Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3420349

Timestamp:

12/15/2025 04:20:35 PM (2 months ago)

Author:

kevp75

Message:

fix up some suggestions from plugin checker; remove deprecated and remvoed attrs from permissions; add 9 new ones;

Location:

security-header-generator/trunk

Files:

: 7 edited

languages/security-header-generator.pot (modified) (13 diffs)
readme.txt (modified) (3 diffs)
security-header-generator.php (modified) (1 diff)
work/common.php (modified) (3 diffs)
work/doc.php (modified) (18 diffs)
work/inc/kcp-cspgen-common.php (modified) (11 diffs)
work/inc/kcp-cspgen-settings.php (modified) (12 diffs)

Legend:

: Unmodified
: Added
: Removed

security-header-generator/trunk/languages/security-header-generator.pot

-                      r3420274
+                      r3420349
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "POT-Creation-Date: 2025-12-15 15:14+0000\n"
+"POT-Creation-Date: 2025-12-15 16:18+0000\n"
 "X-Poedit-Basepath: ..\n"
 "X-Poedit-KeywordsList: __;_e;_ex:1,2c;_n:1,2;_n_noop:1,2;_nx:1,2,4c;_nx_noop:1,2,3c;_x:1,2c;esc_attr__;esc_attr_e;esc_attr_x:1,2c;esc_html__;esc_html_e;esc_html_x:1,2c\n"
 …
 #: source/work/common.php:140
+msgid "<h3>PHP Upgrade Notice</h3><p>To maintain the security standards of the <strong>Security Header Generator</strong> plugin this will be the final version that supports PHP versions lower than 8.1. Your site must be upgraded in order to update the plugin to future versions.</p><p>Please see here for up to date PHP version information: <a href='https://www.php.net/supported-versions.php' target='_blank'>https://www.php.net/supported-versions.php</a></p>"
+msgid "PHP Upgrade Notice"
+msgstr ""
+#: source/work/common.php:141
+msgid "To maintain the security standards of the Security Header Generator plugin this will be the final version that supports PHP versions lower than 8.2. Your site must be upgraded in order to update the plugin to future versions."
+msgstr ""
+#: source/work/common.php:142
+msgid "Please see here for up to date PHP version information: https://www.php.net/supported-versions.php"
 msgstr ""
 …
 msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:58
+msgid "Ambient Light Sensor"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:59
+msgid "Controls whether the current document is allowed to gather information about the amount of light in the environment around the device through the AmbientLightSensor interface."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:63
+#: source/work/inc/kcp-cspgen-common.php:65
 msgid "Autoplay"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:64
+#: source/work/inc/kcp-cspgen-common.php:66
 msgid "Controls whether the current document is allowed to autoplay media requested through the HTMLMediaElement interface. When this policy is disabled and there were no user gestures, the Promise returned by HTMLMediaElement.play() will reject with a DOMException. The autoplay attribute on &lt;audio&gt; and &lt;video&gt; elements will be ignored."
 msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:68
+#: source/work/inc/kcp-cspgen-common.php:70
+msgid "Bluetooth"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:71
+msgid "Controls whether the use of the Web Bluetooth API is allowed. When this policy is disabled, the methods of the Bluetooth object returned by Navigator.bluetooth will either return false or reject the returned Promise with a SecurityError DOMException."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:75
 msgid "Camera"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:69
+#: source/work/inc/kcp-cspgen-common.php:76
 msgid "Controls whether the current document is allowed to use video input devices. When this policy is disabled, the Promise returned by getUserMedia() will reject with a NotAllowedError DOMException."
 msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:73
+#: source/work/inc/kcp-cspgen-common.php:80
+msgid "Captured Surface Control"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:81
+msgid "Controls whether the Captured Surface Control feature can be used to programmatically manipulate a display surface being captured (such as a browser tab or window), including scrolling and zooming."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:85
+msgid "Compute Pressure"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:86
+msgid "Controls access to the Compute Pressure API, which allows monitoring of compute pressure (CPU, GPU) on the device."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:90
+msgid "Cross Origin Isolated"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:91
+msgid "Controls whether the document is cross-origin isolated, enabling certain powerful features like SharedArrayBuffer and high-precision timers."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:95
+msgid "Deferred Fetch"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:96
+msgid "Controls whether the current document is allowed to use the fetchLater() API to defer fetch requests until after the document is unloaded."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:100
+msgid "Deferred Fetch Minimal"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:101
+msgid "Controls whether the current document is allowed to use the fetchLater() API with minimal quota restrictions."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:105
 msgid "Display Capture"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:74
+#: source/work/inc/kcp-cspgen-common.php:106
 msgid "Controls whether or not the current document is permitted to use the getDisplayMedia() method to capture screen contents. When this policy is disabled, the promise returned by getDisplayMedia() will reject with a NotAllowedError if permission is not obtained to capture the display's contents."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:78
+#: source/work/inc/kcp-cspgen-common.php:110
 msgid "Encrypted Media"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:79
+#: source/work/inc/kcp-cspgen-common.php:111
 msgid "Controls whether the current document is allowed to use the Encrypted Media Extensions API (EME). When this policy is disabled, the Promise returned by Navigator.requestMediaKeySystemAccess() will reject with a DOMException."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:83
+#: source/work/inc/kcp-cspgen-common.php:115
 msgid "Full Screen"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:84
+#: source/work/inc/kcp-cspgen-common.php:116
 msgid "Controls whether the current document is allowed to use Element.requestFullScreen(). When this policy is disabled, the returned Promise rejects with a TypeError."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:88
+#: source/work/inc/kcp-cspgen-common.php:120
 msgid "Geo Location"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:89
+#: source/work/inc/kcp-cspgen-common.php:121
 msgid "Controls whether the current document is allowed to use the Geolocation Interface. When this policy is disabled, calls to getCurrentPosition() and watchPosition() will cause those functions' callbacks to be invoked with a GeolocationPositionError code of PERMISSION_DENIED"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:93
+#: source/work/inc/kcp-cspgen-common.php:125
 msgid "Gyroscope"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:94
+#: source/work/inc/kcp-cspgen-common.php:126
 msgid "Controls whether the current document is allowed to gather information about the orientation of the device through the Gyroscope interface"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:99
+#: source/work/inc/kcp-cspgen-common.php:131
 msgid "Human Interface Device"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:100
+#: source/work/inc/kcp-cspgen-common.php:132
 msgid "Controls whether the current document is allowed to use the WebHID API to connect to uncommon or exotic human interface devices such as alternative keyboards or gamepads."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:104
+#: source/work/inc/kcp-cspgen-common.php:136
 msgid "Identity Credentials Get"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:105
+#: source/work/inc/kcp-cspgen-common.php:137
 msgid "Controls whether the current document is allowed to use the Federated Credential Management API (FedCM), and more specifically the navigator.credentials.get() method with an identity option."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:109
+#: source/work/inc/kcp-cspgen-common.php:141
 msgid "Idle Detection"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:110
+#: source/work/inc/kcp-cspgen-common.php:142
 msgid "Controls whether the current document is allowed to use the Idle Detection API to detect when users are interacting with their devices, for example to report \"available\"/\"away\" status in chat applications."
 msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:115
+msgid "Magnetometer"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:116
+msgid "Controls whether the current document is allowed to gather information about the orientation of the device through the Magnetometer interface"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:120
+#: source/work/inc/kcp-cspgen-common.php:154
 msgid "Microphone"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:121
+#: source/work/inc/kcp-cspgen-common.php:155
 msgid "Controls whether the current document is allowed to use audio input devices. When this policy is disabled, the Promise returned by MediaDevices.getUserMedia() will reject with a NotAllowedError."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:125
+#: source/work/inc/kcp-cspgen-common.php:159
 msgid "MIDI"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:126
+#: source/work/inc/kcp-cspgen-common.php:160
 msgid "Controls whether the current document is allowed to use the Web MIDI API. When this policy is disabled, the Promise returned by Navigator.requestMIDIAccess() will reject with a DOMException"
 msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:130
+#: source/work/inc/kcp-cspgen-common.php:164
+msgid "OTP Credentials"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:165
+msgid "Controls whether the current document is allowed to use the WebOTP API to request a one-time password (OTP) from a specially-formatted SMS message sent by the app's server."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:169
 msgid "Payment"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:131
+#: source/work/inc/kcp-cspgen-common.php:170
 msgid "Controls whether the current document is allowed to use the Payment Request API. When this policy is enabled, the PaymentRequest() constructor will throw a SecurityError DOMException"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:135
+#: source/work/inc/kcp-cspgen-common.php:174
 msgid "Picture in Picture"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:136
+#: source/work/inc/kcp-cspgen-common.php:175
 msgid "Controls whether the current document is allowed to play a video in a Picture-in-Picture mode via the corresponding API"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:140
 msgid "Publicket Credentials Create"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:141
+#: source/work/inc/kcp-cspgen-common.php:179
+msgid "Publickey Credentials Create"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:180
 msgid "Controls whether the current document is allowed to use the Web Authentication API to create new WebAuthn credentials, i.e., via navigator.credentials.create({publicKey})."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:145
 msgid "Publicket Credentials Get"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:146
+#: source/work/inc/kcp-cspgen-common.php:184
+msgid "Publickey Credentials Get"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:185
 msgid "Controls whether the current document is allowed to use the Web Authentication API to retrieve already stored public-key credentials, i.e. via navigator.credentials.get({publicKey: ..., ...})"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:150
+#: source/work/inc/kcp-cspgen-common.php:189
 msgid "Screen Wake Lock"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:151
+#: source/work/inc/kcp-cspgen-common.php:190
 msgid "Controls whether the current document is allowed to use Screen Wake Lock API to indicate that the device should not dim or turn off the screen."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:155
+#: source/work/inc/kcp-cspgen-common.php:194
 msgid "Serial"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:156
+#: source/work/inc/kcp-cspgen-common.php:195
