Title: HTTP Security Header Author: MOHIT GOYAL Published: 2024年11月1日 Last modified: 2025年12月30日 --- プラグインを検索 ![](https://ps.w.org/security-header/assets/banner-772x250.png?rev=3395050) ![](https://ps.w.org/security-header/assets/icon-256x256.png?rev=3213458) # HTTP Security Header 作者: [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) [ダウンロード](https://downloads.wordpress.org/plugin/security-header.3.1.zip) * [詳細](https://ja.wordpress.org/plugins/security-header/#description) * [レビュー](https://ja.wordpress.org/plugins/security-header/#reviews) * [インストール](https://ja.wordpress.org/plugins/security-header/#installation) * [開発](https://ja.wordpress.org/plugins/security-header/#developers) [サポート](https://wordpress.org/support/plugin/security-header/) ## 説明 **HTTP Security Header** helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks. This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value. ### 🔎 Scan Your Website Security Headers Before configuring headers, instantly check your website’s current security score using our online header scanner: 👉 [Scan Your Website Security Headers](https://inspiredmonks.com/http-security-header-scanner/) ✔ Enter your website URL ✔ Get instant Security Grade (A+ to F) ✔ See which headers are Present or Missing ✔ Get clear, actionable recommendations ✔ Easily fix them using this plugin Used by thousands of websites to enhance security and protect user data. **Features Include:** – Visual toggles for enabling/disabling headers – Option to use **default or custom header values** – Secure fallback if a header is misconfigured– Integrated **header validation** – Support for all major browser-supported headers– Nonce-based saving and admin notices – WP Multisite compatible – “Disable All” and“ Reset to Important Headers” actions – Per-header input validation with real-time error fallback **Supported Headers:** * Strict-Transport-Security (HSTS) * X-Frame-Options * X- Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy* X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin- Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder- Policy (COEP) ### Features * Lightweight and performance-focused * No front-end impact * Choose default or custom header values * Secure validation and auto-fallbacks * Seamless plugin compatibility (including WP Rocket) * Fully translation-ready and i18n-compliant * Nonce-protected admin save actions * Optional reset-to-default support * Reset or disable all headers with one click ## スクリーンショット [⌊Example of site secured using HTTP Security Header plugin.⌉⌊Example of site secured using HTTP Security Header plugin.⌉[ Example of site secured using HTTP Security Header plugin. [⌊Example of missing / weak headers before enabling plugin.⌉⌊Example of missing / weak headers before enabling plugin.⌉[ Example of missing / weak headers before enabling plugin. ## インストール 1. Upload the plugin folder to `/wp-content/plugins/` 2. Activate the plugin via WordPress admin 3. Navigate to **Settings Security Headers** to configure ## FAQ ### Does this modify the .htaccess file? No, this plugin applies headers dynamically using `send_headers` — making it cache- safe, portable, and compatible with all environments. ### Is this plugin multisite compatible? Yes, you can configure headers per site on a WordPress Multisite network. ### What happens if a custom value is invalid? The plugin uses fallback logic to prevent breaking the site by reverting to a known safe default. An admin notice will also appear. ### How do I reset the headers? Click the “Reset to Defaults” option in the admin panel to revert settings to secure recommended defaults. ### Can I disable all headers at once? Yes. The “Disable All” button allows you to turn off all headers in a single action. ### Will this block any scripts or resources? Some headers like `Content-Security-Policy` or `COEP` can affect script loading. Test after enabling them, especially with third-party scripts. ### Does this support headers like COOP, CORP, and COEP? Yes, advanced cross-origin headers like COOP, CORP, and COEP are supported. ## 評価 ![](https://secure.gravatar.com/avatar/fcce798170fa5b69cc3afcef52cafc5eed3e197f5eff688e00e17f31806a2e36? s=60&d=retro&r=g) ### 