Description
HTTP Headers gives your control over the http headers returned by your blog or website.
Headers supported by HTTP Headers includes:
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Max-Age
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
- Access-Control-Expose-Headers
- Age
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- Cache-Control
- Clear-Site-Data
- Connection
- Content-Encoding
- Content-Type
- Cross-Origin-Embedder-Policy
- Cross-Origin-Opener-Policy
- Cross-Origin-Resource-Policy
- Expect-CT
- Expires
- Feature-Policy
- NEL
- Permissions-Policy
- Pragma
- P3P
- Referrer-Policy
- Report-To
- Strict-Transport-Security
- Timing-Allow-Origin
- Vary
- WWW-Authenticate
- X-Content-Type-Options
- X-DNS-Prefetch-Control
- X-Download-Options
- X-Frame-Options
- X-Permitted-Cross-Domain-Policies
- X-Powered-By
- X-Robots-Tag
- X-UA-Compatible
- X-XSS-Protection
Screenshots
This screenshot shows up the dashboard with categories of the supported headers. This screenshot shows up the headers of a chosen category and their current values. This screenshot shows up the settings page where you can adjust the security headers. This screenshot shows up the response headers returned by the web server.
Installation
Upload the HTTP Headers plugin to your blog. Then activate it.
That’s all.
FAQ
-
Why to use this plugin?
-
Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.
-
Who use these headers?
-
These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.
Reviews
Contributors & Developers
“HTTP Headers” is open source software. The following people have contributed to this plugin.
Contributors“HTTP Headers” has been translated into 3 locales. Thank you to the translators for their contributions.
Translate “HTTP Headers” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.19.2
Release Date – 22nd December, 2024
- Added âscript-src-elemâ directive to âContent-Security-Policyâ header
- Added âscript-src-attrâ directive to âContent-Security-Policyâ header
- Added âstyle-src-elemâ directive to âContent-Security-Policyâ header
- Added âstyle-src-attrâ directive to âContent-Security-Policyâ header
1.19.1
Release Date – 2nd September, 2023
- Added âclientHintsâ directive to âClear-Site-Dataâ header
- Added âcredentiallessâ directive to âCross-Origin-Embedder-Policyâ header
1.19.0
Release Date – 7th July, 2023
- Fixed: SSRF vulnerability by an Admin user
- Fixed: XSS vulnerability by an Admin user
1.18.11
Release Date – 11th June, 2023
- Fixed: Remote Code Execution by an Admin user
1.18.10
Release Date – 28th May, 2023
- Fixed: Remote Code Execution by an Admin user
- Removed: Import/Export functions
1.18.9
Release Date – 23rd April, 2023
- Fixed: Remote Code Execution by an Admin user
1.18.8
Release Date – 17th April, 2023
- Fixed: SQL Injection by an Admin user
- Fixed: Remote Code Execution by an Admin user
- Few PHP 8.x compatible fixes
1.18.7
Release Date – 24th January, 2023
- Fix CSP default value
1.18.6
Release Date – 22nd January, 2023
- PHP 8 compatibility changes
1.18.5
Release Date – 30th April, 2021
- Configurable paths to files who store passwords for basic/digest auth
- Fixed issue with plugin activation, due missing file
1.18.4
Release Date – 30th April, 2021
- Initial value of X-Robots-Tag fixed
1.18.3
Release Date – 30th April, 2021
- Added âX-Robots-Tagâ header
- Added âinterest-cohortâ, âlayout-animationsâ, âlegacy-image-formatsâ, âoversized-imagesâ, and âwake-lockâ directive to âPermissions-Policyâ header
- Added âcross-originâ value to âCross-Origin-Resource-Policyâ header
- Added ânavigate-toâ and âprefetch-srcâ directives to âContent-Security-Policyâ header
1.18.2
Release Date – 24th April, 2021
- Configurable paths to .htaccess and .user.ini files
1.18.1
Release Date – 29th October, 2020
- Added âallow-downloadsâ and âallow-top-navigation-by-user-activationâ to âsandboxâ directive, part of CSP
1.18.0
Release Date – 20th September, 2020
- Added âPermissions-Policyâ header
- Fixed âCookie Securityâ
1.17.0
Release Date – 26th July, 2020
- Added âCross-Origin-Embedder-Policyâ header
- Added âCross-Origin-Opener-Policyâ header
1.16.1
Release Date – 23rd July, 2020
- Fixed JS/CSS versioning
1.16.0
Release Date – 23rd July, 2020
- Added the âNELâ header
- Fixed the âReport-Toâ header
1.15.2
Release Date – 18th June, 2020
- Fixed a PHP Notice at âExpiresâ page
- Fixed comments in .user.ini file
1.15.1
Release Date – 9th May, 2020
- Fixed the âAccess-Control-Allow-Originâ header
1.15.0
Release Date – 26th January, 2020
