Popis

HTTP Headers gives your control over the http headers returned by your blog or website.

Headers supported by HTTP Headers includes:

Access-Control-Allow-Origin
Access-Control-Allow-Credentials
Access-Control-Max-Age
Access-Control-Allow-Methods
Access-Control-Allow-Headers
Access-Control-Expose-Headers
Age
Content-Security-Policy
Content-Security-Policy-Report-Only
Cache-Control
Clear-Site-Data
Connection
Content-Encoding
Content-Type
Expect-CT
Expires
Feature-Policy
Pragma
Public-Key-Pins
Public-Key-Pins-Report-Only
P3P
Referrer-Policy
Report-To
Strict-Transport-Security
Timing-Allow-Origin
Vary
WWW-Authenticate
X-Content-Type-Options
X-DNS-Prefetch-Control
X-Download-Options
X-Frame-Options
X-Permitted-Cross-Domain-Policies
X-Powered-By
X-UA-Compatible
X-XSS-Protection

The getting started tutorial describes a typical configuration of this plugin.

Snímky obrazovky

This screenshot shows up the dashboard with categories of the supported headers.
This screenshot shows up the headers of a chosen category and their current values.
This screenshot shows up the settings page where you can adjust the security headers.
This screenshot shows up the response headers returned by the web server.

Instalace

Upload the HTTP Headers plugin to your blog. Then activate it.

That’s all.

Časté dotazy

Why to use this plugin?: Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.
Who use these headers?: These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.

Recenze

frankvictor 7. 9. 2019

This plugin is just perfect! UX could be improved a bit. Have to click a lot hahah.

milenfrom 2. 9. 2019

Thank you kindly for releasing this plugin to the public!

mello1 22. 8. 2019

Giving neutral rating of 3 because the problem could be me. Installed and activated .. but no change to security results using Mozilla Observatory. All settings were set to 'off' position so turned 'on' the ones failing MozObs test - re-ran scan - still showing no effect. Am I doing something wrong? Does it take time to work? Why does developer say just install and activate but all settings are automatically OFF?

bulls_shark 4. 8. 2019

Fast support, the plugin does what it should. Nice would be a function where after installation all important settings for WordPress are taken over and only need to be adjusted. Better description would help, so that you do not have to search the Internet, but the support also helps fast.

Gord 15. 5. 2019

The author tried to slip some new features into a bug-fix release and broke backward compatibility. I raised the issue in the support forum 2 weeks ago and have not yet received a response from the author. A scan of the support forum shows that he does not respond to most threads. In the meantime, the plugin fails to produce a Content-Security-Policy header, making it useless for my purposes. Furthermore, it fails silently; current users might not even notice that it's broken. Update 2019-04-20: changed rating from 1 star to 2 stars Update 2019-05-15 I have not only kept this plugin active on my site, I have also installed it on a second site. In fairness, despite my frustration with the author, I am bumping my review to 4 stars because it’s the best header plugin I could find.

dionwiggins 4. 4. 2019

Very slick and easy to use.

Přečtěte si všech 24 recenzí

Autoři

HTTP Headers je otevřený software. Následující lidé přispěli k vývoji tohoto pluginu.

Dimitar Ivanov

Přeložte “HTTP Headers” do svého jazyka.

Zajímá vás vývoj?

Prohledejte kód, podívejte se do SVN repozitáře, nebo se přihlaste k odběru protokolu vývoje pomocí RSS.

Přehled změn

1.14.1

Release Date – 15th September, 2019

Simple filtering was replaced with Dynamic filtering

1.14.0

Release Date – 1st September, 2019

Added the „Content-Type“ header
Fixed the „Access-Control-Allow-Credentials“ header
Improvement to „Access-Control-Allow-Headers“ header
Improvement to „Access-Control-Allow-Methods“ header
Improvement to „Access-Control-Expose-Headers“ header
Improvement to „Cache-Control“ header
Improvement to „Vary“ header

1.13.4

Release Date – 14th July, 2019

Added the „always“ condition to Header (unset) directive
Fixed the „import“ function
Fixed the „Access-Control-Allow-Origin“ header