 msgid "Controls whether the current document is allowed to use the Web Serial API to communicate with serial devices, either directly connected via a serial port, or via USB or Bluetooth devices emulating a serial port."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:160
 msgid "Sync XHR"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:161
 msgid "Controls whether the current document is allowed to make synchronous XMLHttpRequest requests"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:165
+#: source/work/inc/kcp-cspgen-common.php:199
+msgid "Storage Access"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:200
+msgid "Controls whether a document loaded in a third-party context (i.e. embedded in an &lt;iframe&gt;) is allowed to use the Storage Access API to request access to unpartitioned cookies."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:211
 msgid "USB"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:166
+#: source/work/inc/kcp-cspgen-common.php:212
 msgid "Controls whether the current document is allowed to use the WebUSB API"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:170
+#: source/work/inc/kcp-cspgen-common.php:216
 msgid "Web Share"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:171
+#: source/work/inc/kcp-cspgen-common.php:217
 msgid "Controls whether the current document is allowed to use the Navigator.share() method of the Web Share API to share text, links, images, and other content to arbitrary destinations of the user's choice."
 msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:175
+#: source/work/inc/kcp-cspgen-common.php:221
+msgid "Window Management"
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:222
+msgid "Controls whether the current document is allowed to use the Window Management API to manage windows on multiple displays."
+msgstr ""
+#: source/work/inc/kcp-cspgen-common.php:226
 msgid "XR Spatial Tracking"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:176
+#: source/work/inc/kcp-cspgen-common.php:227
 msgid "Controls whether or not the current document is allowed to use the WebXR Device API to interact with a WebXR session"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:207
+#: source/work/inc/kcp-cspgen-common.php:258
 msgid "Base URI"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:208
+#: source/work/inc/kcp-cspgen-common.php:259
 msgid "Restricts the URLs which can be used in a document's <base> element. If this value is absent, then any URI is allowed."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:212
+#: source/work/inc/kcp-cspgen-common.php:263
 msgid "Child Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:213
+#: source/work/inc/kcp-cspgen-common.php:264
 msgid "Defines the valid sources for web workers and nested browsing contexts loaded using elements such as &lt;frame&gt; and &lt;iframe&gt;."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:217
+#: source/work/inc/kcp-cspgen-common.php:268
 msgid "Connect/Ajax/XHR Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:218
+#: source/work/inc/kcp-cspgen-common.php:269
 msgid "Restricts the URLs which can be loaded using script interfaces"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:222
+#: source/work/inc/kcp-cspgen-common.php:273
 msgid "Default Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:223
+#: source/work/inc/kcp-cspgen-common.php:274
 msgid "Serves as a fallback for the other fetch directives."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:227
+#: source/work/inc/kcp-cspgen-common.php:278
 msgid "Font Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:228
+#: source/work/inc/kcp-cspgen-common.php:279
 msgid "Specifies valid sources for fonts loaded using @font-face."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:232
+#: source/work/inc/kcp-cspgen-common.php:283
 msgid "Form Action"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:233
+#: source/work/inc/kcp-cspgen-common.php:284
 msgid "Restricts the URLs which can be used as the target of a form submissions from a given context."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:237
+#: source/work/inc/kcp-cspgen-common.php:288
 msgid "Frame Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:238
+#: source/work/inc/kcp-cspgen-common.php:289
 msgid "Specifies valid sources for nested browsing contexts loading using elements such as &lt;frame&gt; and &lt;iframe&gt;."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:242
+#: source/work/inc/kcp-cspgen-common.php:293
 msgid "Frame Ancestors"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:243
+#: source/work/inc/kcp-cspgen-common.php:294
 msgid "Specifies valid parents that may embed a page using &lt;frame&gt;, &lt;iframe&gt;, &lt;object&gt;, &lt;embed&gt;, or &lt;applet&gt;."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:247
+#: source/work/inc/kcp-cspgen-common.php:298
 msgid "Image Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:248
+#: source/work/inc/kcp-cspgen-common.php:299
 msgid "Specifies valid sources of images and favicons."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:252
+#: source/work/inc/kcp-cspgen-common.php:303
 msgid "Manifest Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:253
+#: source/work/inc/kcp-cspgen-common.php:304
 msgid "Specifies valid sources of application manifest files."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:257
+#: source/work/inc/kcp-cspgen-common.php:308
 msgid "Media Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:258
+#: source/work/inc/kcp-cspgen-common.php:309
 msgid "Specifies valid sources for loading media using the &lt;audio&gt; , &lt;video&gt; and &lt;track&gt; elements."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:262
+#: source/work/inc/kcp-cspgen-common.php:313
 msgid "Object Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:263
+#: source/work/inc/kcp-cspgen-common.php:314
 msgid "Specifies valid sources for the &lt;object&gt;, &lt;embed&gt;, and &lt;applet&gt; elements."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:267
+#: source/work/inc/kcp-cspgen-common.php:318
 msgid "Sandbox"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:268
+#: source/work/inc/kcp-cspgen-common.php:319
 msgid "Applies restrictions to a page's actions including preventing popups, preventing the execution of plugins and scripts, and enforcing a same-origin policy. Please see here for more information: <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox\" target=\"_blank\">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox</a>"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:272
+#: source/work/inc/kcp-cspgen-common.php:323
 msgid "Script Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:273
+#: source/work/inc/kcp-cspgen-common.php:324
 msgid "Specifies valid sources for JavaScript."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:277
+#: source/work/inc/kcp-cspgen-common.php:328
 msgid "Script Source Elements"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:278
+#: source/work/inc/kcp-cspgen-common.php:329
 msgid "Specifies valid sources for JavaScript &lt;script&gt; elements."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:282
+#: source/work/inc/kcp-cspgen-common.php:333
 msgid "Script Source Attributes"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:283
+#: source/work/inc/kcp-cspgen-common.php:334
 msgid "Specifies valid sources for JavaScript inline event handlers."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:287
+#: source/work/inc/kcp-cspgen-common.php:338
 msgid "Style Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:288
+#: source/work/inc/kcp-cspgen-common.php:339
 msgid "Specifies valid sources for stylesheets."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:292
+#: source/work/inc/kcp-cspgen-common.php:343
 msgid "Style Source Elements"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:293
+#: source/work/inc/kcp-cspgen-common.php:344
 msgid "Specifies valid sources for stylesheets &lt;style&gt; elements and &lt;link&gt; elements with rel=\"stylesheet\"."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:297
+#: source/work/inc/kcp-cspgen-common.php:348
 msgid "Style Source Attributes"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:298
+#: source/work/inc/kcp-cspgen-common.php:349
 msgid "Specifies valid sources for inline styles applied to individual DOM elements."
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:302
+#: source/work/inc/kcp-cspgen-common.php:353
 msgid "Worker Source"
 msgstr ""
 #: source/work/inc/kcp-cspgen-common.php:303
+#: source/work/inc/kcp-cspgen-common.php:354
 msgid "Specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts."
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:135, source/work/inc/kcp-cspgen-settings.php:154
 msgid "<p><strong>NOTE</strong><br />Make sure to check your web browsers <strong>Development Tools</strong> once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.</p>"
+msgid "<p>NOTE<br />Make sure to check your web browsers Development Tools once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.</p>"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:144
 msgid "<p><strong>NOTE</strong><br />Make sure to check your web browsers <strong>Development Tools</strong> once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.<br /><br /><strong>Suggested:</strong><br />Add your domains to the necessary attribute prior to adding the external resource...</p>"
+msgid "<p>NOTE<br />Make sure to check your web browsers Development Tools once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.<br /><br />Suggested:<br />Add your domains to the necessary attribute prior to adding the external resource...</p>"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:219
 msgid "This will attempt to apply all headers to the REST API of your site.<br /><strong>NOTE:</strong> Due to the default nature of the REST API, the headers will also be applied to the admin areas of the website. You will need to check for breakages after applying."
+msgid "This will attempt to apply all headers to the REST API of your site.<br />NOTE: Due to the default nature of the REST API, the headers will also be applied to the admin areas of the website. You will need to check for breakages after applying."
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:247
 msgid "<strong>Include Subdomains?</strong>"
+msgid "Include Subdomains?"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:257
 msgid "<strong>Preload?</strong>"
+msgid "Preload?"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:310
 msgid "Select the methods you wish to allow.<br /><strong>NOTE:</strong> Most public websites require at least GET to be viewable online.<br /><strong>NOTE 2:</strong> This will block unselected methods."
+msgid "Select the methods you wish to allow.<br />NOTE: Most public websites require at least GET to be viewable online.<br />NOTE 2: This will block unselected methods."
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:351
 msgid "Set the allowed access origin here.  Can either be an asterisk: <code>*</code>, or a FQDN URL: <code>https://example.com</code><br /><strong>NOTE: </strong>If nothing is put in here, we will default to <code>*</code>"
+msgid "Set the allowed access origin here.  Can either be an asterisk: <code>*</code>, or a FQDN URL: <code>https://example.com</code><br />NOTE: If nothing is put in here, we will default to <code>*</code>"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:552
 msgid "<strong>Basic Auth Username</strong>"
+msgid "Basic Auth Username"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:564
 msgid "<strong>Basic Auth Password</strong>"
+msgid "Basic Auth Password"
 msgstr ""
 …
 #: source/work/inc/kcp-cspgen-settings.php:701
 msgid "Setting this will add another header to configure browser and frame permissions. See here for more information: <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy\" target=\"_blank\">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy</a><br /><br /><strong>NOTE: </strong> Some of these features are not implemented for all browsers, and/or could be experimental.  Please read through that information and decide what features you need, and what audiences you need to apply to."
+msgid "Setting this will add another header to configure browser and frame permissions. See here for more information: <a href=\"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy\" target=\"_blank\">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy</a><br /><br />NOTE:  Some of these features are not implemented for all browsers, and/or could be experimental.  Please read through that information and decide what features you need, and what audiences you need to apply to."
 msgstr ""

