內容簡介
中文翻譯
Sentinel Headers Unlimited Extension 是一個最佳的免費插件,適用於所有 WordPress 使用者。如果停用此插件,您的網站配置將恢復到之前的狀態。
Sentinel Headers Unlimited Extension 專案實施了 HTTP 回應標頭,可以提高您的網站安全性。插件會自動設置所有最佳做法(您不需要思考任何問題),這些 HTTP 回應標頭可以防止現代瀏覽器遇到易於預測的漏洞。Sentinel Headers Unlimited Extension 專案希望普及並提高所有 WordPress 使用者對這些標頭的意識和使用率。
此插件由 TentaclePlugins 開發,我們關心 WordPress 安全和最佳做法。
請查看 Sentinel Headers Unlimited Extension 的最佳功能:
HSA Limit Login 可以阻止暴力攻擊。
X-XSS-Protection
Expect-CT
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Content-Security-Policy
X-Content-Type-Options
X-Frame-Options
X-Permitted-Cross-Domain-Policies
X-Powered-By
Content-Security-Policy
Referrer-Policy
HTTP Strict Transport Security / HSTS
Content-Security-Policy
Clear-Site-Data
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Permissions-Policy
Strict-dynamic
Strict-Transport-Security
FLoC (Federated Learning of Cohorts)
我們已經花了很多心思,使最重要的服務符合內容安全標準(CSP),以下是一些我們測試和使用的示例:
使用 Google Tag Manager 的 CSP
世界上最流行的標籤管理器
使用 Gravatar 的 CSP
WordPress 和社交網站的頭像服務
使用 WordPress 內部媒體的 CSP
支援 WordPress 媒體
使用 Youtube 嵌入式視頻 SDK 的 CSP
支援 Youtube 嵌入式框架和 JS SDK
使用 CookieLaw 的 CSP
符合法規要求的隱私技術
使用 Mailchimp 的 CSP
支援 Mailchimp 自動化、SDK 和模組
使用 Google Analytics 的 CSP
支援基本的轉換網域,例如:stats.g.doubleclick.net 和 www.google.com
使用 Google Fonts 的 CSP
如果您未在頁面上載入它,則有可能是您的 SDK 之一在使用它
使用 Facebook 的 CSP
支援 Facebook SDK 功能
使用 Stripe 的 CSP
高度安全的在線支付系統
使用 New Relic 的 CSP
這是一個註冊和監控實用程序
使用 Linkedin 標籤 + SDK 的 CSP
支援 Linkedin Insight、Linkedin Ads 和 SDK
使用 OneTrust 的 CSP
OneTrust 支援幫助企業管理隱私要求
使用 Moat 的 CSP
Moat 支援廣告驗證、品牌安全、廣告和覆蓋範圍的測量套件
使用 jQuery 的 CSP
支援 jQuery - JS 函式庫
使用 Twitter Widgets & SDK 的 CSP
支援 Connect、Widgets 和 Twitter 客戶端 SDK
使用 Google 地圖的 CSP
支援 Google 地圖和街景使用的 ggpht
外掛標籤
開發者團隊
② 後台搜尋「Sentinel Headers Unlimited Extension」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
ENGLISH
Sentinel Headers Unlimited Extension is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.
The Sentinel Headers Unlimited Extension project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Sentinel Headers Unlimited Extension project wants to popularize and increase awareness and usage of these headers for all wordpress users.
This plugin is developed by TentaclePlugins, we care about WordPress security and best practices.
Check out the best features of Sentinel Headers Unlimited Extension :
HSA Limit Login to block brute force attacks.
