure CDN , Tata Communications CDN, StackPath CDN.

4.8.98

4.8.96

4.8.94

4.8.93

4.8.92

4.8.91

4.8.90

4.8.89

4.8.88

4.8.86

4.8.85

4.8.6

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 4.8.6 (we’ve improved some crazy programmer stuff) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we’re crazy but we like this one
– Fixed: We have fixed an issue with the X-Frame-Options header;

4.8.3

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 4.8.3 (we’ve improved some crazy programmer stuff) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we’re crazy but we like this one
– Fixed: This is the latest version to fix and make compatible with themes, plugins that could create conflicts with Vimeo and Youtube implementation.

4.8.0

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 4.8.0 (we’ve improved some crazy programmer stuff) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we’re crazy but we like this one
– Fixed: We have fixed some issues with Vimeo viewing

4.7.30

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 4.7.30 (we’ve improved some crazy programmer stuff) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we’re crazy but we like this one
– Fixed: We found some bugs and now the plugin is more optimized and happy 😀
– Fixed: We have fixed some issues with Vimeo viewing
– Update: WordPress 5.9

4.7.20

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this version 4.7.20 (we’ve improved some crazy programmer stuff) and everything works like a charm. So we’re in agreement? Tap “update” and we’ll give you the coolest, fastest and most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we’re crazy but we like this one
– New: WordPress 5.9
– Fixed: We’ve listened to your feedback and have momentarily disabled the ability to customize the url

4.7.15

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.15 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
* Fixed: we have solved the error that was shown in QueryMonitor Undefined property

4.7.1

We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.1 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
* Fixed: “All the little beings that generated errors and bugs have been exterminated. We know we are very attentive to details”
* Update: “Third-party plugin optimization such as cache, cloudflare and redirects”

4.7.0

IMPORTANT: This update optimizes and fixes some issues that may occur with a cache manager.
We don’t want to tell you what to do, but here’s the thing: if you updated the plugin last time, you saw that when we propose to do it, we don’t just say it. Well, we’ve added and fixed a lot of things with this 4.7.0 version (we’ve improved some crazy programmer stuff) and everything works like a charm. So are we on board? Tap on “update” and we’ll give you the coolest, fastest, most awesome plugin out there with the best updates in the world. Now let’s get started right away to the next code and update to do 😀 we are crazy but we like this
* Update: “X Powered By”
* Update: Content Security Policy optimization (CSP Header) and internal testing with Chrome, Firefox, Safari, Edge
* Updated: “accelerometer block”
* Updated: “gyroscope block”
* Updated: “magnetometer block”
* Updated: “usb block”

説明

ENGLISH

スクリーンショット

インストール

ITALIAN

ENGLISH

FRANÇAIS

DEUTSCH

FAQ

どうすれば A+ グレードを取得できますか ?

おすすめのヘッダーは ?

プラグインによって速度が低下することはありますか ?

HSTS (Strict Transport Security) とは何ですか ?

Preload HSTSの使用前後のチェック

どのように HTTP Strict Transport Security (HSTS) を使用しますか

バグの報告や機能のリクエストはできますか ?

Google の広告技術である FLoC を無効にします

FLoC by Google を無効にしているのはどうしてですか ?

CloudFlare と Headers Security Advanced & を使用できますか ? HSTS WP プラグイン ?

評価

貢献者と開発者

開発に興味がありますか ?

変更履歴

5.0.29

5.0.28

5.0.27

5.0.26

5.0.25

5.0.24

5.0.23

5.0.22

5.0.21

5.0.20

5.0.19

5.0.18

5.0.17

5.0.16

5.0.14

5.0.13

5.0.10

5.0.06

5.0.05

5.0.04

5.0.03

5.0.02

5.0.01

4.8.98

4.8.96

4.8.94

4.8.93

4.8.92

4.8.91

4.8.90

4.8.89

4.8.88

4.8.86

4.8.85

4.8.6

4.8.3

4.8.0

4.7.30

4.7.20

4.7.15

4.7.1

4.7.0

メタ

評価

貢献者

サポート

寄付