security-header-generator/trunk/readme.txt

-                      r3420274
+                      r3420349
 Tested up to: 7.0
 Requires PHP: 8.2
 Stable tag: 5.3.67
+Stable tag: 5.3.77
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 5.3.77 =
+* Update: Fixes for "plugin checker"
+* Remove: Permissions-Policy: ambient-light-sensor
+    * Not compatible with any browsers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/ambient-light-sensor
+* Remove: Permissions-Policy: magnetometer
+    * Not compatible with any browsers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy/magnetometer
+* Remove: Permissions-Policy: sync-xhr
+    * Completely removed from spec
+* Add: The following list of Permissions-Policy attributes:
+    * bluetooth
+    * captured-surface-control
+    * compute-pressure
+    * cross-origin-isolated
+    * deferred-fetch
+    * deferred-fetch-minimal
+    * otp-credentials
+    * storage-access
+    * window-management
 = 5.3.67 =
 * Verify: Core 7.0
 …
 * Update: Defaults for WordPress
     * JS controller was causing issues with fields no populating properly
-* Update: Documentation
 * Remove: Enforce Certificate Transparency
     * Deprecated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Expect-CT

security-header-generator/trunk/security-header-generator.php

-                      r3420274
+                      r3420349
 Requires at least: 6.0.9
 Requires PHP: 8.2
+Version: 5.3.67
+Network: false
+Version: 5.3.77
 Text Domain: security-header-generator
 License: GPLv3
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
-Update URI: https://wordpress.org/plugins/security-header-generator/
 */

security-header-generator/trunk/work/common.php

-                      r3303531
+                      r3420349
         // it is, so throw and error message and exit
         wp_die( __( '<h1>PHP To Low</h1><p>Due to the nature of this plugin, it cannot be run on lower versions of PHP.</p><p>Please contact your hosting provider to upgrade your site to at least version 8.1.</p>', 'security-header-generator' ),
             __( 'Cannot Activate: PHP To Low', 'security-header-generator' ),
+        wp_die( esc_html_e( '<h1>PHP To Low</h1><p>Due to the nature of this plugin, it cannot be run on lower versions of PHP.</p><p>Please contact your hosting provider to upgrade your site to at least version 8.1.</p>', 'security-header-generator' ),
+            esc_html_e( 'Cannot Activate: PHP To Low', 'security-header-generator' ),
             array(
                 'back_link' => true,
 …
         // we did, so... throw an error message and exit
         wp_die(
             __( '<h1>Cannot Network Activate</h1><p>Due to the nature of this plugin, it cannot be network activated.</p><p>Please go back, and activate inside your subsites.</p>', 'security-header-generator' ),
             __( 'Cannot Network Activate', 'security-header-generator' ),
+            esc_html_e( '<h1>Cannot Network Activate</h1><p>Due to the nature of this plugin, it cannot be network activated.</p><p>Please go back, and activate inside your subsites.</p>', 'security-header-generator' ),
+            esc_html_e( 'Cannot Network Activate', 'security-header-generator' ),
             array(
                 'back_link' => true,
 …
     add_action( 'admin_notices', function( ) : void {
         // if the site is under PHP 8.1
         if ( version_compare( PHP_VERSION, '8.1', '<=' ) ) {
+        // if the site is under PHP 8.2
+        if ( version_compare( PHP_VERSION, '8.2', '<=' ) ) {
             // show this notice
             ?>
             <div class="notice notice-info is-dismissible">
+                <p><?php _e( "<h3>PHP Upgrade Notice</h3><p>To maintain the security standards of the <strong>Security Header Generator</strong> plugin this will be the final version that supports PHP versions lower than 8.1. Your site must be upgraded in order to update the plugin to future versions.</p><p>Please see here for up to date PHP version information: <a href='https://www.php.net/supported-versions.php' target='_blank'>https://www.php.net/supported-versions.php</a></p>", 'security-header-generator' ); ?></p>
+                <h3><?php esc_html_e( "PHP Upgrade Notice", 'security-header-generator' ); ?></h3>
+                <p><?php esc_html_e( "To maintain the security standards of the Security Header Generator plugin this will be the final version that supports PHP versions lower than 8.2. Your site must be upgraded in order to update the plugin to future versions.", 'security-header-generator' ); ?>
+                <p><?php esc_html_e( "Please see here for up to date PHP version information: https://www.php.net/supported-versions.php", 'security-header-generator' ); ?></p>
             </div>
         <?php