1.13.3

Release Date – 16th June, 2019

Bugfix in „WWW-Authenticate“ header
Added support of Apache 2.4

1.13.2

Release Date – 13th June, 2019

Bugfix in „Content-Encoding“ header
Bugfix in „Vary“ header

1.13.1

Release Date – 8th June, 2019

Added Brotli compression

1.13.0

Release Date – 7th June, 2019

Added „SameSite“ to Cookie Security
Fixed import/export function
Code refactoring

1.12.2

Release Date – 5th April, 2019

UI improvement for Content-Security-Policy
Fix for Access-Control-Allow-Headers
Fix for Access-Control-Allow-Origin
Fix for Feature-Policy

1.12.1

Release Date – 9th January, 2019

Remove direct calls to cURL

1.12.0

Release Date – 5th January, 2019

Better handling of activate/deactivate functions

1.11.0

Release Date – 9th December, 2018

Added support of „Clear-Site-Data“ header

1.10.5

Release Date – 6th November, 2018

Hotfix: parallel work with third-party plugins

1.10.4

Release Date – 30th September, 2018

Support of following Server APIs: CGI, FastCGI, PHP-FPM
Error handling improvement

1.10.3

Release Date – 8th August, 2018

HSTS improvement
CORS improvement

1.10.2

Release Date – 31st July, 2018

Export feature bug-fixed

1.10.1

Release Date – 18th July, 2018

Feature-Policy header update: new features added

1.10.0

Release Date – 17th July, 2018

Added support of „Feature-Policy“ header

1.9.5

Release Date – 12th July, 2018

CORS bugfix

1.9.4

Release Date – 13th January, 2018

In-plugin security improvement

1.9.3

Release Date – 10th January, 2018

Bug fix

1.9.2

Release Date – 4th January, 2018

Security improvements

1.9.1

Release Date – 27th December, 2017

Updated translations

1.9.0

Release Date – 23th December, 2017

Added support of „Report-To“ header
Added support of translations
Added support of Import/Export
Updated „Content-Security-Policy“ header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
Updated „WWW-Authenticate“ header (support multiple users)
Updated „Access-Control“ headers (added list of origins)

1.8.0

Release Date – 31st August, 2017

Added support of „Timing-Allow-Origin“ header
Added support of „X-Download-Options“ header
Added support of „X-DNS-Prefetch-Control“ header
Added support of „X-Permitted-Cross-Domain-Policies“ header
Added support of Custom headers

1.7.1

Release Date – 18th August, 2017

PHP notice bugfixed

1.7.0

Release Date – 15th August, 2017

Added support of „Content-Security-Policy-Report-Only“ header
Added support of „Public-Key-Pins-Report-Only“ header
Added „1; report=“ directive to the „X-XSS-Protection“ header
Added „Inspect headers“ tool
UI bugfixes

1.6.0

Release Date – 5th August, 2017

Added support of „Expect-CT“ header

1.5.0

Release Date – 30th July, 2017

Added support of „Age“ header
Added support of „Cache-Control“ header
Added support of „Connection“ header
Added support of „Content-Encoding“ header
Added support of „Expires“ header
Added support of „Pragma“ header
Added support of „Vary“ header
Added support of „WWW-Authenticate“ header
Added support of „X-Powered-By“ header
Added support of „Secure“ and „HttpOnly“ cookies

1.4.0

Release Date – 5th July, 2017

Added support of Apache (via htaccess) inclusion method

1.3.0

Release Date – 3rd June, 2017

Added support of Content-Security-Policy header
Added dashboard

1.2.0

Release Date – 28th April, 2017

Added support of Referrer-Policy header

1.1.2

Release Date – 13th February, 2017

Added support of ‚preload‘ directive to HSTS header

1.1.1

Release Date – 8th November, 2016

Fixed typo in the X-Frame-Options header

1.1.0

Release Date – 20th May, 2016

Added support of P3P header

1.0.0

Release Date – 10th May, 2016

Initial version