Title: Secure HTTP Headers Author: shasha310 Published: 2021년 4월 13일 Last modified: 2021년 4월 13일 --- 플러그인 검색 ![](https://ps.w.org/secure-http-headers/assets/banner-772x250.png?rev=2513905) 이 플러그인은 **최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다**. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다. ![](https://ps.w.org/secure-http-headers/assets/icon-128x128.png?rev=2513803) # Secure HTTP Headers 작성자: [shasha310](https://profiles.wordpress.org/shasha310/) [다운로드](https://downloads.wordpress.org/plugin/secure-http-headers.1.0.zip) * [세부사항](https://ko.wordpress.org/plugins/secure-http-headers/#description) * [평가](https://ko.wordpress.org/plugins/secure-http-headers/#reviews) * [설치](https://ko.wordpress.org/plugins/secure-http-headers/#installation) * [개발](https://ko.wordpress.org/plugins/secure-http-headers/#developers) [지원](https://wordpress.org/support/plugin/secure-http-headers/) ## 설명 Harden your web applications. HTTP header fields are components of the header section of request and response messages. The headers define the operating parameters of an HTTP transaction. Securing HTTP headers will improve the resilience of your web application against many common attacks including those that are on the OWASP top 10 list. Securing headers can also improve your SEO rank and in addition to preventing websites from being marked as dangerous by browsers and antivirus applications. Protect sensitive user information and be compliant with privacy regulations. Defend users from stealing private data by protecting website cookies. Use the proper directive such as “secure”, “httponly” and “samesite”, all of those will be applied automatically by “Secure HTTP Headers” plugin. Secure HTTP Headers will automatically analyze any website and will build up secure headers directives, by the latest best practice. In addition, Secure HTTP Headers offers fully configurable options, apply or skip any header directive as needed. Install and activate Secure HTTP Headers with full confidence, the deactivation of this plugin will return your website header directives to their original state. ### Main plugin functionality 1. HTTP Strict Transport Security – helps to protect websites against man-in-the- middle attacks and cookie hijacking 2. X-Frame-Options – helps to protect users against ClickJacking attacks 3. X-Content-Type-Options – helps to prevent the browser from MIME-sniffing 4. Referrer-Policy – helps to control how much referrer information should be included with requests 5. Clear-Site-Data – helps to ensure that data is deleted from the browser if the user logs out 6. X-Download-Options – helps to control how IE 8 will handle downloaded HTML files 7. Access-Control-Allow-Origin – helps to ensure whether the response can be shared with requesting code from the given origin 8. Cross-Origin-Embedder-Policy – helps to prevent a document from loading any cross- origin resources that don’t explicitly grant the document permission 9. Permissions-Policy – helps to allow and deny the use of browser features in its own frame, and in content within any iframe elements in the document 10. Cross-Origin-Opener-Policy – helps to protect websites against a set of cross- origin attacks dubbed XS-Leaks 11. Cross-Origin-Resource-Policy – helps to protect websites against speculative side- channel attacks, like Spectre, as well as Cross-Site Script Inclusion attacks 12. X-Permitted-Cross-Domain-Policies – helps to control how cross-domain requests from Flash and PDF documents are handled 13. Cookie Http-Only flag – helps to protect websites against Cross-Site Scripting, or XSS attacks 14. Cookie Secure flag – helps to ensure that cookie is sent over a secure connection 15. Cookie Samesite Lax flag – helps to protect websites against CSRF and XSSI attacks 16. Expect-CT – helps to prevent the use of misissued certificates for a website. Note: The Expect-CT will likely become obsolete in June 2021 ### What are the optional extras? Magnisec is offering “Secure HTTP Headers enhanced” A plugin that contains, in addition, an engine that watches and builds in any website changes a CSP – Content Security Policy that is best practice and recommended by all professional securities experts, that mitigate XSS -Cross site Scripting, one of the most common and destructive attacks. Price: 50$ /year for a domain. More details and installation [here](https://magnisec.com) ## 스크린샷 * [[ * In the left sidebar menu, navigate to Settings > Secure HTTP Headers and choose your website’s server * [[ * Click the button “Recommended configuration” or choose your custom configuration * [[ * If your server is NGINX, follow directions for securing your website ## 설치 1. Upload plugin files to your plugins folder, or install using WordPress built-in Add New Plugin installer 2. Activate the plugin 3. Choose a custom configuration or select recommended one. ## FAQ ### What will happen if I deactivate Secure HTTP Headers? Your initial configuration will restore with no change. ## 후기 ![](https://secure.gravatar.com/avatar/1b24085a7c8604bf616a16bb0b48aacd84b00a2ff79b2e98f4040f1e3974e9b9? s=60&d=retro&r=g) ### 󠀁[Conflict with other Security Plugin](https://wordpress.org/support/topic/conflict-with-other-security-plugin/)󠁿 [Mike Padua](https://profiles.wordpress.org/jsuria/) 2021년 6월 11일 This plugin has not been thoroughly tested. It caused a code 500 error on our Wordpress installation (good thing it was just staging!), making the site and admin panel inaccessible. Please pull this out of the plugin market as this needs to be tested alongside different security plugins as well. ![](https://secure.gravatar.com/avatar/fd1d58ce44ef22dd5be33ba7dff3235101a6ab0102776b77dda7ccbd30c23405? s=60&d=retro&r=g) ### 󠀁[Works.](https://wordpress.org/support/topic/works-1911/)󠁿 [Curtis](https://profiles.wordpress.org/salsafire/) 2021년 6월 5일 Thank you for developing this plugin. Combined with another plugin, the default configuration is helping to get the ‘A’ rating I was looking for from the url test. [ 모든 2 평가 읽기 ](https://wordpress.org/support/plugin/secure-http-headers/reviews/) ## 기여자 & 개발자 “Secure HTTP Headers”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다. 기여자 * [ shasha310 ](https://profiles.wordpress.org/shasha310/) [자국어로 “Secure HTTP Headers”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/secure-http-headers) ### 개발에 관심이 있으십니까? [코드 탐색하기](https://plugins.trac.wordpress.org/browser/secure-http-headers/) 는, [SVN 저장소](https://plugins.svn.wordpress.org/secure-http-headers/)를 확인하시거나, [개발 기록](https://plugins.trac.wordpress.org/log/secure-http-headers/)을 [RSS](https://plugins.trac.wordpress.org/log/secure-http-headers/?limit=100&mode=stop_on_copy&format=rss) 로 구독하세요. ## 변경이력 #### 1.0 * Initial Version. ## 기초 * 버전 **1.0** * 최근 업데이트: **5년 전** * 활성화된 설치 **100+** * 워드프레스 버전 ** 5.3 또는 그 이상 ** * 다음까지 시험됨: **5.7.15** * PHP 버전 ** 7.2 또는 그 이상 ** * 언어 * [English (US)](https://wordpress.org/plugins/secure-http-headers/) * 태그: * [cookies](https://ko.wordpress.org/plugins/tags/cookies/)[hardening](https://ko.wordpress.org/plugins/tags/hardening/) [headers](https://ko.wordpress.org/plugins/tags/headers/)[security](https://ko.wordpress.org/plugins/tags/security/) * [고급 보기](https://ko.wordpress.org/plugins/secure-http-headers/advanced/) ## 평점 별 5점 만점에 3점. * [ 1/5-별점 후기 ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=5) * [ 0/4-별점 후기 ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=4) * [ 0/3-별점 후기 ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=3) * [ 0/2-별점 후기 ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=2) * [ 1/1-별점 후기 ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=1) [리뷰 추가하기](https://wordpress.org/support/plugin/secure-http-headers/reviews/#new-post) [모든 리뷰 보기](https://wordpress.org/support/plugin/secure-http-headers/reviews/) ## 기여자 * [ shasha310 ](https://profiles.wordpress.org/shasha310/) ## 지원 할 말 있으신가요? 도움이 필요하신가요? [지원 포럼 보기](https://wordpress.org/support/plugin/secure-http-headers/)