security-header-generator/trunk/work/doc.php

-                      r3420274
+                      r3420349
+    }
 </style>
     <p><?php _e( 'This plugin generates the proper security HTTP response headers and generates a Content Security Policy if configured to do so', 'security-header-generator' ); ?>.</p>
     <h3 id="install"><?php _e( 'Install', 'security-header-generator' ); ?></h3>
+    <p><?php esc_html_e( 'This plugin generates the proper security HTTP response headers and generates a Content Security Policy if configured to do so', 'security-header-generator' ); ?>.</p>
+    <h3 id="install"><?php esc_html_e( 'Install', 'security-header-generator' ); ?></h3>
     <ul class="the_list">
         <li><?php _e( 'Download the plugin, unzip it, and upload to your sites', 'security-header-generator' ); ?> <code>/wp-content/plugins/</code> <?php _e( 'directory', 'security-header-generator' ); ?>
+        <li><?php esc_html_e( 'Download the plugin, unzip it, and upload to your sites', 'security-header-generator' ); ?> <code>/wp-content/plugins/</code> <?php esc_html_e( 'directory', 'security-header-generator' ); ?>
             <ul class="the_list">
                 <li><?php _e( 'You can also upload it directly to your Plugins admin', 'security-header-generator' ); ?></li>
+                <li><?php esc_html_e( 'You can also upload it directly to your Plugins admin', 'security-header-generator' ); ?></li>
             </ul>
         </li>
         <li><?php _e( 'Activate the plugin through the "Plugins" menu in WordPress', 'security-header-generator' ); ?></li>
+        <li><?php esc_html_e( 'Activate the plugin through the "Plugins" menu in WordPress', 'security-header-generator' ); ?></li>
     </ul>
     <h3 id="usage"><?php _e( 'Usage', 'security-header-generator' ); ?></h3>
     <p><?php _e( 'Head over to the admin section of your site and click "Security Headers", configure how you need it to be configured. The configured headers will automatically be implemented.', 'security-header-generator' ); ?></p>
     <h3 id="gotcha"><?php _e( 'IMPORTANT: Hosting Environment Considerations', 'security-header-generator' ); ?></h3>
     <p><?php _e( 'If your hosting environment is already setting these headers, most likely your settings in this plugin will <strong>NOT</strong> override the values you specify', 'security-header-generator' ); ?>.</p>
     <p><?php _e( 'If this is the case, please check with your hosting company or review your server configuration for headers being set. The plugin will do its best to override them, but in some environments this is just not possible', 'security-header-generator' ); ?>.</p>
     <h3 id="settings"><?php _e( 'Settings Overview', 'security-header-generator' ); ?></h3>
+    <h3 id="usage"><?php esc_html_e( 'Usage', 'security-header-generator' ); ?></h3>
+    <p><?php esc_html_e( 'Head over to the admin section of your site and click "Security Headers", configure how you need it to be configured. The configured headers will automatically be implemented.', 'security-header-generator' ); ?></p>
+    <h3 id="gotcha"><?php esc_html_e( 'IMPORTANT: Hosting Environment Considerations', 'security-header-generator' ); ?></h3>
+    <p><?php esc_html_e( 'If your hosting environment is already setting these headers, most likely your settings in this plugin will <strong>NOT</strong> override the values you specify', 'security-header-generator' ); ?>.</p>
+    <p><?php esc_html_e( 'If this is the case, please check with your hosting company or review your server configuration for headers being set. The plugin will do its best to override them, but in some environments this is just not possible', 'security-header-generator' ); ?>.</p>
+    <h3 id="settings"><?php esc_html_e( 'Settings Overview', 'security-header-generator' ); ?></h3>
     <ul class="the_list">
         <li><h3><?php _e( 'Standard Security Headers Tab', 'security-header-generator' ); ?></h3>
             <p><?php _e( 'This tab controls the basic security headers that protect your website from common attacks and vulnerabilities.', 'security-header-generator' ); ?></p>
+        <li><h3><?php esc_html_e( 'Standard Security Headers Tab', 'security-header-generator' ); ?></h3>
+            <p><?php esc_html_e( 'This tab controls the basic security headers that protect your website from common attacks and vulnerabilities.', 'security-header-generator' ); ?></p>
             <ul class="the_list">
                 <li>
                     <strong><?php _e( 'Apply to Admin', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li><?php _e( 'Choose whether to apply these security headers to the WordPress admin area in addition to your public-facing website. Enabling this provides protection for your admin panel as well.', 'security-header-generator' ); ?></li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Apply to the REST API', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li><?php _e( 'Choose whether to apply these headers to your WordPress REST API. <strong>NOTE:</strong> Because of how WordPress works, enabling this will also apply headers to the admin areas. Test thoroughly after enabling to ensure nothing breaks.', 'security-header-generator' ); ?></li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Strict Transport Security', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'This forces browsers to only access your site over HTTPS (secure connections), preventing downgrade attacks where someone might try to force an insecure HTTP connection.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                    <strong><?php esc_html_e( 'Apply to Admin', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li><?php esc_html_e( 'Choose whether to apply these security headers to the WordPress admin area in addition to your public-facing website. Enabling this provides protection for your admin panel as well.', 'security-header-generator' ); ?></li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Apply to the REST API', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li><?php esc_html_e( 'Choose whether to apply these headers to your WordPress REST API. <strong>NOTE:</strong> Because of how WordPress works, enabling this will also apply headers to the admin areas. Test thoroughly after enabling to ensure nothing breaks.', 'security-header-generator' ); ?></li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Strict Transport Security', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'This forces browsers to only access your site over HTTPS (secure connections), preventing downgrade attacks where someone might try to force an insecure HTTP connection.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Configuration options:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong><?php _e( 'Cache Age:', 'security-header-generator' ); ?></strong> <?php _e( 'How long (in seconds) browsers should remember to only use HTTPS. Default is 31536000 (1 year).', 'security-header-generator' ); ?></li>
                                 <li><strong><?php _e( 'Include Subdomains:', 'security-header-generator' ); ?></strong> <?php _e( 'Apply this rule to all subdomains (like blog.yoursite.com, shop.yoursite.com). Only enable if ALL your subdomains use HTTPS.', 'security-header-generator' ); ?></li>
                                 <li><strong><?php _e( 'Preload:', 'security-header-generator' ); ?></strong> <?php _e( 'Submit your site to browsers\' preload lists for maximum security. If enabled, change Cache Age to 63072000 (2 years). Learn more:', 'security-header-generator' ); ?> <a href="https://hstspreload.org/" target="_blank">https://hstspreload.org/</a></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Frame Sources', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Controls whether other websites can display your site in an iframe or frame. This prevents "clickjacking" attacks where attackers trick users by embedding your site invisibly.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Configuration options:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong><?php esc_html_e( 'Cache Age:', 'security-header-generator' ); ?></strong> <?php esc_html_e( 'How long (in seconds) browsers should remember to only use HTTPS. Default is 31536000 (1 year).', 'security-header-generator' ); ?></li>
+                                <li><strong><?php esc_html_e( 'Include Subdomains:', 'security-header-generator' ); ?></strong> <?php esc_html_e( 'Apply this rule to all subdomains (like blog.yoursite.com, shop.yoursite.com). Only enable if ALL your subdomains use HTTPS.', 'security-header-generator' ); ?></li>
+                                <li><strong><?php esc_html_e( 'Preload:', 'security-header-generator' ); ?></strong> <?php esc_html_e( 'Submit your site to browsers\' preload lists for maximum security. If enabled, change Cache Age to 63072000 (2 years). Learn more:', 'security-header-generator' ); ?> <a href="https://hstspreload.org/" target="_blank">https://hstspreload.org/</a></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Frame Sources', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Controls whether other websites can display your site in an iframe or frame. This prevents "clickjacking" attacks where attackers trick users by embedding your site invisibly.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Options:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>DENY:</strong> <?php _e( 'Block all websites from framing your site (most secure)', 'security-header-generator' ); ?></li>
                                 <li><strong>SAMEORIGIN:</strong> <?php _e( 'Only allow your own domain to frame your site (useful if you need iframes on your own site)', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Access Control Methods', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Controls which HTTP request methods (like GET, POST, etc.) external websites can use when accessing your site. This is useful for API security.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Options:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong>DENY:</strong> <?php esc_html_e( 'Block all websites from framing your site (most secure)', 'security-header-generator' ); ?></li>
+                                <li><strong>SAMEORIGIN:</strong> <?php esc_html_e( 'Only allow your own domain to frame your site (useful if you need iframes on your own site)', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Access Control Methods', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Controls which HTTP request methods (like GET, POST, etc.) external websites can use when accessing your site. This is useful for API security.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Select which methods to allow. Most public websites need at least GET (for viewing pages). Clicking "Allow All" will check or uncheck all options. <strong>Note:</strong> Unselected methods will be blocked.', 'security-header-generator' ); ?>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Access Control Credentials', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Allows browsers to send cookies and authentication information when JavaScript makes requests to your site. Useful for AJAX-based features and API calls that require user authentication.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Select which methods to allow. Most public websites need at least GET (for viewing pages). Clicking "Allow All" will check or uncheck all options. <strong>Note:</strong> Unselected methods will be blocked.', 'security-header-generator' ); ?>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Access Control Credentials', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Allows browsers to send cookies and authentication information when JavaScript makes requests to your site. Useful for AJAX-based features and API calls that require user authentication.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Default is Yes. Most modern websites need this enabled for JavaScript-driven features to work properly.', 'security-header-generator' ); ?>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Access Control Origin', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Specifies which external websites can access your site\'s resources. This helps prevent unauthorized cross-site requests.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Default is Yes. Most modern websites need this enabled for JavaScript-driven features to work properly.', 'security-header-generator' ); ?>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Access Control Origin', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Specifies which external websites can access your site\'s resources. This helps prevent unauthorized cross-site requests.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Enter a specific domain (like <code>https://example.com</code>) or use <code>*</code> to allow all domains. If left empty, defaults to <code>*</code>.', 'security-header-generator' ); ?>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Prevent MimeType Sniffing', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Stops browsers from trying to "guess" the type of files you serve. This prevents attackers from disguising malicious files as safe ones.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Enter a specific domain (like <code>https://example.com</code>) or use <code>*</code> to allow all domains. If left empty, defaults to <code>*</code>.', 'security-header-generator' ); ?>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Prevent MimeType Sniffing', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Stops browsers from trying to "guess" the type of files you serve. This prevents attackers from disguising malicious files as safe ones.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options</a>
                                 </li>
 …
                 </li>
                 <li>
                     <strong><?php _e( 'Origin Referrers', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Controls how much information about your site is shared when users click links to external websites. This protects user privacy.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                    <strong><?php esc_html_e( 'Origin Referrers', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Controls how much information about your site is shared when users click links to external websites. This protects user privacy.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Policy options (from most private to least private):', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>no-referrer:</strong> <?php _e( 'Share no information at all', 'security-header-generator' ); ?></li>
