Title: HTTP Security Header
Author: MOHIT GOYAL
Published: <strong>1. 11. 2024</strong>
Last modified: 30. 12. 2025

---

Prohledat pluginy

![](https://ps.w.org/security-header/assets/banner-772x250.png?rev=3395050)

![](https://ps.w.org/security-header/assets/icon-256x256.png?rev=3213458)

# HTTP Security Header

 Autor: [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/)

[Stáhnout](https://downloads.wordpress.org/plugin/security-header.3.1.zip)

 * [Podrobnosti](https://cs.wordpress.org/plugins/security-header/#description)
 * [Hodnocení](https://cs.wordpress.org/plugins/security-header/#reviews)
 *  [Instalace](https://cs.wordpress.org/plugins/security-header/#installation)
 * [Vývojáři](https://cs.wordpress.org/plugins/security-header/#developers)

 [Podpora](https://wordpress.org/support/plugin/security-header/)

## Popis

**HTTP Security Header** helps protect your WordPress site by adding critical HTTP
headers to each response — with no code required. These headers provide additional
layers of protection against attacks such as cross-site scripting (XSS), clickjacking,
content injection, and resource leaks.

This plugin offers a modern, responsive admin dashboard with validation, fallback
safety, and full control over each header’s default or custom value.

### 🔎 Scan Your Website Security Headers

Before configuring headers, instantly check your website’s current security score
using our online header scanner:

👉 [Scan Your Website Security Headers](https://inspiredmonks.com/http-security-header-scanner/)

✔ Enter your website URL
 ✔ Get instant Security Grade (A+ to F) ✔ See which headers
are Present or Missing ✔ Get clear, actionable recommendations ✔ Easily fix them
using this plugin

Used by thousands of websites to enhance security and protect user data.

**Features Include:**
 – Visual toggles for enabling/disabling headers – Option 
to use **default or custom header values** – Secure fallback if a header is misconfigured–
Integrated **header validation** – Support for all major browser-supported headers–
Nonce-based saving and admin notices – WP Multisite compatible – „Disable All“ and„
Reset to Important Headers“ actions – Per-header input validation with real-time
error fallback

**Supported Headers:**
 * Strict-Transport-Security (HSTS) * X-Frame-Options * X-
Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy*
X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin-
Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder-
Policy (COEP)

### Features

 * Lightweight and performance-focused
 * No front-end impact
 * Choose default or custom header values
 * Secure validation and auto-fallbacks
 * Seamless plugin compatibility (including WP Rocket)
 * Fully translation-ready and i18n-compliant
 * Nonce-protected admin save actions
 * Optional reset-to-default support
 * Reset or disable all headers with one click

## Snímky obrazovky

 * [[
 * Example of site secured using HTTP Security Header plugin.
 * [[
 * Example of missing / weak headers before enabling plugin.

## Instalace

 1. Upload the plugin folder to `/wp-content/plugins/`
 2. Activate the plugin via WordPress admin
 3. Navigate to **Settings  Security Headers** to configure

## Nejčastější dotazy

### Does this modify the .htaccess file?

No, this plugin applies headers dynamically using `send_headers` — making it cache-
safe, portable, and compatible with all environments.

### Is this plugin multisite compatible?

Yes, you can configure headers per site on a WordPress Multisite network.

### What happens if a custom value is invalid?

The plugin uses fallback logic to prevent breaking the site by reverting to a known
safe default. An admin notice will also appear.

### How do I reset the headers?

Click the “Reset to Defaults” option in the admin panel to revert settings to secure
recommended defaults.

### Can I disable all headers at once?

Yes. The “Disable All” button allows you to turn off all headers in a single action.

### Will this block any scripts or resources?

Some headers like `Content-Security-Policy` or `COEP` can affect script loading.
Test after enabling them, especially with third-party scripts.

### Does this support headers like COOP, CORP, and COEP?

Yes, advanced cross-origin headers like COOP, CORP, and COEP are supported.

## Recenze

![](https://secure.gravatar.com/avatar/fcce798170fa5b69cc3afcef52cafc5eed3e197f5eff688e00e17f31806a2e36?
s=60&d=retro&r=g)

### 󠀁[pretty good](https://wordpress.org/support/topic/pretty-good-311/)󠁿

 [Mahmoud Adel Mahmoud Mostafa el-Ashry](https://profiles.wordpress.org/ashryx/)
18. 1. 2025

each security header fix is well illustrated

![](https://secure.gravatar.com/avatar/8389285554bb1222b470b60d3c1ead5abe8b9c7cae6894fd941ae87f3e50e0ae?
s=60&d=retro&r=g)

### 󠀁[Works Great](https://wordpress.org/support/topic/works-great-9462/)󠁿

 [mejoudal](https://profiles.wordpress.org/mejoudal/) 10. 12. 2024 1 odpověď

Works Great very simple to use woerks great with Divi

![](https://secure.gravatar.com/avatar/35c4aed5e78d2eac299b57637f9813d8294727127b8b5518302984379e9a20fe?
s=60&d=retro&r=g)

### 󠀁[Essential for Enhancing Website Security](https://wordpress.org/support/topic/essential-for-enhancing-website-security/)󠁿

 [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) 1. 11. 2024

I recently integrated the Security Header plugin into my WordPress site, and it 
has significantly improved my website’s security posture. The user-friendly interface
made it easy to enable essential HTTP security headers with just a few clicks.