󠀁[pretty good](https://wordpress.org/support/topic/pretty-good-311/)󠁿 [Mahmoud Adel Mahmoud Mostafa el-Ashry](https://profiles.wordpress.org/ashryx/) 2025年1月18日 each security header fix is well illustrated ![](https://secure.gravatar.com/avatar/8389285554bb1222b470b60d3c1ead5abe8b9c7cae6894fd941ae87f3e50e0ae? s=60&d=retro&r=g) ### 󠀁[Works Great](https://wordpress.org/support/topic/works-great-9462/)󠁿 [mejoudal](https://profiles.wordpress.org/mejoudal/) 2024年12月10日 1 reply Works Great very simple to use woerks great with Divi ![](https://secure.gravatar.com/avatar/35c4aed5e78d2eac299b57637f9813d8294727127b8b5518302984379e9a20fe? s=60&d=retro&r=g) ### 󠀁[Essential for Enhancing Website Security](https://wordpress.org/support/topic/essential-for-enhancing-website-security/)󠁿 [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) 2024年11月1日 I recently integrated the Security Header plugin into my WordPress site, and it has significantly improved my website’s security posture. The user-friendly interface made it easy to enable essential HTTP security headers with just a few clicks. [ 3件のレビューをすべて表示 ](https://wordpress.org/support/plugin/security-header/reviews/) ## 貢献者と開発者 HTTP Security Header はオープンソースソフトウェアです。以下の人々がこのプラグイン に貢献しています。 貢献者 * [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/) [“HTTP Security Header” をあなたの言語に翻訳しましょう。](https://translate.wordpress.org/projects/wp-plugins/security-header) ### 開発に興味がありますか ? [コードを閲覧](https://plugins.trac.wordpress.org/browser/security-header/)するか、 [SVN リポジトリ](https://plugins.svn.wordpress.org/security-header/)をチェックする か、[開発ログ](https://plugins.trac.wordpress.org/log/security-header/)を [RSS](https://plugins.trac.wordpress.org/log/security-header/?limit=100&mode=stop_on_copy&format=rss) で購読してみてください。 ## 変更履歴 #### 3.1 * NEW: Real-time validation for custom headers with fallback + admin warnings * NEW: “Disable All Headers” button in settings UI * NEW: Reset-to-default activates **only important headers** * Improved validation logic for `Permissions-Policy`, `CSP`, and `Expect-CT` * Refined translations and I18N compliance #### 3.0 * Added support for **Cross-Origin-Embedder-Policy (COEP)** * Refactored header application with **auto-fallback and validation** * Introduced full **nonce protection** and security hardening * Enhanced admin UI with tooltips and mobile-first design * Introduced reset-to-defaults architecture * Removed `.htaccess` dependency #### 2.2 * Merged Feature-Policy with Permissions-Policy * Improved `.htaccess` logic * Enhanced CSP formatting #### 2.1 * Added COOP and CORP headers * Improved UI layout and validation #### 2.0.3 – 2.0.1 * UI improvements and compatibility fixes #### 2.0 * Major refactor with modular header handling #### 1.0 * Initial release ## メタ * バージョン **3.1** * 最終更新日 **6か月前** * 有効インストール数 **1,000+** * WordPress バージョン ** 5.0またはそれ以降 ** * 検証済み最新バージョン: **6.9.4** * PHP バージョン ** 7.0またはそれ以降 ** * 言語 * [English (US)](https://wordpress.org/plugins/security-header/) * タグ * [clickjacking](https://ja.wordpress.org/plugins/tags/clickjacking/)[content security policy](https://ja.wordpress.org/plugins/tags/content-security-policy/) [Security Headers](https://ja.wordpress.org/plugins/tags/security-headers/)[wordpress security](https://ja.wordpress.org/plugins/tags/wordpress-security/) * [詳細を表示](https://ja.wordpress.org/plugins/security-header/advanced/) ## 評価 5つ星中5つ星 * [ 3 5-星レビュー ](https://wordpress.org/support/plugin/security-header/reviews/?filter=5) * [ 0 4-星レビュー ](https://wordpress.org/support/plugin/security-header/reviews/?filter=4) * [ 0 3-星レビュー ](https://wordpress.org/support/plugin/security-header/reviews/?filter=3) * [ 0 2-星レビュー ](https://wordpress.org/support/plugin/security-header/reviews/?filter=2) * [ 0 1-星レビュー ](https://wordpress.org/support/plugin/security-header/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/security-header/reviews/#new-post) [すべてのレビューを見る](https://wordpress.org/support/plugin/security-header/reviews/) ## 貢献者 * [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/) ## サポート 意見や質問がありますか ? [サポートフォーラムを表示](https://wordpress.org/support/plugin/security-header/) ## 寄付 このプラグインが今後も改善できるよう応援しませんか ? [ このプラグインに寄付 ](https://pages.razorpay.com/inspiredmonks)