                                 <li><strong>strict-origin:</strong> <?php _e( 'Only share your domain name, only on secure (HTTPS) connections (recommended)', 'security-header-generator' ); ?></li>
                                 <li><strong>origin:</strong> <?php _e( 'Only share your domain name', 'security-header-generator' ); ?></li>
                                 <li><strong>same-origin:</strong> <?php _e( 'Share full URL within your own site, but only domain for external sites', 'security-header-generator' ); ?></li>
                                 <li><strong>strict-origin-when-cross-origin:</strong> <?php _e( 'Share full URL on your site, domain only for external sites (on secure connections)', 'security-header-generator' ); ?></li>
                                 <li><strong>origin-when-cross-origin:</strong> <?php _e( 'Share full URL on your site, domain only for external sites', 'security-header-generator' ); ?></li>
                                 <li><strong>no-referrer-when-downgrade:</strong> <?php _e( 'Share full URL except when moving from HTTPS to HTTP', 'security-header-generator' ); ?></li>
                                 <li><strong>unsafe-url:</strong> <?php _e( 'Always share full URL (least private)', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Force Downloads', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Forces certain files to be downloaded rather than opened directly in the browser. This adds an extra layer of security for file handling.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><?php _e( 'Learn more:', 'security-header-generator' ); ?> <a target="_blank" href="https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions">https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions</a></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Cross Domain Origins', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Blocks cross-domain access for PDFs and Flash content embedded on your site. This prevents certain types of attacks using these file types.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Policy options (from most private to least private):', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong>no-referrer:</strong> <?php esc_html_e( 'Share no information at all', 'security-header-generator' ); ?></li>
+                                <li><strong>strict-origin:</strong> <?php esc_html_e( 'Only share your domain name, only on secure (HTTPS) connections (recommended)', 'security-header-generator' ); ?></li>
+                                <li><strong>origin:</strong> <?php esc_html_e( 'Only share your domain name', 'security-header-generator' ); ?></li>
+                                <li><strong>same-origin:</strong> <?php esc_html_e( 'Share full URL within your own site, but only domain for external sites', 'security-header-generator' ); ?></li>
+                                <li><strong>strict-origin-when-cross-origin:</strong> <?php esc_html_e( 'Share full URL on your site, domain only for external sites (on secure connections)', 'security-header-generator' ); ?></li>
+                                <li><strong>origin-when-cross-origin:</strong> <?php esc_html_e( 'Share full URL on your site, domain only for external sites', 'security-header-generator' ); ?></li>
+                                <li><strong>no-referrer-when-downgrade:</strong> <?php esc_html_e( 'Share full URL except when moving from HTTPS to HTTP', 'security-header-generator' ); ?></li>
+                                <li><strong>unsafe-url:</strong> <?php esc_html_e( 'Always share full URL (least private)', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Force Downloads', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Forces certain files to be downloaded rather than opened directly in the browser. This adds an extra layer of security for file handling.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?> <a target="_blank" href="https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions">https://www.nwebsec.com/HttpHeaders/SecurityHeaders/XDownloadOptions</a></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Cross Domain Origins', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Blocks cross-domain access for PDFs and Flash content embedded on your site. This prevents certain types of attacks using these file types.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Permitted-Cross-Domain-Policies">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Permitted-Cross-Domain-Policies</a>
                                 </li>
 …
                 </li>
                 <li>
                     <strong><?php _e( 'Upgrade Insecure Requests', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Automatically upgrades all insecure (HTTP) requests to secure (HTTPS) requests. This ensures all resources load securely even if old links reference HTTP.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                    <strong><?php esc_html_e( 'Upgrade Insecure Requests', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Automatically upgrades all insecure (HTTP) requests to secure (HTTPS) requests. This ensures all resources load securely even if old links reference HTTP.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade-Insecure-Requests">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade-Insecure-Requests</a>
                                 </li>
 …
                 </li>
                 <li>
                     <strong><?php _e( 'Cross Origin Embedder Policy', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Controls how your site can embed resources from other domains. This prevents certain types of attacks involving embedded content.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                    <strong><?php esc_html_e( 'Cross Origin Embedder Policy', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Controls how your site can embed resources from other domains. This prevents certain types of attacks involving embedded content.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Options:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>unsafe-none:</strong> <?php _e( 'Allow embedding external resources without explicit permission (default, less secure)', 'security-header-generator' ); ?></li>
                                 <li><strong>require-corp:</strong> <?php _e( 'Only allow resources explicitly marked as embeddable (more secure, may require configuration)', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Cross Origin Resource Policy', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Controls which websites can load resources (images, scripts, etc.) from your site. This prevents unauthorized use of your content.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Options:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong>unsafe-none:</strong> <?php esc_html_e( 'Allow embedding external resources without explicit permission (default, less secure)', 'security-header-generator' ); ?></li>
+                                <li><strong>require-corp:</strong> <?php esc_html_e( 'Only allow resources explicitly marked as embeddable (more secure, may require configuration)', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Cross Origin Resource Policy', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Controls which websites can load resources (images, scripts, etc.) from your site. This prevents unauthorized use of your content.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy">https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Options:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>same-origin:</strong> <?php _e( 'Only your exact domain can use your resources (most secure)', 'security-header-generator' ); ?></li>
                                 <li><strong>same-site:</strong> <?php _e( 'Your domain and subdomains can use your resources', 'security-header-generator' ); ?></li>
                                 <li><strong>cross-origin:</strong> <?php _e( 'Any website can use your resources (least secure)', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Cross Origin Opener Policy', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Controls whether other websites can access your site when opened in popups or new tabs. This prevents certain cross-site attacks.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li>
                                     <?php _e( 'Learn more:', 'security-header-generator' ); ?>
+                            <?php esc_html_e( 'Options:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong>same-origin:</strong> <?php esc_html_e( 'Only your exact domain can use your resources (most secure)', 'security-header-generator' ); ?></li>
+                                <li><strong>same-site:</strong> <?php esc_html_e( 'Your domain and subdomains can use your resources', 'security-header-generator' ); ?></li>
+                                <li><strong>cross-origin:</strong> <?php esc_html_e( 'Any website can use your resources (least secure)', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Cross Origin Opener Policy', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Controls whether other websites can access your site when opened in popups or new tabs. This prevents certain cross-site attacks.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li>
+                                    <?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?>
                                     <a target="_blank" href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy</a>
                                 </li>
 …
                         </li>
                         <li>
                             <?php _e( 'Options:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>unsafe-none:</strong> <?php _e( 'Allow normal popup/tab behavior (default)', 'security-header-generator' ); ?></li>
                                 <li><strong>same-origin-allow-popups:</strong> <?php _e( 'Allow popups but isolate from other origins', 'security-header-generator' ); ?></li>
                                 <li><strong>same-origin:</strong> <?php _e( 'Complete isolation from other origins (most secure)', 'security-header-generator' ); ?></li>
+                            <?php esc_html_e( 'Options:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong>unsafe-none:</strong> <?php esc_html_e( 'Allow normal popup/tab behavior (default)', 'security-header-generator' ); ?></li>
+                                <li><strong>same-origin-allow-popups:</strong> <?php esc_html_e( 'Allow popups but isolate from other origins', 'security-header-generator' ); ?></li>
+                                <li><strong>same-origin:</strong> <?php esc_html_e( 'Complete isolation from other origins (most secure)', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
 …
         </li>
         <li><h3><?php _e( 'Content Security Policy Tab', 'security-header-generator' ); ?></h3>
             <p><?php _e( 'Content Security Policy (CSP) is an advanced security feature that controls which external resources your website can load. This prevents many types of attacks including Cross-Site Scripting (XSS).', 'security-header-generator' ); ?></p>
+        <li><h3><?php esc_html_e( 'Content Security Policy Tab', 'security-header-generator' ); ?></h3>
+            <p><?php esc_html_e( 'Content Security Policy (CSP) is an advanced security feature that controls which external resources your website can load. This prevents many types of attacks including Cross-Site Scripting (XSS).', 'security-header-generator' ); ?></p>
             <ul class="the_list">
                 <li>
                     <strong><?php _e( 'Generate CSP', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Enable this to create a Content Security Policy for your site. This will show many additional fields where you can specify which external resources (scripts, styles, images, etc.) are allowed to load.', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><?php _e( 'Enter external domains in the Source fields using a space-separated list (example: <code>cdn.example.com fonts.google.com</code>)', 'security-header-generator' ); ?></li>
                                 <li><?php _e( 'Learn more:', 'security-header-generator' ); ?> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP</a></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Apply to Admin', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li><?php _e( 'Choose whether to apply the Content Security Policy to your WordPress admin area as well as the public site. <strong>Warning:</strong> This may break admin features if not configured correctly. Test thoroughly.', 'security-header-generator' ); ?></li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Include WordPress Defaults', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'This toggle controls whether WordPress default domains are <strong>added to</strong> your custom values. It does NOT replace your custom settings.', 'security-header-generator' ); ?>
                         </li>
                         <li>
                             <?php _e( 'How it works:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong><?php _e( 'When ON:', 'security-header-generator' ); ?></strong> <?php _e( 'Your custom domains PLUS WordPress default domains are included in the CSP', 'security-header-generator' ); ?></li>
                                 <li><strong><?php _e( 'When OFF:', 'security-header-generator' ); ?></strong> <?php _e( 'Only your custom domains are included in the CSP', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                         <li>
                             <?php _e( 'WordPress default domains that will be added when enabled:', 'security-header-generator' ); ?>
+                    <strong><?php esc_html_e( 'Generate CSP', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Enable this to create a Content Security Policy for your site. This will show many additional fields where you can specify which external resources (scripts, styles, images, etc.) are allowed to load.', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><?php esc_html_e( 'Enter external domains in the Source fields using a space-separated list (example: <code>cdn.example.com fonts.google.com</code>)', 'security-header-generator' ); ?></li>