X-XSS-Protection
Expect-CT
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Content-Security-Policy
X-Content-Type-Options
X-Frame-Options
X-Permitted-Cross-Domain-Policies
X-Powered-By
Content-Security-Policy
Referrer-Policy
HTTP Strict Transport Security / HSTS
Content-Security-Policy
Clear-Site-Data
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Permissions-Policy
Strict-dynamic
Strict-Transport-Security
FLoC (Federated Learning of Cohorts)
We’ve put a lot of effort into using the most important services with content security standards (CSP), below are some examples we’ve tested and used:
CSP usage for Google Tag Manager
world’s most popular tag manager
Using CSP for Gravatar
Avatar service for WordPress and Social sites
Using CSP for WordPress Internal Media
support WordPress media
Using CSP for Youtube Embedded Video SDK
support Youtube embedded frames and JS SDK
CSP usage for CookieLaw
privacy technology to meet regulatory requirements
CSP usage for Mailchimp
support for Mailchimp automation, SDK and modules
CSP usage for Google Analytics
support for basic conversion domains such as: stats.g.doubleclick.net and www.google.com
CSP usage for Google Fonts
you’re not loading it on the page, chances are one of your SDKs is using it
Using CSP for **Facebook
support Facebook SDK functionality
Using CSP for Stripe
highly secure online payment system
Using CSP for New Relic
it’s a registration and monitoring utility
Using CSP for Linkedin Tags + SDKs
support Linkedin Insight, Linkedin Ads and SDK
Using CSP for OneTrust
OneTrust support helps companies manage privacy requirements
CSP usage for Moat
Moat support to measurement suite such as: ad verification, brand safety, advertising and coverage
CSP usage for jQuery
support of jQuery – JS library
CSP usage for Twitter Widgets & SDKs
support Connect, Widgets and the Twitter client-side SDK
Using CSP for Google Maps
support Google Maps as The ggpht used by streetview
Using CSP for Quantcast Choice
Quantcast support for privacy such as GDPR and CCPA
CSP usage for Twitter Ads & Analytics
Twitter support for advertising and Analytics
Using CSP for Paypal
PayPal support for online payment system
Using CSP for Drift
Drift and Driftt support
CSP usage for Cookiebot
cookie and tracker support, GDPR/ePrivacy and CCPA compliance
CSP usage for Vimeo Embedded Videos SDK
support frames, JS SDK, Froogaloop integration
Using CSP for AppNexus (now Xandr)
AppNexus support for custom retargeting
Using CSP for Mixpanel
support analytics tool with SDK/JS to collect client-side data
Using CSP for Font Awesome
toolkit support for fonts and icons over CSS and Less
Using CSP for Google reCAPTCHA
reCAPTCHA support for fraud and bot protection
CSP usage for Bootstrap CDN
Bootstrap support for CSS frameworks
Using CSP for HubSpot
Hubspot support with many features, used for monitoring and mkt functionality
Using CSP for Hotjar
Hotjar tracker support for analytics and metrics
Using CSP for WP.com
support for wp.com hosting
Using CSP for Akamai mPulse
support for Akamai mPulse, for origin and perimeter integrations
CSP usage for Cloudflare – Rocket-Loader & Mirage
support for Mirage libraries for performance acceleration
Using CSP for Cloudflare – CDN.js
Cloudflare’s open CDN support with multiple libraries
Using CSP for jsDelivr
support jsDelivr free CDN for Open Source
We have added the ReportUri report service.
All Free Features
The Sentinel Headers Unlimited version includes all the free features.
Sentinel Headers Unlimited Extension is based on OWASP CSRF to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).
HTTP security headers are a critical part of your website’s security. After automatic implementation with Sentinel Headers Unlimited Extension , they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.
We have implemented FLoC (Federated Learning of Cohorts), using best practices. First, using Sentinel Headers Unlimited Extension prevents the browser from including your site in the “cohort calculation” on FLoC (Federated Learning of Cohorts). This means that nothing can call document.interestCohort() to get the FLoC ID of the currently used client. Obviously, this does nothing outside of your currently visited site and does not “disable” FLoC on the client beyond that scope.
Even though FLoC is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special “automatic blocking of FLoC” feature, trying to always offer the best tool with privacy protection and cyber security as main targets and focus.
Analyze your site before and after using *Sentinel Headers Unlimited Extension * security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security / HSTS best practices.
Check HTTP Security Headers on securityheaders.com
Check HTTP Strict Transport Security / HSTS at hstspreload.org
Check WebPageTest at webpagetest.org
Check HSTS test website gf.dev/hsts-test
Check Content Security Policy (CSP) cspscanner.com
This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.
