I have written a simple plugin to send some security http headers. I've tested it on various wordpress installations but on a wordpress multisite network it seems that the headers are not sended. The plugin is active for the entire network and in the .htaccess file there is no instruction to set the headers. Is there any error with my code?
<?php
if(! defined('WPINC') ){
die;
}
class WP_Security_Headers{
public function init(){
add_action('send_headers', array($this, 'set_http_headers'));
}
private function set_http_headers(){
header("Strict-Transport-Security: max-age=31536000; includeSubDomains");
header("Set-Cookie: HttpOnly;Secure");
header("Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' ; img-src 'self' data:; style-src 'self' 'unsafe-inline' ; font-src 'self' data:; object-src 'none'; frame-src ; ");
header("X-Frame-Options: SAMEORIGIN");
header("X-Xss-Protection: 1; mode=block");
header("X-Content-Type-Options: nosniff");
header("Referrer-Policy: strict-origin");
header("X-Pingback: ");
header("X-Powered-By: ");
}
}
$wp_s = new WP_Security_Headers;
$wp_s->init();
?>
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745654964a4638488.html
评论列表(0条)