+                                <li><?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP</a></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Apply to Admin', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li><?php esc_html_e( 'Choose whether to apply the Content Security Policy to your WordPress admin area as well as the public site. <strong>Warning:</strong> This may break admin features if not configured correctly. Test thoroughly.', 'security-header-generator' ); ?></li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Include WordPress Defaults', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'This toggle controls whether WordPress default domains are <strong>added to</strong> your custom values. It does NOT replace your custom settings.', 'security-header-generator' ); ?>
+                        </li>
+                        <li>
+                            <?php esc_html_e( 'How it works:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong><?php esc_html_e( 'When ON:', 'security-header-generator' ); ?></strong> <?php esc_html_e( 'Your custom domains PLUS WordPress default domains are included in the CSP', 'security-header-generator' ); ?></li>
+                                <li><strong><?php esc_html_e( 'When OFF:', 'security-header-generator' ); ?></strong> <?php esc_html_e( 'Only your custom domains are included in the CSP', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                        <li>
+                            <?php esc_html_e( 'WordPress default domains that will be added when enabled:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>style-src:</strong> <code>https: *.googleapis.com</code></li>
 …
                 </li>
                 <li>
                     <strong><?php _e( 'Understanding CSP Directive Configuration', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li><?php _e( 'Each CSP directive (like script-src, style-src, etc.) has two configuration sections:', 'security-header-generator' ); ?></li>
                         <li>
                             <strong>1. <?php _e( 'Source Field (Left Side):', 'security-header-generator' ); ?></strong>
                             <ul class="the_list">
                                 <li><?php _e( 'Enter external domains that should be allowed for this type of resource', 'security-header-generator' ); ?></li>
                                 <li><?php _e( 'Example for scripts: <code>cdn.jsdelivr.net ajax.googleapis.com</code>', 'security-header-generator' ); ?></li>
                                 <li><?php _e( 'Separate multiple domains with spaces', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                         <li>
                             <strong>2. <?php _e( 'Extra Settings Checkboxes (Right Side):', 'security-header-generator' ); ?></strong>
                             <ul class="the_list">
                                 <li><strong>Self:</strong> <?php _e( 'Allow resources from your own domain (recommended for most directives)', 'security-header-generator' ); ?></li>
                                 <li><strong>Inline:</strong> <?php _e( 'Allow inline styles/scripts embedded in your HTML. <strong>Warning:</strong> This reduces security and should only be used if necessary.', 'security-header-generator' ); ?></li>
                                 <li><strong>Eval:</strong> <?php _e( 'Allow JavaScript eval() function. <strong>Warning:</strong> This reduces security and should only be used if necessary.', 'security-header-generator' ); ?></li>
                                 <li><strong>None:</strong> <?php _e( 'Block ALL sources for this directive (overrides everything else). Use this to completely disable a resource type.', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'How WordPress Defaults Toggle Affects Settings', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li><?php _e( 'When you turn WordPress Defaults ON:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><?php _e( 'WordPress default domains are ADDED to your Source field values', 'security-header-generator' ); ?></li>
                                 <li><?php _e( 'Extra Settings checkboxes are temporarily set (usually "Self" is checked)', 'security-header-generator' ); ?></li>
                                 <li><?php _e( 'Your original checkbox selections are saved in the background', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                         <li><?php _e( 'When you turn WordPress Defaults OFF:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><?php _e( 'WordPress default domains are removed', 'security-header-generator' ); ?></li>
                                 <li><?php _e( 'Your original Extra Settings checkbox selections are restored', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                         <li>
                             <strong><?php _e( 'Important:', 'security-header-generator' ); ?></strong> <?php _e( 'Changes only take effect when you click "Save Settings". Toggling WordPress Defaults on/off without saving will not permanently change your configuration.', 'security-header-generator' ); ?>
+                    <strong><?php esc_html_e( 'Understanding CSP Directive Configuration', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li><?php esc_html_e( 'Each CSP directive (like script-src, style-src, etc.) has two configuration sections:', 'security-header-generator' ); ?></li>
+                        <li>
+                            <strong>1. <?php esc_html_e( 'Source Field (Left Side):', 'security-header-generator' ); ?></strong>
+                            <ul class="the_list">
+                                <li><?php esc_html_e( 'Enter external domains that should be allowed for this type of resource', 'security-header-generator' ); ?></li>
+                                <li><?php esc_html_e( 'Example for scripts: <code>cdn.jsdelivr.net ajax.googleapis.com</code>', 'security-header-generator' ); ?></li>
+                                <li><?php esc_html_e( 'Separate multiple domains with spaces', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                        <li>
+                            <strong>2. <?php esc_html_e( 'Extra Settings Checkboxes (Right Side):', 'security-header-generator' ); ?></strong>
+                            <ul class="the_list">
+                                <li><strong>Self:</strong> <?php esc_html_e( 'Allow resources from your own domain (recommended for most directives)', 'security-header-generator' ); ?></li>
+                                <li><strong>Inline:</strong> <?php esc_html_e( 'Allow inline styles/scripts embedded in your HTML. <strong>Warning:</strong> This reduces security and should only be used if necessary.', 'security-header-generator' ); ?></li>
+                                <li><strong>Eval:</strong> <?php esc_html_e( 'Allow JavaScript eval() function. <strong>Warning:</strong> This reduces security and should only be used if necessary.', 'security-header-generator' ); ?></li>
+                                <li><strong>None:</strong> <?php esc_html_e( 'Block ALL sources for this directive (overrides everything else). Use this to completely disable a resource type.', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'How WordPress Defaults Toggle Affects Settings', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li><?php esc_html_e( 'When you turn WordPress Defaults ON:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><?php esc_html_e( 'WordPress default domains are ADDED to your Source field values', 'security-header-generator' ); ?></li>
+                                <li><?php esc_html_e( 'Extra Settings checkboxes are temporarily set (usually "Self" is checked)', 'security-header-generator' ); ?></li>
+                                <li><?php esc_html_e( 'Your original checkbox selections are saved in the background', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                        <li><?php esc_html_e( 'When you turn WordPress Defaults OFF:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><?php esc_html_e( 'WordPress default domains are removed', 'security-header-generator' ); ?></li>
+                                <li><?php esc_html_e( 'Your original Extra Settings checkbox selections are restored', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                        <li>
+                            <strong><?php esc_html_e( 'Important:', 'security-header-generator' ); ?></strong> <?php esc_html_e( 'Changes only take effect when you click "Save Settings". Toggling WordPress Defaults on/off without saving will not permanently change your configuration.', 'security-header-generator' ); ?>
                         </li>
                     </ul>
 …
         </li>
         <li><h3><?php _e( 'Permissions Policy Tab', 'security-header-generator' ); ?></h3>
             <p><?php _e( 'Permissions Policy (formerly Feature Policy) controls which browser features and APIs your website and embedded content can use. This prevents malicious scripts from accessing sensitive features like camera, microphone, or geolocation.', 'security-header-generator' ); ?></p>
+        <li><h3><?php esc_html_e( 'Permissions Policy Tab', 'security-header-generator' ); ?></h3>
+            <p><?php esc_html_e( 'Permissions Policy (formerly Feature Policy) controls which browser features and APIs your website and embedded content can use. This prevents malicious scripts from accessing sensitive features like camera, microphone, or geolocation.', 'security-header-generator' ); ?></p>
             <ul class="the_list">
                 <li>
                     <strong><?php _e( 'Configure Permissions Policy', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li>
                             <?php _e( 'Enable this to control browser feature permissions. For each feature, you can choose:', 'security-header-generator' ); ?>
                             <ul class="the_list">
                                 <li><strong>None:</strong> <?php _e( 'Block this feature completely', 'security-header-generator' ); ?></li>
                                 <li><strong>Any:</strong> <?php _e( 'Allow from any domain (least secure)', 'security-header-generator' ); ?></li>
                                 <li><strong>Self:</strong> <?php _e( 'Only allow from your own domain (recommended)', 'security-header-generator' ); ?></li>
                                 <li><strong>Source:</strong> <?php _e( 'Allow from specific domains you list', 'security-header-generator' ); ?></li>
                             </ul>
                         </li>
                         <li>
                             <?php _e( 'If you select "Source", enter full URLs with protocol: <code>https://example.com https://trusted-site.com</code>', 'security-header-generator' ); ?>
                         </li>
                         <li><?php _e( 'Learn more:', 'security-header-generator' ); ?> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy</a></li>
                     </ul>
                 </li>
                 <li>
                     <strong><?php _e( 'Apply to Admin', 'security-header-generator' ); ?></strong>
                     <ul class="the_list">
                         <li><?php _e( 'Choose whether to apply Permissions Policy to your WordPress admin area as well as the public site.', 'security-header-generator' ); ?></li>
+                    <strong><?php esc_html_e( 'Configure Permissions Policy', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li>
+                            <?php esc_html_e( 'Enable this to control browser feature permissions. For each feature, you can choose:', 'security-header-generator' ); ?>
+                            <ul class="the_list">
+                                <li><strong>None:</strong> <?php esc_html_e( 'Block this feature completely', 'security-header-generator' ); ?></li>
+                                <li><strong>Any:</strong> <?php esc_html_e( 'Allow from any domain (least secure)', 'security-header-generator' ); ?></li>
+                                <li><strong>Self:</strong> <?php esc_html_e( 'Only allow from your own domain (recommended)', 'security-header-generator' ); ?></li>
+                                <li><strong>Source:</strong> <?php esc_html_e( 'Allow from specific domains you list', 'security-header-generator' ); ?></li>
+                            </ul>
+                        </li>
+                        <li>
+                            <?php esc_html_e( 'If you select "Source", enter full URLs with protocol: <code>https://example.com https://trusted-site.com</code>', 'security-header-generator' ); ?>
+                        </li>
+                        <li><?php esc_html_e( 'Learn more:', 'security-header-generator' ); ?> <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy</a></li>
+                    </ul>
+                </li>
+                <li>
+                    <strong><?php esc_html_e( 'Apply to Admin', 'security-header-generator' ); ?></strong>
+                    <ul class="the_list">
+                        <li><?php esc_html_e( 'Choose whether to apply Permissions Policy to your WordPress admin area as well as the public site.', 'security-header-generator' ); ?></li>
                     </ul>
                 </li>
 …
     <div class="technical-section">
         <h3><?php _e( 'Technical Reference: CSP Directives', 'security-header-generator' ); ?></h3>
         <p><em><?php _e( 'This section provides technical details about each Content Security Policy directive. These are automatically generated based on the plugin configuration.', 'security-header-generator' ); ?></em></p>
+        <h3><?php esc_html_e( 'Technical Reference: CSP Directives', 'security-header-generator' ); ?></h3>
+        <p><em><?php esc_html_e( 'This section provides technical details about each Content Security Policy directive. These are automatically generated based on the plugin configuration.', 'security-header-generator' ); ?></em></p>
         <ul class="the_list">
         <?php
 …
         </ul>
         <h3><?php _e( 'Technical Reference: Permissions Policy Directives', 'security-header-generator' ); ?></h3>
         <p><em><?php _e( 'This section provides technical details about each Permissions Policy directive. Note that browser support varies by directive.', 'security-header-generator' ); ?></em></p>
+        <h3><?php esc_html_e( 'Technical Reference: Permissions Policy Directives', 'security-header-generator' ); ?></h3>
+        <p><em><?php esc_html_e( 'This section provides technical details about each Permissions Policy directive. Note that browser support varies by directive.', 'security-header-generator' ); ?></em></p>
         <ul class="the_list">
         <?php

