* New: change login url

* Fix: Exclude deprecated x-content-security-policy from header detection

* Improvement: Update to functional components Rest API for free core

* Improvement: Disable Content Security Policy if the maximum header size has been reached

Fix: follow redirects in third party header detection.

* Improvement: add support for BLOB and Filesystem

* Improvement: disable CSP reporting mode paused status when switching to disabled or enforced

* Improvement: CSP policy for back and front-end separate

* Improvement: also allow non-recommended X-XSS options

* Improvement: frame ancestors allow other values than 'none'

Fix: Debug.log setting not saving on first save action

* Fix: isset check on $_SERVER['HTTPS'] to support environments where this key is missing

* Improvement: add headers_sent() check for situations where the headers already have been sent, possibly due to an error earlier in the system.

* Improvement: Update CSP reporting URI on permalink structure change

Run upgrade only once

Prepare for 6.0 release with upgrade notice, disabling auto updates for 6.0, and code preparation to prevent conflicts between major versions

* New: option to install required free plugin from pro

* Improvement: no upgrade insecure requests network wide on per site activated sites

* Improvement: removing CSP rules

* Improvement: upgrade .htaccess http headers to advanced-headers.php

* Improvement: use manage_security capability

* Improvement: extend system status with versions of both free and premium

* Improvement: catch situation where pro is deactivated while free not active

* Fix: advanced-headers.php did not generated CSP correctly

* Fix: Browsers support for new report-to reporting attribute not good enought to use it yet.