HTTP Security Header
| 开发者 | mohitgoyal1108 |
|---|---|
| 更新时间 | 2025年11月13日 20:51 |
| PHP版本: | 7.0 及以上 |
| WordPress版本: | 6.8 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
- Visual toggles for enabling/disabling headers
- Option to use default or custom header values
- Secure fallback if a header is misconfigured
- Integrated header validation
- Support for all major browser-supported headers
- Nonce-based saving and admin notices
- WP Multisite compatible
- "Disable All" and "Reset to Important Headers" actions
- Per-header input validation with real-time error fallback Supported Headers:
- Strict-Transport-Security (HSTS)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Content-Security-Policy
- Permissions-Policy
- X-XSS-Protection
- X-Permitted-Cross-Domain-Policies
- Expect-CT
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Resource-Policy (CORP)
- Cross-Origin-Embedder-Policy (COEP)
安装:
- Upload the plugin folder to
/wp-content/plugins/. - Activate the plugin via WordPress admin.
- Navigate to Settings → Security Headers to configure.
屏幕截图:
常见问题:
Does this modify the .htaccess file?
No, this plugin applies headers dynamically using send_headers — making it cache-safe, portable, and compatible with all environments.
Is this plugin multisite compatible?
Yes, you can configure headers per site on a WordPress Multisite network.
What happens if a custom value is invalid?
The plugin uses fallback logic to prevent breaking the site by reverting to a known safe default. An admin notice will also show up when this happens.
How do I reset the headers?
Click the “Reset to Defaults” option in the admin panel to revert all settings to secure recommended defaults.
Can I disable all headers at once?
Yes. The “Disable All” button in the admin interface allows you to turn off all headers in a single action.
Will this block any scripts or resources?
Some headers like Content-Security-Policy or COEP can affect script loading. You should test after enabling them, especially with third-party scripts or iframe embeds.
Does this support headers like COOP, CORP, or COEP?
Yes, the plugin supports advanced cross-origin headers like COOP, CORP, and COEP.
更新日志:
- NEW: Real-time validation for custom headers with fallback + admin warnings
- NEW: "Disable All Headers" button in settings UI
- NEW: Reset-to-default activates only important headers
- Improved validation logic for
Permissions-Policy,CSP, andExpect-CT - Refined translations and I18N compliance
- Added support for Cross-Origin-Embedder-Policy (COEP)
- Refactored header application with auto-fallback and validation
- Introduced full nonce protection and security hardening
- Enhanced admin UI, with tooltips and mobile-first design
- Introduced reset-to-defaults architecture (optional)
- Removed
.htaccessdependency for full dynamic application
- Merged Feature-Policy with Permissions-Policy
- Improved
.htaccessheader injection logic - Enhanced Content-Security-Policy formatting
- Added Cross-Origin-Opener-Policy and Cross-Origin-Resource-Policy
- Improved UI layout and validation
- Minor UI improvements and compatibility fixes
- Major refactor with modular header handling
- Initial release with core security headers