HTTP Headers

説明

HTTP Headers gives your control over the http headers returned by your blog or website.

Headers supported by HTTP Headers includes:

  • Access-Control-Allow-Origin
  • Access-Control-Allow-Credentials
  • Access-Control-Max-Age
  • Access-Control-Allow-Methods
  • Access-Control-Allow-Headers
  • Access-Control-Expose-Headers
  • Age
  • Content-Security-Policy
  • Content-Security-Policy-Report-Only
  • Cache-Control
  • Connection
  • Content-Encoding
  • Expect-CT
  • Expires
  • Pragma
  • Public-Key-Pins
  • Public-Key-Pins-Report-Only
  • P3P
  • Referrer-Policy
  • Strict-Transport-Security
  • Timing-Allow-Origin
  • Vary
  • WWW-Authenticate
  • X-Content-Type-Options
  • X-DNS-Prefetch-Control
  • X-Download-Options
  • X-Frame-Options
  • X-Permitted-Cross-Domain-Policies
  • X-Powered-By
  • X-UA-Compatible
  • X-XSS-Protection

The getting started tutorial describes a typical configuration of this plugin.

スクリーンショット

  • This screenshot shows up the dashboard with categories of the supported headers.
  • This screenshot shows up the headers of a chosen category and their current values.
  • This screenshot shows up the settings page where you can adjust the security headers.
  • This screenshot shows up the response headers returned by the web server.

インストール

Upload the HTTP Headers plugin to your blog. Then activate it.

That’s all.

FAQ

Installation Instructions

Upload the HTTP Headers plugin to your blog. Then activate it.

That’s all.

Why to use this plugin?

Nowadays security of your social data at the web is essential. This plugin helps you to improve your website overall security.

Who use these headers?

These HTTP headers are being used in production services by popular websites as Facebook, Google+, Twitter, LinkedIn, YouTube, Yahoo, Amazon, Instagram, Pinterest.

評価

Outstanding

I wanted to get http headers implemented to help prevent clickjacking etc of my websites. This plugin is just the ticket. Thank you!

Great plugin and does the job

This plugin worked great from the start but enabling a caching plugin didn’t cache the headers only the content so therefore no security again. Got to be a security issue.

Contacted the author and he has now fixed the issue by writing the settings straight to .htaccess file. This is where the http headers should be.

This plugin should now work with caching plugins that ignore/don’t save the http headers from a plugin.

Thank you for fixing this security issue.

8件のレビューをすべて表示

貢献者と開発者

HTTP Headers はオープンソースソフトウェアです。以下の人々がこのプラグインに貢献しています。

貢献者

“HTTP Headers” をあなたの言語に翻訳しましょう。

開発に興味がありますか ?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

変更履歴

1.8.0

Release Date – 31st August, 2017

  • Added support of “Timing-Allow-Origin” header
  • Added support of “X-Download-Options” header
  • Added support of “X-DNS-Prefetch-Control” header
  • Added support of “X-Permitted-Cross-Domain-Policies” header
  • Added support of Custom headers

1.7.1

Release Date – 18th August, 2017

  • PHP notice bugfixed

1.7.0

Release Date – 15th August, 2017

  • Added support of “Content-Security-Policy-Report-Only” header
  • Added support of “Public-Key-Pins-Report-Only” header
  • Added “1; report=” directive to the “X-XSS-Protection” header
  • Added “Inspect headers” tool
  • UI bugfixes

1.6.0

Release Date – 5th August, 2017

  • Added support of “Expect-CT” header

1.5.0

Release Date – 30th July, 2017

  • Added support of “Age” header
  • Added support of “Cache-Control” header
  • Added support of “Connection” header
  • Added support of “Content-Encoding” header
  • Added support of “Expires” header
  • Added support of “Pragma” header
  • Added support of “Vary” header
  • Added support of “WWW-Authenticate” header
  • Added support of “X-Powered-By” header
  • Added support of “Secure” and “HttpOnly” cookies

1.4.0

Release Date – 5th July, 2017

  • Added support of Apache (via htaccess) inclusion method

1.3.0

Release Date – 3rd June, 2017

  • Added support of Content-Security-Policy header
  • Added dashboard

1.2.0

Release Date – 28th April, 2017

  • Added support of Referrer-Policy header

1.1.2

Release Date – 13th February, 2017

  • Added support of ‘preload’ directive to HSTS header

1.1.1

Release Date – 8th November, 2016

  • Fixed typo in the X-Frame-Options header

1.1.0

Release Date – 20th May, 2016

  • Added support of P3P header

1.0.0

Release Date – 10th May, 2016

  • Initial version