Title: Security Headers
Author: Joseph Mendez
Published: <strong>2022 年 9 月 24 日</strong>
Last modified: 2026 年 3 月 26 日

---

搜索插件

![](https://ps.w.org/firstpage-sg-security-headers/assets/banner-772x250.png?rev
=2789535)

![](https://ps.w.org/firstpage-sg-security-headers/assets/icon.svg?rev=2789535)

# Security Headers

 作者：[Joseph Mendez](https://profiles.wordpress.org/joshme21/)

[下载](https://downloads.wordpress.org/plugin/firstpage-sg-security-headers.1.4.0.zip)

 * [详情](https://cn.wordpress.org/plugins/firstpage-sg-security-headers/#description)
 * [评价](https://cn.wordpress.org/plugins/firstpage-sg-security-headers/#reviews)
 *  [安装](https://cn.wordpress.org/plugins/firstpage-sg-security-headers/#installation)
 * [开发进展](https://cn.wordpress.org/plugins/firstpage-sg-security-headers/#developers)

 [支持](https://wordpress.org/support/plugin/firstpage-sg-security-headers/)

## 描述

Security Headers helps site owners manage modern browser security headers from inside
WordPress.

Features include:

 * Admin settings page under Settings > Security Headers
 * HSTS controls with preload warning
 * Referrer-Policy and X-Frame-Options settings
 * Permissions-Policy custom value field
 * Content-Security-Policy builder with Report-Only mode
 * Diagnostics screen showing configured headers
 * Test tool to fetch and inspect your live response headers
 * Import, export, and reset settings tools
 * Cleanup on uninstall

### Why security headers important?

When auditing websites, security headers are frequently forgotten.

Although some may argue that website security is unrelated to SEO, it does become
so when a site is compromised and search traffic completely disappears.

Everyone who publishes content online should pay special attention to security headers.

Getting hacked is not good. You lose traffic, customers and it’s a pain to resolve
all the issues.

But good thing you’re smart and have searched for this plugin :).

## 安装

 1. Upload the plugin folder to `/wp-content/plugins/`
 2. Activate the plugin in WordPress
 3. Go to Settings > Security Headers
 4. Save your preferred configuration

## 常见问题

### Is Content-Security-Policy enabled by default?

No. CSP is disabled by default because a strict policy can break scripts, styles,
embeds, or third-party integrations if it is not configured carefully.

### Should I use Report-Only mode first?

Yes. Report-Only mode is the safest way to start testing CSP because it reports 
problems without blocking resources.

### Does HSTS work on HTTP sites?

No. HSTS should only be enabled when your site is fully available over HTTPS.

## 评价

![](https://secure.gravatar.com/avatar/043fa4640ad96d725a6e59cff4538afca1f74558ac131a2c04fb537f032fec21?
s=60&d=retro&r=g)

### 󠀁[Site Killer](https://wordpress.org/support/topic/site-killer-3/)󠁿

 [nofarrell](https://profiles.wordpress.org/nofarrell/) 2023 年 5 月 29 日

No warning, no instruction of what to do if you site goes down, no configuration
options, deleting the plugin directory does not resort your website. From my experience,
unless you have hours with nothing better to do except rebuild your WordPress website,
installing advise not to install this plugin

![](https://secure.gravatar.com/avatar/b6398168f573fac25a612a2eea6c89261fd77ca69cf66857f4df344d91b37a8a?
s=60&d=retro&r=g)

### 󠀁[great work – A+ score indeed!!!!](https://wordpress.org/support/topic/great-work-a-score-indeed/)󠁿

 [vevsglobal](https://profiles.wordpress.org/vevsglobalph/) 2022 年 9 月 27 日

I installed the plugin. great work!!!!!! from F score to A+ score. Thank you for
creating this plugin, t was really hard to do it on a htaccess file and server configuration
stuff not familiar… and with this plugin i dont need to touch teh htaccess file,
it works.

 [ 阅读所有2条评价 ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/)

## 贡献者及开发者

「Security Headers」是开源软件。 以下人员对此插件做出了贡献。

贡献者

 *   [ Joseph Mendez ](https://profiles.wordpress.org/joshme21/)

「Security Headers」插件已被翻译至 2 种本地化语言。 感谢[所有译者](https://translate.wordpress.org/projects/wp-plugins/firstpage-sg-security-headers/contributors)
为本插件所做的贡献。

[帮助将「Security Headers」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/firstpage-sg-security-headers)

### 对开发感兴趣吗?

您可以[浏览代码](https://plugins.trac.wordpress.org/browser/firstpage-sg-security-headers/)，
查看[SVN仓库](https://plugins.svn.wordpress.org/firstpage-sg-security-headers/)，
或通过[RSS](https://plugins.trac.wordpress.org/log/firstpage-sg-security-headers/?limit=100&mode=stop_on_copy&format=rss)
订阅[开发日志](https://plugins.trac.wordpress.org/log/firstpage-sg-security-headers/)。

## 更新日志

#### 1.3.0

 * Added diagnostics and live header testing tools in wp-admin.
 * Added import, export, and reset tools for plugin settings.
 * Added a configurable Content-Security-Policy builder with Report-Only support.
 * Added uninstall cleanup for stored plugin options.

#### 1.2.0

 * Added a WordPress admin settings page under Settings > Security Headers.
 * Added saved plugin options with sanitization and safer defaults.
 * Connected PHP and Apache header output to the saved admin settings.

#### 1.1.0

 * Updated plugin metadata for modern WordPress compatibility.
 * Removed deprecated legacy headers.
 * Limited default headers to a conservative modern set to reduce breakage.
 * Only sends HSTS on HTTPS requests.

#### 1.0.0

 * First release

## 额外信息

 *  版本 **1.4.0**
 *  最后更新：**2 月前**
 *  活跃安装数量 **700+**
 *  WordPress 版本 ** 6.0 或更高版本 **
 *  已测试的最高版本为 **6.9.4**
 *  PHP 版本 ** 7.4 或更高版本 **
 *  语言
 * [English (US)](https://wordpress.org/plugins/firstpage-sg-security-headers/) 、
   [Spanish (Chile)](https://cl.wordpress.org/plugins/firstpage-sg-security-headers/)
   和 [Spanish (Spain)](https://es.wordpress.org/plugins/firstpage-sg-security-headers/).
 *  [翻译成简体中文](https://translate.wordpress.org/projects/wp-plugins/firstpage-sg-security-headers)
 * 标签
 * [Security Headers](https://cn.wordpress.org/plugins/tags/security-headers/)
 *  [高级视图](https://cn.wordpress.org/plugins/firstpage-sg-security-headers/advanced/)

## 评级

 3 星（最高 5 星）。

 *  [  1 条 5 星评价     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=5)
 *  [  0 条 4 星评价     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=4)
 *  [  0 条 3 星评价     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=3)
 *  [  0 条 2 星评价     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=2)
 *  [  1 条 1 星评价     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/#new-post)

[查看全部评论](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/)

## 贡献者

 *   [ Joseph Mendez ](https://profiles.wordpress.org/joshme21/)

## 支持

有话要说吗？是否需要帮助？

 [查看支持论坛](https://wordpress.org/support/plugin/firstpage-sg-security-headers/)

## 捐助

您愿意支持这个插件的发展吗?

 [ 捐助此插件 ](https://paypal.me/jose88882020)