security-header-generator/trunk/work/inc/kcp-cspgen-common.php

-                      r3265831
+                      r3420349
                     'desc' => __( 'Controls whether the current document is allowed to gather information about the acceleration of the device through the Accelerometer interface.', 'security-header-generator' ),
                 ),
+                /* Commented out - limited browser support
                 'ambient-light-sensor' => array(
                     'id' => 'fp_ambient-light-sensor',
 …
                     'desc' => __( 'Controls whether the current document is allowed to gather information about the amount of light in the environment around the device through the AmbientLightSensor interface.', 'security-header-generator' ),
                 ),
+                */
                 'autoplay' => array(
                     'id' => 'fp_autoplay',
 …
                     'desc' => __( 'Controls whether the current document is allowed to autoplay media requested through the HTMLMediaElement interface. When this policy is disabled and there were no user gestures, the Promise returned by HTMLMediaElement.play() will reject with a DOMException. The autoplay attribute on &lt;audio&gt; and &lt;video&gt; elements will be ignored.', 'security-header-generator' ),
                 ),
+                'bluetooth' => array(
+                    'id' => 'fp_bluetooth',
+                    'title' => __( 'Bluetooth', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the use of the Web Bluetooth API is allowed. When this policy is disabled, the methods of the Bluetooth object returned by Navigator.bluetooth will either return false or reject the returned Promise with a SecurityError DOMException.', 'security-header-generator' ),
+                ),
                 'camera' => array(
                     'id' => 'fp_camera',
 …
                     'desc' => __( 'Controls whether the current document is allowed to use video input devices. When this policy is disabled, the Promise returned by getUserMedia() will reject with a NotAllowedError DOMException.', 'security-header-generator' ),
                 ),
+                'captured-surface-control' => array(
+                    'id' => 'fp_captured-surface-control',
+                    'title' => __( 'Captured Surface Control', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the Captured Surface Control feature can be used to programmatically manipulate a display surface being captured (such as a browser tab or window), including scrolling and zooming.', 'security-header-generator' ),
+                ),
+                'compute-pressure' => array(
+                    'id' => 'fp_compute-pressure',
+                    'title' => __( 'Compute Pressure', 'security-header-generator' ),
+                    'desc' => __( 'Controls access to the Compute Pressure API, which allows monitoring of compute pressure (CPU, GPU) on the device.', 'security-header-generator' ),
+                ),
+                'cross-origin-isolated' => array(
+                    'id' => 'fp_cross-origin-isolated',
+                    'title' => __( 'Cross Origin Isolated', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the document is cross-origin isolated, enabling certain powerful features like SharedArrayBuffer and high-precision timers.', 'security-header-generator' ),
+                ),
+                'deferred-fetch' => array(
+                    'id' => 'fp_deferred-fetch',
+                    'title' => __( 'Deferred Fetch', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the current document is allowed to use the fetchLater() API to defer fetch requests until after the document is unloaded.', 'security-header-generator' ),
+                ),
+                'deferred-fetch-minimal' => array(
+                    'id' => 'fp_deferred-fetch-minimal',
+                    'title' => __( 'Deferred Fetch Minimal', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the current document is allowed to use the fetchLater() API with minimal quota restrictions.', 'security-header-generator' ),
+                ),
                 'display-capture' => array(
                     'id' => 'fp_display-capture',
 …
                 ),
+                /* Commented out - limited browser support
                 'magnetometer' => array(
                     'id' => 'fp_magnetometer',
 …
                     'desc' => __( 'Controls whether the current document is allowed to gather information about the orientation of the device through the Magnetometer interface', 'security-header-generator' ),
                 ),
+                */
                 'microphone' => array(
                     'id' => 'fp_microphone',
 …
                     'desc' => __( 'Controls whether the current document is allowed to use the Web MIDI API. When this policy is disabled, the Promise returned by Navigator.requestMIDIAccess() will reject with a DOMException', 'security-header-generator' ),
                 ),
+                'otp-credentials' => array(
+                    'id' => 'fp_otp-credentials',
+                    'title' => __( 'OTP Credentials', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the current document is allowed to use the WebOTP API to request a one-time password (OTP) from a specially-formatted SMS message sent by the app\'s server.', 'security-header-generator' ),
+                ),
                 'payment' => array(
                     'id' => 'fp_payment',
 …
                 'publickey-credentials-create' => array(
                     'id' => 'fp_publickey-credentials-create',
                     'title' => __( 'Publicket Credentials Create', 'security-header-generator' ),
+                    'title' => __( 'Publickey Credentials Create', 'security-header-generator' ),
                     'desc' => __( 'Controls whether the current document is allowed to use the Web Authentication API to create new WebAuthn credentials, i.e., via navigator.credentials.create({publicKey}).', 'security-header-generator' ),
                 ),
                 'publickey-credentials-get' => array(
                     'id' => 'fp_publickey-credentials-get',
                     'title' => __( 'Publicket Credentials Get', 'security-header-generator' ),
+                    'title' => __( 'Publickey Credentials Get', 'security-header-generator' ),
                     'desc' => __( 'Controls whether the current document is allowed to use the Web Authentication API to retrieve already stored public-key credentials, i.e. via navigator.credentials.get({publicKey: ..., ...})', 'security-header-generator' ),
                 ),
 …
                     'desc' => __( 'Controls whether the current document is allowed to use the Web Serial API to communicate with serial devices, either directly connected via a serial port, or via USB or Bluetooth devices emulating a serial port.', 'security-header-generator' ),
                 ),
+                'storage-access' => array(
+                    'id' => 'fp_storage-access',
+                    'title' => __( 'Storage Access', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether a document loaded in a third-party context (i.e. embedded in an &lt;iframe&gt;) is allowed to use the Storage Access API to request access to unpartitioned cookies.', 'security-header-generator' ),
+                ),
+                /* Commented out - limited browser support
                 'sync-xhr' => array(
                     'id' => 'fp_sync-xhr',
 …
                     'desc' => __( 'Controls whether the current document is allowed to make synchronous XMLHttpRequest requests', 'security-header-generator' ),
                 ),
+                */
                 'usb' => array(
                     'id' => 'fp_usb',
 …
                     'title' => __( 'Web Share', 'security-header-generator' ),
                     'desc' => __( 'Controls whether the current document is allowed to use the Navigator.share() method of the Web Share API to share text, links, images, and other content to arbitrary destinations of the user\'s choice.', 'security-header-generator' ),
+                ),
+                'window-management' => array(
+                    'id' => 'fp_window-management',
+                    'title' => __( 'Window Management', 'security-header-generator' ),
+                    'desc' => __( 'Controls whether the current document is allowed to use the Window Management API to manage windows on multiple displays.', 'security-header-generator' ),
                 ),
                 'xr-spatial-tracking' => array(

