Merge remote-tracking branch 'origin/dev' into ot-extensions-AA

CleanTalk · Sep 19, 2023 · de71924 · de71924
2 parents 12043c5 + 5605c81
commit de71924
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -11,4 +11,5 @@ backups
 composer.lock
 psalm.xml
 .editorconfig
-tests/
+/lib/CleantalkSP/Common/Scanner/HeuristicAnalyser/tests/
+/lib/CleantalkSP/Common/Scanner/SignaturesAnalyser/tests/
diff --git a/inc/spbc-settings.php b/inc/spbc-settings.php
@@ -4356,7 +4356,9 @@ function spbc_settings__get_description()
         ),
         'data__additional_headers'    => array(
             'title' => __('Additional Headers', 'security-malware-firewall'),
-            'desc'  => __('"X-Content-Type-Options" improves the security of your site (and your users) against some types of drive-by-downloads. <br> "X-XSS-Protection" header improves the security of your site against some types of XSS (cross-site scripting) attacks.', 'security-malware-firewall')
+            'desc'  => __('"X-Content-Type-Options" improves the security of your site (and your users) against some types of drive-by-downloads. <br> "X-XSS-Protection" header improves the security of your site against some types of XSS (cross-site scripting) attacks.', 'security-malware-firewall') .
+                       '<br>' . esc_html__('"Strict-Transport-Security" the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.', 'security-malware-firewall') .
+                       '<br>' . esc_html__('"Referrer-Policy" make the `Referer` http-header transferring more strictly.', 'security-malware-firewall')
         ),
         'wp__disable_xmlrpc'          => array(
             'title' => __('Disable XML-RPC', 'security-malware-firewall'),

diff --git a/readme.txt b/readme.txt
@@ -129,6 +129,13 @@ You can enable the option “Receive notifications for admin authorizations in y
 = Can CleanTalk Security protect from DDoS? =
 Security FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website, Security FireWall blocks all requests from bad IP addresses. If your website under DDoS attack you will be able to add IPs to your personal BlackList to block all Post and GET requests.
 
+= `Send additional HTTP headers` option =
+There are several additional http-headers which added to the every http-requests by the plugin if this option is enabled:
+- "X-Content-Type-Options" improves the security of your site (and your users) against some types of drive-by-downloads.
+- "X-XSS-Protection" header improves the security of your site against some types of XSS (cross-site scripting) attacks.
+- "Strict-Transport-Security" the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
+- "Referrer-Policy" make the `Referer` http-header transferring more strictly.
+
 == Frequently Asked Questions ==
 
 = Why are they attacking me? =