HEX
Server: Apache/2.4.41 (Ubuntu)
System: Linux wordpress-ubuntu-s-2vcpu-4gb-fra1-01 5.4.0-169-generic #187-Ubuntu SMP Thu Nov 23 14:52:28 UTC 2023 x86_64
User: root (0)
PHP: 7.4.33
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
$ pwd: /var/www/hcv/wp-content/plugins/w3-total-cache/
Upload Files
File: /var/www/hcv/wp-content/plugins/w3-total-cache/BrowserCache_Page_View_QuickReference.php
<?php
namespace W3TC;

if ( !defined( 'W3TC' ) )
	die();

?>
<div class="lightbox-content-padded">
    <h3><?php _e( 'Security Headers: Quick Reference', 'w3-total-cache' ); ?></h3>

    <fieldset>
        <legend><?php _e( 'Legend', 'w3-total-cache' ); ?></legend>

        <p>
            All of the directives that end with -src support similar values known as
            a source list. Multiple source list values can be space separated with the exception of
            'none' which should be the only value.
        </p>
    </fieldset>

    <table class="w3tcbc_qrf">
        <tr>
            <th>Source Value</th>
            <th>Example</th>
            <th>Description</th>
        </tr>
        <tr>
            <td><code>*</code></td>
            <td><code>img-src *</code></td>
            <td>Wildcard, allows any URL except data: blob: filesystem: schemes</td>
        </tr>
        <tr>
            <td><code>'none'</code></td>
            <td><code>object-src 'none'</code></td>
            <td>Prevents loading resources from any source</td>
        </tr>
        <tr>
            <td><code>'self'</code></td>
            <td><code>script-src 'self'</code></td>
            <td>Allows loading resources from the same origin (same scheme, host and port)</td>
        </tr>
        <tr>
            <td><code>data:</code></td>
            <td><code>img-src 'self' data:</code></td>
            <td>Allows loading resources via the data scheme (e.g. Base64 encoded images)</td>
        </tr>
        <tr>
            <td><code>domain.example.com</code></td>
            <td><code>img-src domain.example.com</code></td>
            <td>Allows loading resources from the specified domain name</td>
        </tr>
        <tr>
            <td><code>*.example.com</code></td>
            <td><code>img-src *.example.com</code></td>
            <td>Allows loading resources from any subdomain under example.com</td>
        </tr>
        <tr>
            <td><code>https://cdn.com</code></td>
            <td><code>img-src https://cdn.com</code></td>
            <td>Allows loading resources only over <acronym title="HyperText Transfer Protocol over SSL">HTTPS</acronym> matching the given domain</td>
        </tr>
        <tr>
            <td><code>https:</code></td>
            <td><code>img-src https:</code></td>
            <td>Allows loading resources only over <acronym title="HyperText Transfer Protocol over SSL">HTTPS</acronym> on any domain</td>
        </tr>
        <tr>
            <td><code>'unsafe-inline'</code></td>
            <td><code>script-src 'unsafe-inline'</code></td>
            <td>Allows use of inline source elements such as style attribute, onclick, or script tag bodies (depends on the context of the source it is applied to)</td>
        </tr>
        <tr>
            <td><code>'unsafe-eval'</code></td>
            <td><code>script-src 'unsafe-eval'</code></td>
            <td>Allows unsafe dynamic code evaluation such as Javascript eval()</td>
        </tr>
    </table>
</div>
@ Telegram