security-header-generator/trunk/work/inc/kcp-cspgen-settings.php

-                      r3420274
+                      r3420349
                         'title'  => __( 'Standard Security Headers', 'security-header-generator' ),
                         'fields' => $this -> kcp_standard_security_headers( ),
                         'description' => __( '<p><strong>NOTE</strong><br />Make sure to check your web browsers <strong>Development Tools</strong> once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.</p>', 'security-header-generator' ),
+                        'description' => __( '<p>NOTE<br />Make sure to check your web browsers Development Tools once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.</p>', 'security-header-generator' ),
+                    )
                 );
 …
                         'title'  => __( 'Content Security Headers', 'security-header-generator' ),
                         'fields' => $this -> kcp_content_security_policy_headers( ),
                         'description' => __( '<p><strong>NOTE</strong><br />Make sure to check your web browsers <strong>Development Tools</strong> once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.<br /><br /><strong>Suggested:</strong><br />Add your domains to the necessary attribute prior to adding the external resource...</p>', 'security-header-generator' ),
+                        'description' => __( '<p>NOTE<br />Make sure to check your web browsers Development Tools once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.<br /><br />Suggested:<br />Add your domains to the necessary attribute prior to adding the external resource...</p>', 'security-header-generator' ),
                         'class' => 'wpsh_content_security_policy'
+                    )
 …
                         'title'  => __( 'Permissions Policy Headers', 'security-header-generator' ),
                         'fields' => $this -> kcp_permissions_policy_headers( ),
                         'description' => __( '<p><strong>NOTE</strong><br />Make sure to check your web browsers <strong>Development Tools</strong> once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.</p>', 'security-header-generator' ),
+                        'description' => __( '<p>NOTE<br />Make sure to check your web browsers Development Tools once you are finished configuring this. You will need to make sure you are not blocking necessary items for your website.</p>', 'security-header-generator' ),
+                    )
                 );
 …
                     'type' => 'switcher',
                     'title' => __( 'Apply to the REST API?', 'security-header-generator' ),
                     'desc' => __( 'This will attempt to apply all headers to the REST API of your site.<br /><strong>NOTE:</strong> Due to the default nature of the REST API, the headers will also be applied to the admin areas of the website. You will need to check for breakages after applying.', 'security-header-generator' ),
+                    'desc' => __( 'This will attempt to apply all headers to the REST API of your site.<br />NOTE: Due to the default nature of the REST API, the headers will also be applied to the admin areas of the website. You will need to check for breakages after applying.', 'security-header-generator' ),
                     'default' => false,
                 ),
 …
                     'id' => 'include_sts_subdomains',
                     'type' => 'switcher',
                     'title' => __( '<strong>Include Subdomains?</strong>', 'security-header-generator' ),
+                    'title' => __( 'Include Subdomains?', 'security-header-generator' ),
                     'desc' => __( 'If this optional parameter is specified, this rule applies to all of the site\'s subdomains as well.', 'security-header-generator' ),
                     'default' => false,
 …
                     'id' => 'include_sts_preload',
                     'type' => 'switcher',
                     'title' => __( '<strong>Preload?</strong>', 'security-header-generator' ),
+                    'title' => __( 'Preload?', 'security-header-generator' ),
                     'desc' => __( 'If you enable preload, you should change the cache age to 2 Years. (63072000)', 'security-header-generator' ),
                     'default' => false,
 …
                     'type' => 'switcher',
                     'title' => __( 'Enforce Certificate Transparency?', 'security-header-generator' ),
                     'desc' => __( 'Setting this will add another header to enforce Certificate Transparency. See here for more information: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT</a><br /><strong>NOTE: </strong>This header is likely to be deprecated in the near future.', 'security-header-generator' ),
+                    'desc' => __( 'Setting this will add another header to enforce Certificate Transparency. See here for more information: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT</a><br />NOTE: This header is likely to be deprecated in the near future.', 'security-header-generator' ),
                     'default' => false,
                 ),
 …
                     'type' => 'checkbox',
                     'title' => __( 'Methods', 'security-header-generator' ),
                     'desc' => __( 'Select the methods you wish to allow.<br /><strong>NOTE:</strong> Most public websites require at least GET to be viewable online.<br /><strong>NOTE 2:</strong> This will block unselected methods.', 'security-header-generator' ),
+                    'desc' => __( 'Select the methods you wish to allow.<br />NOTE: Most public websites require at least GET to be viewable online.<br />NOTE 2: This will block unselected methods.', 'security-header-generator' ),
                     'options' => array(
                         'GET' => __( 'GET', 'security-header-generator' ),
 …
                     'type' => 'text',
                     'title' => __( 'Origin', 'security-header-generator' ),
                     'desc' => __( 'Set the allowed access origin here.  Can either be an asterisk: <code>*</code>, or a FQDN URL: <code>https://example.com</code><br /><strong>NOTE: </strong>If nothing is put in here, we will default to <code>*</code>', 'security-header-generator' ),
+                    'desc' => __( 'Set the allowed access origin here.  Can either be an asterisk: <code>*</code>, or a FQDN URL: <code>https://example.com</code><br />NOTE: If nothing is put in here, we will default to <code>*</code>', 'security-header-generator' ),
                     'dependency' => array( 'include_acao', '==', true ),
                 ),
 …
                     'id' => 'auth_un',
                     'type' => 'text',
                     'title' => __( '<strong>Basic Auth Username</strong>', 'security-header-generator' ),
+                    'title' => __( 'Basic Auth Username', 'security-header-generator' ),
                     'desc' => __( 'Enter your Basic Auth Username, if your site has this protection. (aka: htaccess protection, or htpasswd', 'security-header-generator' ),
                     'dependency' => array( 'generate_csp', '==', true ),
 …
                     'type' => 'text',
                     'attributes' => array( 'type' => 'password', 'autocomplete' => 'new-password' ),
                     'title' => __( '<strong>Basic Auth Password</strong>', 'security-header-generator' ),
+                    'title' => __( 'Basic Auth Password', 'security-header-generator' ),
                     'desc' => __( 'Enter your Basic Auth Password, if your site has this protection. (aka: htaccess protection, or htpasswd', 'security-header-generator' ),
                     'dependency' => array( 'generate_csp', '==', true ),
 …
                     'type' => 'switcher',
                     'title' => __( 'Do you want to configure a Feature Policy (aka Permissions-Policy)?', 'security-header-generator' ),
                     'desc' => __( 'Setting this will add another header to configure browser and frame permissions. See here for more information: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy</a><br /><br /><strong>NOTE: </strong> Some of these features are not implemented for all browsers, and/or could be experimental.  Please read through that information and decide what features you need, and what audiences you need to apply to.', 'security-header-generator' ),
+                    'desc' => __( 'Setting this will add another header to configure browser and frame permissions. See here for more information: <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy" target="_blank">https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy</a><br /><br />NOTE:  Some of these features are not implemented for all browsers, and/or could be experimental.  Please read through that information and decide what features you need, and what audiences you need to apply to.', 'security-header-generator' ),
                     'default' => false,
                 ),

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: