Title: HTTP Headers Author: Dimitar Ivanov Published: 10 maj 2016 Last modified: 22 december 2024 --- Sök tillägg ![](https://s.w.org/plugins/geopattern-icon/http-headers_235d98.svg) # http-headers Av [Dimitar Ivanov](https://profiles.wordpress.org/zinoui/) * [Detaljer](https://sv.wordpress.org/plugins/http-headers/#description) * [Recensioner](https://sv.wordpress.org/plugins/http-headers/#reviews) * [Utveckling](https://sv.wordpress.org/plugins/http-headers/#developers) [Support](https://wordpress.org/support/plugin/http-headers/) ## Beskrivning Detta tillägg är inaktiverat sedan 15 april 2026 och är inte längre tillgängligt för nedladdning. Denna stängning är tillfällig, i väntan på en full granskning. ## Recensioner ![](https://secure.gravatar.com/avatar/d2e38bfa35eaad34aee063c1bee978a75a5572a852919a33cf15d039c29e630d? s=60&d=retro&r=g) ### 󠀁[Make Main and sub-domain site down](https://wordpress.org/support/topic/make-main-and-sub-domain-site-down/)󠁿 [ysc711](https://profiles.wordpress.org/ysc711/) 30 augusti 2025 2 svar Never use this plugin as the security settings make my main site and all sub-domain sites down and even after uninstallation / removal of everything and start to install a new WP, it doesn’t work anymore ![](https://secure.gravatar.com/avatar/675061a1b2be135a48abee930a5f2718a446761e21fc62cd647e8bfd305074e1? s=60&d=retro&r=g) ### 󠀁[worked exactly as promised except 2](https://wordpress.org/support/topic/worked-exactly-as-promised-except-2/)󠁿 [fairshareitservices](https://profiles.wordpress.org/fairshareitservices/) 29 april 2025 worked exactly as promised except 2 ![](https://secure.gravatar.com/avatar/094e17e75b5f0e6430ecbf453f178d08574c3290f5dd2904e4d4bb3d00514b1b? s=60&d=retro&r=g) ### 󠀁[Easy to use and almost perfect](https://wordpress.org/support/topic/easy-to-use-and-almost-perfect/)󠁿 [sunb1](https://profiles.wordpress.org/sunb1/) 30 mars 2025 Went through a bunch of options of adding security headers to my sites and settled on this plugin. Would be 5 stars if two things get fixed/added. 1st is that it would be great to have a save button at the top also so you don’t have to scroll so much to the bottom to save options (especially on CSP screen). And the 2nd would be that the boxes where we are able to input sites etc, sometimes you have to paste numerous websites in that field and it is ridiculously annoying to try to scroll through, see whats already there or copy and paste outside in notepad for example and then paste it back in. Would be great if that field could be expanded or just bigger. ![](https://secure.gravatar.com/avatar/4fa6d6b6d3a53396f985106dfc0045eda4eb7290109a2c88dfc4bb1e4ef3aa9e? s=60&d=retro&r=g) ### 󠀁[Not compatible with Elementor](https://wordpress.org/support/topic/not-compatible-with-elementor-22/)󠁿 [RipRapRob](https://profiles.wordpress.org/ripraprob/) 23 september 2024 When used with Elementor, you can’t edit the pages. Had to uninstall, since I don’t know what else it will break. ![](https://secure.gravatar.com/avatar/ed27dcf5938081279e45b5d824c12db1e092e731a99cfcb298f9ec061721ede2? s=60&d=retro&r=g) ### 󠀁[effective plugin – save the x-content-type](https://wordpress.org/support/topic/effective-plugin-save-the-x-content-type/)󠁿 [swampscrapper](https://profiles.wordpress.org/swampscrapper/) 11 maj 2024 2 svar I am finding this a very effective tool to help clients reach security compliance. There is one glitch I believe, however, is with the x-content-type-options. Once you enable this the only option is ”nosniff”. And once enabled, there is no way to reset it. And unfortunately i believe this setting is creating errors on my site. I can’t even seem to find the line for it in my .htaccess file. Any recommendations? ![](https://secure.gravatar.com/avatar/7036b084e47382919f1c36d26be5a085b0a6b13970380682c711ffcca327bb0e? s=60&d=retro&r=g) ### 󠀁[an exceptional plugin – needs updating](https://wordpress.org/support/topic/an-exceptional-plugin-needs-updating/)󠁿 [Jonathan Jewell](https://profiles.wordpress.org/hyperpolymath/) 30 april 2024 I have felt this has been excellent since the first time I used it, and absolutely