HTTP Headers

설명

HTTP Headers gives your control over the http headers returned by your blog or website.

Headers supported by HTTP Headers includes:

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Max-Age
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Headers
  • Access-Control-Expose-Headers
  • Age
  • Content-Security-Policy
  • Content-Security-Policy-Report-Only
  • Cache-Control
  • Clear-Site-Data
  • Connection
  • Content-Encoding
  • Content-Type
  • Cross-Origin-Embedder-Policy
  • Cross-Origin-Opener-Policy
  • Cross-Origin-Resource-Policy
  • Expect-CT
  • Expires
  • Feature-Policy
  • NEL
  • Permissions-Policy
  • Pragma
  • P3P
  • Referrer-Policy
  • Report-To
  • Strict-Transport-Security
  • Timing-Allow-Origin
  • Vary
  • WWW-Authenticate
  • X-Content-Type-Options
  • X-DNS-Prefetch-Control
  • X-Download-Options
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • X-Powered-By
  • X-Robots-Tag
  • X-UA-Compatible
  • X-XSS-Protection

스크린샷

  • This screenshot shows up the dashboard with categories of the supported headers.
  • This screenshot shows up the headers of a chosen category and their current values.
  • This screenshot shows up the settings page where you can adjust the security headers.
  • This screenshot shows up the response headers returned by the web server.

설치

Upload the HTTP Headers plugin to your blog. Then activate it.

That’s all.

FAQ

Why to use this plugin?

Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.

Who use these headers?

These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.

후기

2023년 11월 10일
Thanks for this great plugin. But the CSP settings are very difficult to choose. Can someone give us a basic setting for the CSP implentation ?if I follow the recomendations infosec mozilla for CSP I block many things on a basic WP site. for instance the /wp-admin/plugin-install.php page doesn't display the extension image anymore. thanks
2023년 9월 16일
Been using this for well over a year now. Works like a champ with custom themes, wide variety of plugins, and page builder themes. Of course, we keep all of these updated. The settings dashboard is very user-friendly. Much easier than adding these manually. Thank you!
2023년 7월 27일 1 reply
I use this plugin on many of my sites, and I have never encountered fatal error errors as in the comments. I am using PHP 8.0 and below. People who have problems should check if there are any other plugins that affect the htaccess file. This plugin takes care of the htaccess file. Talking about the plugin, the developer did a good job. All http header codes and descriptions are available. Respects!
2022년 11월 24일
Used this for years, it has been great but it needs updating for recent WP releases, and in particular for PHP 8.1 - there is some code that relied on earlier versions of PHP being forgiving or some common coding issues, which now breaks on an up to date system.
2022년 10월 10일
Enhances the security of a WordPress site. Thanks for the developer for making this useful plugin, hopes he actively maintains this plugin.
모든 62 평가 읽기

기여자 & 개발자

“HTTP Headers”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다.

기여자

“HTTP Headers”(이)가 3(으)로 번역되었습니다. 기여해 주셔서 번역자님께 감사드립니다.

자국어로 “HTTP Headers”(을)를 번역하세요.

개발에 관심이 있으십니까?

코드 탐색하기는, SVN 저장소를 확인하시거나, 개발 기록RSS로 구독하세요.

변경이력

1.19.1

Release Date – 2nd September, 2023

  • Added “clientHints” directive to “Clear-Site-Data” header
  • Added “credentialless” directive to “Cross-Origin-Embedder-Policy” header

1.19.0

Release Date – 7th July, 2023

  • Fixed: SSRF vulnerability by an Admin user
  • Fixed: XSS vulnerability by an Admin user

1.18.11

Release Date – 11th June, 2023

  • Fixed: Remote Code Execution by an Admin user

1.18.10

Release Date – 28th May, 2023

  • Fixed: Remote Code Execution by an Admin user
  • Removed: Import/Export functions

1.18.9

Release Date – 23rd April, 2023

  • Fixed: Remote Code Execution by an Admin user

1.18.8

Release Date – 17th April, 2023

  • Fixed: SQL Injection by an Admin user
  • Fixed: Remote Code Execution by an Admin user
  • Few PHP 8.x compatible fixes

1.18.7

Release Date – 24th January, 2023

  • Fix CSP default value

1.18.6

Release Date – 22nd January, 2023

  • PHP 8 compatibility changes

1.18.5

Release Date – 30th April, 2021

  • Configurable paths to files who store passwords for basic/digest auth
  • Fixed issue with plugin activation, due missing file

1.18.4

Release Date – 30th April, 2021

  • Initial value of X-Robots-Tag fixed

1.18.3

Release Date – 30th April, 2021

  • Added “X-Robots-Tag” header
  • Added “interest-cohort”, “layout-animations”, “legacy-image-formats”, “oversized-images”, and “wake-lock” directive to “Permissions-Policy” header
  • Added “cross-origin” value to “Cross-Origin-Resource-Policy” header
  • Added “navigate-to” and “prefetch-src” directives to “Content-Security-Policy” header

1.18.2

Release Date – 24th April, 2021

  • Configurable paths to .htaccess and .user.ini files

1.18.1

Release Date – 29th October, 2020

  • Added “allow-downloads” and “allow-top-navigation-by-user-activation” to “sandbox” directive, part of CSP

1.18.0

Release Date – 20th September, 2020

  • Added “Permissions-Policy” header
  • Fixed “Cookie Security”

1.17.0

Release Date – 26th July, 2020

  • Added “Cross-Origin-Embedder-Policy” header
  • Added “Cross-Origin-Opener-Policy” header

