Title: HTTP Headers Author: Dimitar Ivanov Published: 10. meje 2016 Last modified: 22. decembra 2024 --- Tykače pytać ![](https://s.w.org/plugins/geopattern-icon/http-headers_235d98.svg) # http-headers Wot [Dimitar Ivanov](https://profiles.wordpress.org/zinoui/) * [Podrobnosće](https://hsb.wordpress.org/plugins/http-headers/#description) * [Pohódnoćenja](https://hsb.wordpress.org/plugins/http-headers/#reviews) * [Wuwiće](https://hsb.wordpress.org/plugins/http-headers/#developers) [Podpěra](https://wordpress.org/support/plugin/http-headers/) ## Wopisanje Tutón tykač je so dnja 15. apryla 2026 zawrěł a njeje za sćehnjenje k dispoziciji. Tute zawrjenje je nachwilne, čaka so na dospołne přepruwowanje. ## Pohódnoćenja ![](https://secure.gravatar.com/avatar/d2e38bfa35eaad34aee063c1bee978a75a5572a852919a33cf15d039c29e630d? s=60&d=retro&r=g) ### 󠀁[Make Main and sub-domain site down](https://wordpress.org/support/topic/make-main-and-sub-domain-site-down/)󠁿 [ysc711](https://profiles.wordpress.org/ysc711/) 30. awgusta 2025 2 replies Never use this plugin as the security settings make my main site and all sub-domain sites down and even after uninstallation / removal of everything and start to install a new WP, it doesn’t work anymore ![](https://secure.gravatar.com/avatar/675061a1b2be135a48abee930a5f2718a446761e21fc62cd647e8bfd305074e1? s=60&d=retro&r=g) ### 󠀁[worked exactly as promised except 2](https://wordpress.org/support/topic/worked-exactly-as-promised-except-2/)󠁿 [fairshareitservices](https://profiles.wordpress.org/fairshareitservices/) 29. apryla 2025 worked exactly as promised except 2 ![](https://secure.gravatar.com/avatar/094e17e75b5f0e6430ecbf453f178d08574c3290f5dd2904e4d4bb3d00514b1b? s=60&d=retro&r=g) ### 󠀁[Easy to use and almost perfect](https://wordpress.org/support/topic/easy-to-use-and-almost-perfect/)󠁿 [sunb1](https://profiles.wordpress.org/sunb1/) 30. měrca 2025 Went through a bunch of options of adding security headers to my sites and settled on this plugin. Would be 5 stars if two things get fixed/added. 1st is that it would be great to have a save button at the top also so you don’t have to scroll so much to the bottom to save options (especially on CSP screen). And the 2nd would be that the boxes where we are able to input sites etc, sometimes you have to paste numerous websites in that field and it is ridiculously annoying to try to scroll through, see whats already there or copy and paste outside in notepad for example and then paste it back in. Would be great if that field could be expanded or just bigger. ![](https://secure.gravatar.com/avatar/4fa6d6b6d3a53396f985106dfc0045eda4eb7290109a2c88dfc4bb1e4ef3aa9e? s=60&d=retro&r=g) ### 󠀁[Not compatible with Elementor](https://wordpress.org/support/topic/not-compatible-with-elementor-22/)󠁿 [RipRapRob](https://profiles.wordpress.org/ripraprob/) 23. septembra 2024 When used with Elementor, you can’t edit the pages. Had to uninstall, since I don’t know what else it will break. ![](https://secure.gravatar.com/avatar/ed27dcf5938081279e45b5d824c12db1e092e731a99cfcb298f9ec061721ede2? s=60&d=retro&r=g) ### 󠀁[effective plugin – save the x-content-type](https://wordpress.org/support/topic/effective-plugin-save-the-x-content-type/)󠁿 [swampscrapper](https://profiles.wordpress.org/swampscrapper/) 11. meje 2024 2 replies I am finding this a very effective tool to help clients reach security compliance. There is one glitch I believe, however, is with the x-content-type-options. Once you enable this the only option is „nosniff“. And once enabled, there is no way to reset it. And unfortunately i believe this setting is creating errors on my site. I can’t even seem to find the line for it in my .htaccess file. Any recommendations? ![](https://secure.gravatar.com/avatar/7036b084e47382919f1c36d26be5a085b0a6b13970380682c711ffcca327bb0e? s=60&d=retro&r=g) ### 󠀁[an exceptional plugin – needs updating](https://wordpress.org/support/topic/an-exceptional-plugin-needs-updating/)󠁿 [Jonathan Jewell](https://profiles.wordpress.org/hyperpolymath/) 30. apryla 2024 I have felt this has been excellent since the first time I used it, and absolutely no issues with it for what it is, except that there are a couple of headers that either need to be ‚marked deprecated‘ or just removed. My immediate spot of these are the, Features header, P3P header and the Expect-CT (which is still around, but Mozilla recommend not using). There may be others. There are a bunch of things that I might suggest as improvements, but this is to move the tool forward a bit. For instance: It would be great if it could display the highlighted state of the current Apache/Nginx code and the status of the security (as per securityheaders.com form) alongside/under it, so you could see the evolution of the security header set up arrangements as you add/remove them. Could be useful to have some in-built documentation on these things (particularly with the P3P header, those little summary items were impossible to figure out without going back and forth, but for other things like cache-control, or accept-expose-headers, some labelling could help). That said, for advanced users anyway, so perhaps less important. Further to that, it might be useful to have an indication of what OWASP, Scott Helme, and Mozilla recommend and/or warnings for ones that are problematic for security or high risk with labels on them. There are a few things that have odd formatting, so it is not obvious how to transpose the information for the reporting one over from how the header is laid out, since there are different ones for this. In this you have the report header that is normally used (as per report-uri site from Scott Helme) but it does not fit there. However, it has a group called ‚csp-element‘ or something similar that might be clearer as to its use elsewhere). There is also the display of custom headers that are all grouped into one thing, and not spread out in a useful way if you want to review them. Odd grouping in a couple of places, so custom headers I might have given its own block for instance, and to have two items in one and even one in one grouping is a bit pointless. On another note, it is a shame that there is not a tool that is so effective that does this kind of thing for Wordpress and just outputs the BIND9 detail for DNS resource records. A combination of this and that, with the ability to adjust PHP and Apache settings would be the most amazing tool ever. For what this does, however, is sets the foundations for a great security setup. [ Čitajće 70 pohódnoćenjow ](https://wordpress.org/support/plugin/http-headers/reviews/) ## Sobuskutkowarjo a wuwiwarjo „HTTP Headers“ je softwara wotewrjeneho žórła. Slědowacy ludźo su k tutomu tykačej přinošowali. Sobuskutkowarjo * [ Dimitar Ivanov ](https://profiles.wordpress.org/zinoui/) „HTTP Headers“ je so do 5 rěčow přełožił. Dźakujemy so [přełožowarjam](https://translate.wordpress.org/projects/wp-plugins/http-headers/contributors) za jich přinoški. [Přełožće „HTTP Headers“ do swojeje rěče.](https://translate.wordpress.org/projects/wp-plugins/http-headers) ### Na wuwiću zajimowany? [Přehladajće kod](https://plugins.trac.wordpress.org/browser/http-headers/), hladajće do [SVN-repozitorija](https://plugins.svn.wordpress.org/http-headers/) abo abonujće [wuwiwanski protokol](https://plugins.trac.wordpress.org/log/http-headers/) přez [RSS](https://plugins.trac.wordpress.org/log/http-headers/?limit=100&mode=stop_on_copy&format=rss). ## Meta * Version **1.19.2** * Last updated **1 lěto** * Active installations **N/D** * WordPress version ** 3.2 abo nowši ** * Tested up to **6.7.5** * PHP version ** 5.3 abo nowši ** * Languages * [English (US)](https://wordpress.org/plugins/http-headers/), [French (France)](https://fr.wordpress.org/plugins/http-headers/), [Russian](https://ru.wordpress.org/plugins/http-headers/), [Spanish (Chile)](https://cl.wordpress.org/plugins/http-headers/), [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/http-headers/) a [Spanish (Spain)](https://es.wordpress.org/plugins/http-headers/). * [Přełožće do swojeje rěče](https://translate.wordpress.org/projects/wp-plugins/http-headers) * [Rozšěrjeny napohlad](https://hsb.wordpress.org/plugins/http-headers/advanced/)