CMXX - Pricelists
This commit is contained in:
“VeLiTi”
65
security.php
Normal file
65
security.php
Normal file
@@ -0,0 +1,65 @@
|
||||
<?php
|
||||
// test-headers.php
|
||||
function testSecurityHeaders($url) {
|
||||
// Initialize cURL
|
||||
$ch = curl_init($url);
|
||||
|
||||
// Set cURL options
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_HEADER, true);
|
||||
curl_setopt($ch, CURLOPT_NOBODY, true);
|
||||
|
||||
// Execute request
|
||||
$response = curl_exec($ch);
|
||||
|
||||
// Get headers
|
||||
$headers = [];
|
||||
$headerLines = explode("\n", $response);
|
||||
foreach ($headerLines as $line) {
|
||||
if (strpos($line, ':') !== false) {
|
||||
list($key, $value) = explode(':', $line, 2);
|
||||
$headers[trim($key)] = trim($value);
|
||||
}
|
||||
}
|
||||
|
||||
// Define expected security headers
|
||||
$expectedHeaders = [
|
||||
'X-Content-Type-Options' => 'nosniff',
|
||||
'X-Frame-Options' => 'DENY',
|
||||
'X-XSS-Protection' => '1; mode=block',
|
||||
'Content-Security-Policy' => 'default-src \'none\'',
|
||||
'Access-Control-Allow-Origin' => null, // Will check if exists
|
||||
'Access-Control-Allow-Methods' => null, // Will check if exists
|
||||
'Access-Control-Allow-Headers' => null, // Will check if exists
|
||||
'Strict-Transport-Security' => null // Will check if exists
|
||||
];
|
||||
|
||||
// Check each expected header
|
||||
echo "Security Headers Test Results:\n";
|
||||
echo "==============================\n\n";
|
||||
|
||||
foreach ($expectedHeaders as $header => $expectedValue) {
|
||||
if (isset($headers[$header])) {
|
||||
if ($expectedValue === null) {
|
||||
echo "✅ {$header} is present: {$headers[$header]}\n";
|
||||
} elseif ($headers[$header] === $expectedValue) {
|
||||
echo "✅ {$header} has correct value: {$headers[$header]}\n";
|
||||
} else {
|
||||
echo "❌ {$header} has incorrect value. Expected: {$expectedValue}, Got: {$headers[$header]}\n";
|
||||
}
|
||||
} else {
|
||||
echo "❌ {$header} is missing\n";
|
||||
}
|
||||
}
|
||||
|
||||
// Check for HTTPS
|
||||
$isHttps = strpos($url, 'https://') === 0;
|
||||
echo $isHttps ?
|
||||
"\n✅ HTTPS is enabled\n" :
|
||||
"\n❌ HTTPS is not enabled - Security headers may not be effective!\n";
|
||||
|
||||
curl_close($ch);
|
||||
}
|
||||
|
||||
// Usage
|
||||
testSecurityHeaders('https://dev.veliti.nl/api.php');
|
||||
Reference in New Issue
Block a user