 [ Přečtěte si všechny 3 recenze ](https://wordpress.org/support/plugin/security-header/reviews/)

## Autoři

HTTP Security Header je otevřený software. Následující lidé přispěli k vývoji tohoto
pluginu.

Spolupracovníci

 *   [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/)

[Přeložte “HTTP Security Header” do svého jazyka.](https://translate.wordpress.org/projects/wp-plugins/security-header)

### Zajímá vás vývoj?

[Prohledejte kód](https://plugins.trac.wordpress.org/browser/security-header/), 
podívejte se do [SVN repozitáře](https://plugins.svn.wordpress.org/security-header/),
nebo se přihlaste k[ odběru protokolu vývoje](https://plugins.trac.wordpress.org/log/security-header/)
pomocí [RSS](https://plugins.trac.wordpress.org/log/security-header/?limit=100&mode=stop_on_copy&format=rss).

## Přehled změn

#### 3.1

 * NEW: Real-time validation for custom headers with fallback + admin warnings
 * NEW: „Disable All Headers“ button in settings UI
 * NEW: Reset-to-default activates **only important headers**
 * Improved validation logic for `Permissions-Policy`, `CSP`, and `Expect-CT`
 * Refined translations and I18N compliance

#### 3.0

 * Added support for **Cross-Origin-Embedder-Policy (COEP)**
 * Refactored header application with **auto-fallback and validation**
 * Introduced full **nonce protection** and security hardening
 * Enhanced admin UI with tooltips and mobile-first design
 * Introduced reset-to-defaults architecture
 * Removed `.htaccess` dependency

#### 2.2

 * Merged Feature-Policy with Permissions-Policy
 * Improved `.htaccess` logic
 * Enhanced CSP formatting

#### 2.1

 * Added COOP and CORP headers
 * Improved UI layout and validation

#### 2.0.3 – 2.0.1

 * UI improvements and compatibility fixes

#### 2.0

 * Major refactor with modular header handling

#### 1.0

 * Initial release

## Meta

 *  Verze **3.1**
 *  Poslední aktualizace **před 3 měsíce**
 *  Aktivních instalací **1 000+**
 *  Verze WordPressu ** 5.0 nebo novější **
 *  Testováno až do WordPressu **6.9.4**
 *  Verze PHP ** 7.0 nebo novější **
 *  Jazyk
 * [English (US)](https://wordpress.org/plugins/security-header/)
 * Štítky
 * [clickjacking](https://cs.wordpress.org/plugins/tags/clickjacking/)[content security policy](https://cs.wordpress.org/plugins/tags/content-security-policy/)
   [Security Headers](https://cs.wordpress.org/plugins/tags/security-headers/)[wordpress security](https://cs.wordpress.org/plugins/tags/wordpress-security/)
 *  [Podrobnosti](https://cs.wordpress.org/plugins/security-header/advanced/)

## Hodnocení

 5 z 5 hvězdiček.

 *  [  3 5hvězdičkové hodnocení     ](https://wordpress.org/support/plugin/security-header/reviews/?filter=5)
 *  [  0 4hvězdičkové hodnocení     ](https://wordpress.org/support/plugin/security-header/reviews/?filter=4)
 *  [  0 3hvězdičkové hodnocení     ](https://wordpress.org/support/plugin/security-header/reviews/?filter=3)
 *  [  0 2hvězdičkové hodnocení     ](https://wordpress.org/support/plugin/security-header/reviews/?filter=2)
 *  [  0 1hvězdičkové hodnocení     ](https://wordpress.org/support/plugin/security-header/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/security-header/reviews/#new-post)

[Zobrazit všechny recenze](https://wordpress.org/support/plugin/security-header/reviews/)

## Spolupracovníci

 *   [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/)

## Podpora

Potřebujete pomoc?

 [Fórum podpory](https://wordpress.org/support/plugin/security-header/)

## Dary

Chtěli byste podpořit vývoj tohoto pluginu?

 [ Přispět na tento plugin ](https://pages.razorpay.com/inspiredmonks)