1.16.1

Release Date – 23rd July, 2020

  • Fixed JS/CSS versioning

1.16.0

Release Date – 23rd July, 2020

  • Added the “NEL” header
  • Fixed the “Report-To” header

1.15.2

Release Date – 18th June, 2020

  • Fixed a PHP Notice at “Expires” page
  • Fixed comments in .user.ini file

1.15.1

Release Date – 9th May, 2020

  • Fixed the “Access-Control-Allow-Origin” header

1.15.0

Release Date – 26th January, 2020

  • Added the “Cross-Origin-Resource-Policy” header
  • Removed the “Public-Key-Pins” header

1.14.2

Release Date – 25th November, 2019

  • CORS headers updated (added “Vary: Origin”)

1.14.1

Release Date – 15th September, 2019

  • Simple filtering was replaced with Dynamic filtering

1.14.0

Release Date – 1st September, 2019

  • Added the “Content-Type” header
  • Fixed the “Access-Control-Allow-Credentials” header
  • Improvement to “Access-Control-Allow-Headers” header
  • Improvement to “Access-Control-Allow-Methods” header
  • Improvement to “Access-Control-Expose-Headers” header
  • Improvement to “Cache-Control” header
  • Improvement to “Vary” header

1.13.4

Release Date – 14th July, 2019

  • Added the “always” condition to Header (unset) directive
  • Fixed the “import” function
  • Fixed the “Access-Control-Allow-Origin” header

1.13.3

Release Date – 16th June, 2019

  • Bugfix in “WWW-Authenticate” header
  • Added support of Apache 2.4

1.13.2

Release Date – 13th June, 2019

  • Bugfix in “Content-Encoding” header
  • Bugfix in “Vary” header

1.13.1

Release Date – 8th June, 2019

  • Added Brotli compression

1.13.0

Release Date – 7th June, 2019

  • Added “SameSite” to Cookie Security
  • Fixed import/export function
  • Code refactoring

1.12.2

Release Date – 5th April, 2019

  • UI improvement for Content-Security-Policy
  • Fix for Access-Control-Allow-Headers
  • Fix for Access-Control-Allow-Origin
  • Fix for Feature-Policy

1.12.1

Release Date – 9th January, 2019

  • Remove direct calls to cURL

1.12.0

Release Date – 5th January, 2019

  • Better handling of activate/deactivate functions

1.11.0

Release Date – 9th December, 2018

  • Added support of “Clear-Site-Data” header

1.10.5

Release Date – 6th November, 2018

  • Hotfix: parallel work with third-party plugins

1.10.4

Release Date – 30th September, 2018

  • Support of following Server APIs: CGI, FastCGI, PHP-FPM
  • Error handling improvement

1.10.3

Release Date – 8th August, 2018

  • HSTS improvement
  • CORS improvement

1.10.2

Release Date – 31st July, 2018

  • Export feature bug-fixed

1.10.1

Release Date – 18th July, 2018

  • Feature-Policy header update: new features added

1.10.0

Release Date – 17th July, 2018

  • Added support of “Feature-Policy” header

1.9.5

Release Date – 12th July, 2018

  • CORS bugfix

1.9.4

Release Date – 13th January, 2018

  • In-plugin security improvement

1.9.3

Release Date – 10th January, 2018

  • Bug fix

1.9.2

Release Date – 4th January, 2018

  • Security improvements

1.9.1

Release Date – 27th December, 2017

  • Updated translations

1.9.0

Release Date – 23th December, 2017

  • Added support of “Report-To” header
  • Added support of translations
  • Added support of Import/Export
  • Updated “Content-Security-Policy” header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
  • Updated “WWW-Authenticate” header (support multiple users)
  • Updated “Access-Control” headers (added list of origins)

1.8.0

Release Date – 31st August, 2017

  • Added support of “Timing-Allow-Origin” header
  • Added support of “X-Download-Options” header
  • Added support of “X-DNS-Prefetch-Control” header
  • Added support of “X-Permitted-Cross-Domain-Policies” header
  • Added support of Custom headers

1.7.1

Release Date – 18th August, 2017

  • PHP notice bugfixed

1.7.0

Release Date – 15th August, 2017

  • Added support of “Content-Security-Policy-Report-Only” header
  • Added support of “Public-Key-Pins-Report-Only” header
  • Added “1; report=” directive to the “X-XSS-Protection” header
  • Added “Inspect headers” tool
  • UI bugfixes

1.6.0

Release Date – 5th August, 2017

  • Added support of “Expect-CT” header

1.5.0

Release Date – 30th July, 2017

  • Added support of “Age” header
  • Added support of “Cache-Control” header
  • Added support of “Connection” header
  • Added support of “Content-Encoding” header
  • Added support of “Expires” header
  • Added support of “Pragma” header
  • Added support of “Vary” header
  • Added support of “WWW-Authenticate” header
  • Added support of “X-Powered-By” header
  • Added support of “Secure” and “HttpOnly” cookies

1.4.0

Release Date – 5th July, 2017

  • Added support of Apache (via htaccess) inclusion method

1.3.0

Release Date – 3rd June, 2017

  • Added support of Content-Security-Policy header
  • Added dashboard

1.2.0

Release Date – 28th April, 2017

  • Added support of Referrer-Policy header

1.1.2

Release Date – 13th February, 2017

  • Added support of ‘preload’ directive to HSTS header

1.1.1

Release Date – 8th November, 2016

  • Fixed typo in the X-Frame-Options header

1.1.0

Release Date – 20th May, 2016

  • Added support of P3P header

1.0.0

Release Date – 10th May, 2016

  • Initial version