v2.7.2

• fixed: some hard-coded link elements (e.g. stylesheets) when href is the first attribute

v2.7.1

• tested: WordPress 5.0

v2.7.0

• added: fix for responsive images loaded by JavaScript from image data attributes
• fixed: call to undefined function hash_equals() on environments with obsolete PHP versions (i.e. < 5.6)
• fixed: don't run the fixer when a WooCommerce download request is detected

v2.6.0

• added: new filter ssl_insecure_content_pcre_version_permissive allowing sites that can't update PCRE beyond 7.2 to function
• added: fix for plugins / themes overriding avatars and breaking them with insecure content
• changed: no longer sets a cookie on test or settings pages

v2.5.0

• changed: .htaccess rules file for non-WP test script now supports Apache v2.4; thanks, Andreas Schneider!
• added: option to only fix content resource links for the current website; thanks, Luke Driscoll!
• added: support for KeyCDN https detection via the X-Forwarded-Scheme header

v2.4.0

• fixed: don't capture content on admin pages when mode is Capture or Capture All
• added: filter ssl_insecure_content_disable_capture for disabling Capture mode on selected pages / scripts

v2.3.0

• added: support for Windows Azure with ARR
• added: filter ssl_insecure_content_domain_exclusions for domains that can be excluded from content cleaning (ignored for enqueued scripts)

v2.2.3

• fixed: breaks Visual Composer back end editing due to a regular expression problem (now you have two!)
• changed: Capture no longer captures AJAX requests; new mode Capture All introduced to capture AJAX requests too
• added: prerequisites check, to ensure that plugin can run successfully

v2.2.2

• fixed: make protocol header tests case-insensitive (thanks, waja!)
• added: support for Amazon CloudFront CloudFront-Forwarded-Proto header (thanks, gmazovec!)
• added: clean up responsive image srcset links to external images (WordPress already handles local images)

v2.2.1

• fixed: improve accessibility of admin pages
• removed: update message display forced on multisite; just leave that for WordPress to handle (it does it so well)