pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3693b52886f918d61deb7f3f020ac86fcd9f2a15
assetmgt/security.php
“VeLiTi” 661783270a CMXX - Pricelists
2025-01-23 12:54:16 +01:00

65 lines
2.2 KiB
PHP
Raw Blame History

<?php
// test-headers.php
function testSecurityHeaders($url) {
// Initialize cURL
$ch = curl_init($url);
// Set cURL options
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_NOBODY, true);
// Execute request
$response = curl_exec($ch);
// Get headers
$headers = [];
$headerLines = explode("\n", $response);
foreach ($headerLines as $line) {
if (strpos($line, ':') !== false) {
list($key, $value) = explode(':', $line, 2);
$headers[trim($key)] = trim($value);
}
}
// Define expected security headers
$expectedHeaders = [
'X-Content-Type-Options' => 'nosniff',
'X-Frame-Options' => 'DENY',
'X-XSS-Protection' => '1; mode=block',
'Content-Security-Policy' => 'default-src \'none\'',
'Access-Control-Allow-Origin' => null, // Will check if exists
'Access-Control-Allow-Methods' => null, // Will check if exists
'Access-Control-Allow-Headers' => null, // Will check if exists
'Strict-Transport-Security' => null // Will check if exists
];
// Check each expected header
echo "Security Headers Test Results:\n";
echo "==============================\n\n";
foreach ($expectedHeaders as $header => $expectedValue) {
if (isset($headers[$header])) {
if ($expectedValue === null) {
echo "{$header} is present: {$headers[$header]}\n";
} elseif ($headers[$header] === $expectedValue) {
echo "{$header} has correct value: {$headers[$header]}\n";
} else {
echo "{$header} has incorrect value. Expected: {$expectedValue}, Got: {$headers[$header]}\n";
}
} else {
echo "{$header} is missing\n";
}
}
// Check for HTTPS
$isHttps = strpos($url, 'https://') === 0;
echo $isHttps ?
"\n✅ HTTPS is enabled\n" :
"\n❌ HTTPS is not enabled - Security headers may not be effective!\n";
curl_close($ch);
}
// Usage
testSecurityHeaders('https://dev.veliti.nl/api.php');
Reference in New Issue View Git Blame Copy Permalink