0.0.03
We don’t want to tell you what to do, but here’s the thing: I went over the version of the Sentinel Headers Unlimited Extension 2022 plugin and started with a really crazy, spacey update; if you updated the plugin last time, you saw that when I propose to do it, I don’t just say it. Well, with this version 1.0.03 I have added, corrected, rewritten and tested a lot of code (improving and implementing some really crazy programmer stuff) and everything works like a charm. Do we agree? Tap “update” and I’ll give you the best, fastest, most awesome plugin around with the best updates in the world. Now I am already planning the next updates 😀 I hope you pigeonhole the new features and have fun.
We’ve put a lot of effort into using the most important services with content security standards (CSP), below are some examples we’ve tested and used:
* CSP usage for Google Tag Manager > (world’s most popular tag manager);
* Using CSP for Gravatar > (Avatar service for WordPress and Social sites);
* Using CSP for WordPress Internal Media > (support WordPress media);
* Using CSP for Youtube Embedded Video SDK > (support Youtube embedded frames and JS SDK);
* CSP usage for CookieLaw > (privacy technology to meet regulatory requirements);
* CSP usage for Mailchimp > (support for Mailchimp automation, SDK and modules);
* CSP usage for Google Analytics > (support for basic conversion domains such as: stats.g.doubleclick.net and www.google.com);
* CSP usage for Google Fonts > (you’re not loading it on the page, chances are one of your SDKs is using it);
* Using CSP for Facebook (support Facebook SDK functionality);
* Using CSP for Stripe > (highly secure online payment system);
* Using CSP for New Relic > (it’s a registration and monitoring utility);
* Using CSP for Linkedin Tags + SDKs > (support Linkedin Insight, Linkedin Ads and SDK);
* Using CSP for OneTrust > (OneTrust support helps companies manage privacy requirements);
* CSP usage for Moat > (Moat support to measurement suite such as: ad verification, brand safety, advertising and coverage);
* CSP usage for jQuery > (support of jQuery – JS library);
* CSP usage for Twitter Widgets & SDKs > (support Connect, Widgets and the Twitter client-side SDK);
* Using CSP for Google Maps > (support Google Maps as The ggpht used by streetview);
* Using CSP for Quantcast Choice > (Quantcast support for privacy such as GDPR and CCPA);
* CSP usage for Twitter Ads & Analytics > (Twitter support for advertising and Analytics);
* Using CSP for Paypal > (PayPal support for online payment system);
* Using CSP for Drift > (Drift and Driftt support);
* CSP usage for Cookiebot > (cookie and tracker support, GDPR/ePrivacy and CCPA compliance);
* CSP usage for Vimeo Embedded Videos SDK > (support frames, JS SDK, Froogaloop integration);
* Using CSP for AppNexus (now Xandr) > (AppNexus support for custom retargeting);
* Using CSP for Mixpanel > (support analytics tool with SDK/JS to collect client-side data);
* Using CSP for Font Awesome > (toolkit support for fonts and icons over CSS and Less);
* Using CSP for Google reCAPTCHA > (reCAPTCHA support for fraud and bot protection);
* CSP usage for Bootstrap CDN > (Bootstrap support for CSS frameworks);
* Using CSP for HubSpot > (Hubspot support with many features, used for monitoring and mkt functionality);
* Using CSP for Hotjar > (Hotjar tracker support for analytics and metrics);
* Using CSP for WP.com > (support for wp.com hosting);
* Using CSP for Akamai mPulse > (support for Akamai mPulse, for origin and perimeter integrations);
* CSP usage for Cloudflare – Rocket-Loader & Mirage > (support for Mirage libraries for performance acceleration);
* Using CSP for Cloudflare – CDN.js > (Cloudflare’s open CDN support with multiple libraries);
* Using CSP for jsDelivr > (support jsDelivr free CDN for Open Source);
* We have added the ReportUri report service.
I am working hard to implement more services with CSP (Content-Security-Policy) directives, if you encounter any anomaly please feel free to open a ticket, you can inform us at support@tentacleplugins[dot]com