- Added the âCross-Origin-Resource-Policyâ header
- Removed the âPublic-Key-Pinsâ header
1.14.2
Release Date – 25th November, 2019
- CORS headers updated (added âVary: Originâ)
1.14.1
Release Date – 15th September, 2019
- Simple filtering was replaced with Dynamic filtering
1.14.0
Release Date – 1st September, 2019
- Added the âContent-Typeâ header
- Fixed the âAccess-Control-Allow-Credentialsâ header
- Improvement to âAccess-Control-Allow-Headersâ header
- Improvement to âAccess-Control-Allow-Methodsâ header
- Improvement to âAccess-Control-Expose-Headersâ header
- Improvement to âCache-Controlâ header
- Improvement to âVaryâ header
1.13.4
Release Date – 14th July, 2019
- Added the âalwaysâ condition to Header (unset) directive
- Fixed the âimportâ function
- Fixed the âAccess-Control-Allow-Originâ header
1.13.3
Release Date – 16th June, 2019
- Bugfix in âWWW-Authenticateâ header
- Added support of Apache 2.4
1.13.2
Release Date – 13th June, 2019
- Bugfix in âContent-Encodingâ header
- Bugfix in âVaryâ header
1.13.1
Release Date – 8th June, 2019
- Added Brotli compression
1.13.0
Release Date – 7th June, 2019
- Added âSameSiteâ to Cookie Security
- Fixed import/export function
- Code refactoring
1.12.2
Release Date – 5th April, 2019
- UI improvement for Content-Security-Policy
- Fix for Access-Control-Allow-Headers
- Fix for Access-Control-Allow-Origin
- Fix for Feature-Policy
1.12.1
Release Date – 9th January, 2019
- Remove direct calls to cURL
1.12.0
Release Date – 5th January, 2019
- Better handling of activate/deactivate functions
1.11.0
Release Date – 9th December, 2018
- Added support of âClear-Site-Dataâ header
1.10.5
Release Date – 6th November, 2018
- Hotfix: parallel work with third-party plugins
1.10.4
Release Date – 30th September, 2018
- Support of following Server APIs: CGI, FastCGI, PHP-FPM
- Error handling improvement
1.10.3
Release Date – 8th August, 2018
- HSTS improvement
- CORS improvement
1.10.2
Release Date – 31st July, 2018
- Export feature bug-fixed
1.10.1
Release Date – 18th July, 2018
- Feature-Policy header update: new features added
1.10.0
Release Date – 17th July, 2018
- Added support of âFeature-Policyâ header
1.9.5
Release Date – 12th July, 2018
- CORS bugfix
1.9.4
Release Date – 13th January, 2018
- In-plugin security improvement
1.9.3
Release Date – 10th January, 2018
- Bug fix
1.9.2
Release Date – 4th January, 2018
- Security improvements
1.9.1
Release Date – 27th December, 2017
- Updated translations
1.9.0
Release Date – 23th December, 2017
- Added support of âReport-Toâ header
- Added support of translations
- Added support of Import/Export
- Updated âContent-Security-Policyâ header (added directives: object-src, frame-src, worker-src, manifest-src, base-uri, report-to)
- Updated âWWW-Authenticateâ header (support multiple users)
- Updated âAccess-Controlâ headers (added list of origins)
1.8.0
Release Date – 31st August, 2017
- Added support of âTiming-Allow-Originâ header
- Added support of âX-Download-Optionsâ header
- Added support of âX-DNS-Prefetch-Controlâ header
- Added support of âX-Permitted-Cross-Domain-Policiesâ header
- Added support of Custom headers
1.7.1
Release Date – 18th August, 2017
- PHP notice bugfixed
1.7.0
Release Date – 15th August, 2017
- Added support of âContent-Security-Policy-Report-Onlyâ header
- Added support of âPublic-Key-Pins-Report-Onlyâ header
- Added â1; report=â directive to the âX-XSS-Protectionâ header
- Added âInspect headersâ tool
- UI bugfixes
1.6.0
Release Date – 5th August, 2017
- Added support of âExpect-CTâ header
1.5.0
Release Date – 30th July, 2017
- Added support of âAgeâ header
- Added support of âCache-Controlâ header
- Added support of âConnectionâ header
- Added support of âContent-Encodingâ header
- Added support of âExpiresâ header
- Added support of âPragmaâ header
- Added support of âVaryâ header
- Added support of âWWW-Authenticateâ header
- Added support of âX-Powered-Byâ header
- Added support of âSecureâ and âHttpOnlyâ cookies
1.4.0
Release Date – 5th July, 2017
- Added support of Apache (via htaccess) inclusion method
1.3.0
Release Date – 3rd June, 2017
- Added support of Content-Security-Policy header
- Added dashboard
1.2.0
Release Date – 28th April, 2017
- Added support of Referrer-Policy header
1.1.2
Release Date – 13th February, 2017
- Added support of âpreloadâ directive to HSTS header
1.1.1
Release Date – 8th November, 2016
- Fixed typo in the X-Frame-Options header
1.1.0
Release Date – 20th May, 2016
- Added support of P3P header
1.0.0
Release Date – 10th May, 2016
- Initial version