no issues with it for what it is, except that there are a couple of headers that either need to be ’marked deprecated’ or just removed. My immediate spot of these are the, Features header, P3P header and the Expect-CT (which is still around, but Mozilla recommend not using). There may be others. There are a bunch of things that I might suggest as improvements, but this is to move the tool forward a bit. For instance: It would be great if it could display the highlighted state of the current Apache/Nginx code and the status of the security (as per securityheaders.com form) alongside/under it, so you could see the evolution of the security header set up arrangements as you add/remove them. Could be useful to have some in-built documentation on these things (particularly with the P3P header, those little summary items were impossible to figure out without going back and forth, but for other things like cache-control, or accept-expose-headers, some labelling could help). That said, for advanced users anyway, so perhaps less important. Further to that, it might be useful to have an indication of what OWASP, Scott Helme, and Mozilla recommend and/or warnings for ones that are problematic for security or high risk with labels on them. There are a few things that have odd formatting, so it is not obvious how to transpose the information for the reporting one over from how the header is laid out, since there are different ones for this. In this you have the report header that is normally used (as per report-uri site from Scott Helme) but it does not fit there. However, it has a group called ’csp-element’ or something similar that might be clearer as to its use elsewhere). There is also the display of custom headers that are all grouped into one thing, and not spread out in a useful way if you want to review them. Odd grouping in a couple of places, so custom headers I might have given its own block for instance, and to have two items in one and even one in one grouping is a bit pointless. On another note, it is a shame that there is not a tool that is so effective that does this kind of thing for Wordpress and just outputs the BIND9 detail for DNS resource records. A combination of this and that, with the ability to adjust PHP and Apache settings would be the most amazing tool ever. For what this does, however, is sets the foundations for a great security setup. [ Läs alla 70 betyg ](https://wordpress.org/support/plugin/http-headers/reviews/) ## Bidragsgivare och utvecklare ”HTTP Headers” är programvara med öppen källkod. Följande personer har bidragit till detta tillägg. Bidragande personer * [ Dimitar Ivanov ](https://profiles.wordpress.org/zinoui/) ”HTTP Headers” har översatts till 5 språk. Tack till [översättarna](https://translate.wordpress.org/projects/wp-plugins/http-headers/contributors) för deras bidrag. [Översätt ”HTTP Headers” till ditt språk.](https://translate.wordpress.org/projects/wp-plugins/http-headers) ### Intresserad av programutveckling? [Läs programkoden](https://plugins.trac.wordpress.org/browser/http-headers/), kika på [SVN-filförvaret](https://plugins.svn.wordpress.org/http-headers/) eller prenumerera på [utvecklarloggen](https://plugins.trac.wordpress.org/log/http-headers/) via [RSS](https://plugins.trac.wordpress.org/log/http-headers/?limit=100&mode=stop_on_copy&format=rss). ## Meta * Version **1.19.2** * Senast uppdaterat **1 år sedan** * Aktiva installationer **Ej tillämpligt** * WordPress-version ** 3.2 eller senare ** * Testat upp till **6.7.5** * PHP-version ** 5.3 eller senare ** * Språk * [English (US)](https://wordpress.org/plugins/http-headers/), [French (France)](https://fr.wordpress.org/plugins/http-headers/), [Russian](https://ru.wordpress.org/plugins/http-headers/), [Spanish (Chile)](https://cl.wordpress.org/plugins/http-headers/), [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/http-headers/) och [Spanish (Spain)](https://es.wordpress.org/plugins/http-headers/). * [Översätt till ditt språk](https://translate.wordpress.org/projects/wp-plugins/http-headers) * [Avancerad vy](https://sv.wordpress.org/plugins/http-headers/advanced/)