Stáhnout

HTTP Headers

Autor: Dimitar Ivanov

Popis

HTTP Headers gives your control over the http headers returned by your blog or website.

Headers supported by HTTP Headers includes:

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Max-Age
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Headers
  • Access-Control-Expose-Headers
  • Age
  • Content-Security-Policy
  • Content-Security-Policy-Report-Only
  • Cache-Control
  • Clear-Site-Data
  • Connection
  • Content-Encoding
  • Expect-CT
  • Expires
  • Feature-Policy
  • Pragma
  • Public-Key-Pins
  • Public-Key-Pins-Report-Only
  • P3P
  • Referrer-Policy
  • Report-To
  • Strict-Transport-Security
  • Timing-Allow-Origin
  • Vary
  • WWW-Authenticate
  • X-Content-Type-Options
  • X-DNS-Prefetch-Control
  • X-Download-Options
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • X-Powered-By
  • X-UA-Compatible
  • X-XSS-Protection

The getting started tutorial describes a typical configuration of this plugin.

Snímky obrazovky

  • This screenshot shows up the dashboard with categories of the supported headers.
  • This screenshot shows up the headers of a chosen category and their current values.
  • This screenshot shows up the settings page where you can adjust the security headers.
  • This screenshot shows up the response headers returned by the web server.

Instalace

Upload the HTTP Headers plugin to your blog. Then activate it.

That’s all.

Časté dotazy

Why to use this plugin?

Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.

Who use these headers?

These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.

Recenze

Semi-abandoned Project

The author tried to slip some new features into a bug-fix release and broke backward compatibility. I raised the issue in the support forum 2 weeks ago and have not yet received a response from the author. A scan of the support forum shows that he does not respond to most threads. In the meantime, the plugin fails to produce a Content-Security-Policy header, making it useless for my purposes. Furthermore, it fails silently; current users might not even notice that it's broken. Update 2019-04-20: changed rating from 1 star to 2 stars Update 2019-05-15 I have not only kept this plugin active on my site, I have also installed it on a second site. In fairness, despite my frustration with the author, I am bumping my review to 4 stars because it’s the best header plugin I could find.

Great plugin, very useful

Thank you! I am happy to use it. It is a very useful plugin and it offers nice links to explanations. It helps me practically and gets me to learn more about http headers. Great job!

Excelent Security Feature

I am working with Akamai, but for a startup business using a wordpress platform this is the coolest security feature i've seen so far. Very good plugin. Thank you. I donate some money as well to keep going
Přečtěte si všech 20 recenzí

Autoři

HTTP Headers je otevřený software. Následující lidé přispěli k vývoji tohoto pluginu.

Spolupracovníci

Přeložte “HTTP Headers” do svého jazyka.

Zajímá vás vývoj?

Prohledejte kód, podívejte se do SVN repozitáře, nebo se přihlaste k odběru protokolu vývoje pomocí RSS.

Přehled změn

1.13.3

Release Date – 16th June, 2019

  • Bugfix in „WWW-Authenticate“ header
  • Added support of Apache 2.4

1.13.2

Release Date – 13th June, 2019

  • Bugfix in „Content-Encoding“ header
  • Bugfix in „Vary“ header

1.13.1

Release Date – 8th June, 2019

  • Added Brotli compression

1.13.0

Release Date – 7th June, 2019

  • Added „SameSite“ to Cookie Security
  • Fixed import/export function
  • Code refactoring

1.12.2

Release Date – 5th April, 2019

  • UI improvement for Content-Security-Policy
  • Fix for Access-Control-Allow-Headers
  • Fix for Access-Control-Allow-Origin
  • Fix for Feature-Policy

1.12.1

Release Date – 9th January, 2019

  • Remove direct calls to cURL

1.12.0

Release Date – 5th January, 2019

  • Better handling of activate/deactivate functions

1.11.0

Release Date – 9th December, 2018

  • Added support of „Clear-Site-Data“ header

1.10.5

Release Date – 6th November, 2018

  • Hotfix: parallel work with third-party plugins

1.10.4

Release Date – 30th September, 2018

  • Support of following Server APIs: CGI, FastCGI, PHP-FPM
  • Error handling improvement

1.10.3

Release Date – 8th August, 2018

  • HSTS improvement
  • CORS improvement

1.10.2

Release Date – 31st July, 2018

  • Export feature bug-fixed

1.10.1

Release Date – 18th July, 2018

  • Feature-Policy header update: new features added

1.10.0

Release Date – 17th July, 2018

  • Added support of „Feature-Policy“ header

1.9.5

Release Date – 12th July, 2018

  • CORS bugfix

1.9.4

Release Date – 13th January, 2018

  • In-plugin security improvement

1.9.3

Release Date – 10th January, 2018

  • Bug fix

1.9.2

Release Date – 4th January, 2018

  • Security improvements

1.9.1

Release Date – 27th December, 2017

  • Updated translations

1.9.0

Release Date – 23th December, 2017

  • Added support of „Report-To“ header
  • Added support of translations
  • Added support of Import/Export
  • Updated „Content-Security-Policy“ header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
  • Updated „WWW-Authenticate“ header (support multiple users)
  • Updated „Access-Control“ headers (added list of origins)

1.8.0

Release Date – 31st August, 2017

  • Added support of „Timing-Allow-Origin“ header
  • Added support of „X-Download-Options“ header
  • Added support of „X-DNS-Prefetch-Control“ header
  • Added support of „X-Permitted-Cross-Domain-Policies“ header
  • Added support of Custom headers

1.7.1

Release Date – 18th August, 2017

  • PHP notice bugfixed

1.7.0

Release Date – 15th August, 2017

  • Added support of „Content-Security-Policy-Report-Only“ header
  • Added support of „Public-Key-Pins-Report-Only“ header
  • Added „1; report=“ directive to the „X-XSS-Protection“ header
  • Added „Inspect headers“ tool
  • UI bugfixes

1.6.0

Release Date – 5th August, 2017

  • Added support of „Expect-CT“ header

1.5.0

Release Date – 30th July, 2017

  • Added support of „Age“ header
  • Added support of „Cache-Control“ header
  • Added support of „Connection“ header
  • Added support of „Content-Encoding“ header
  • Added support of „Expires“ header
  • Added support of „Pragma“ header
  • Added support of „Vary“ header
  • Added support of „WWW-Authenticate“ header
  • Added support of „X-Powered-By“ header
  • Added support of „Secure“ and „HttpOnly“ cookies

1.4.0

Release Date – 5th July, 2017

  • Added support of Apache (via htaccess) inclusion method

1.3.0

Release Date – 3rd June, 2017

  • Added support of Content-Security-Policy header
  • Added dashboard

1.2.0

Release Date – 28th April, 2017

  • Added support of Referrer-Policy header

1.1.2

Release Date – 13th February, 2017

  • Added support of ‚preload‘ directive to HSTS header

1.1.1

Release Date – 8th November, 2016

  • Fixed typo in the X-Frame-Options header

1.1.0

Release Date – 20th May, 2016

  • Added support of P3P header

1.0.0

Release Date – 10th May, 2016

  • Initial version

Meta

Hodnocení

Zobrazit vše

Spolupracovníci

Podpora

Vyřešené problémy během posledních dvou měsíců:

1 z 5

Fórum podpory

Dary

Chtěli byste podpořit vývoj tohoto pluginu?

Přispět na tento plugin