Title: HTTP Security Header Author: MOHIT GOYAL Published: 2024 年 11 月 1 日 Last modified: 2025 年 12 月 30 日 --- 搜索插件 ![](https://ps.w.org/security-header/assets/banner-772x250.png?rev=3395050) ![](https://ps.w.org/security-header/assets/icon-256x256.png?rev=3213458) # HTTP Security Header 作者:[MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) [下载](https://downloads.wordpress.org/plugin/security-header.3.1.zip) * [详情](https://cn.wordpress.org/plugins/security-header/#description) * [评价](https://cn.wordpress.org/plugins/security-header/#reviews) * [安装](https://cn.wordpress.org/plugins/security-header/#installation) * [开发进展](https://cn.wordpress.org/plugins/security-header/#developers) [支持](https://wordpress.org/support/plugin/security-header/) ## 描述 **HTTP Security Header** helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks. This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value. ### 🔎 Scan Your Website Security Headers Before configuring headers, instantly check your website’s current security score using our online header scanner: 👉 [Scan Your Website Security Headers](https://inspiredmonks.com/http-security-header-scanner/) ✔ Enter your website URL ✔ Get instant Security Grade (A+ to F) ✔ See which headers are Present or Missing ✔ Get clear, actionable recommendations ✔ Easily fix them using this plugin Used by thousands of websites to enhance security and protect user data. **Features Include:** – Visual toggles for enabling/disabling headers – Option to use **default or custom header values** – Secure fallback if a header is misconfigured– Integrated **header validation** – Support for all major browser-supported headers– Nonce-based saving and admin notices – WP Multisite compatible – “Disable All” and“ Reset to Important Headers” actions – Per-header input validation with real-time error fallback **Supported Headers:** * Strict-Transport-Security (HSTS) * X-Frame-Options * X- Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy* X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin- Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder- Policy (COEP) ### Features * Lightweight and performance-focused * No front-end impact * Choose default or custom header values * Secure validation and auto-fallbacks * Seamless plugin compatibility (including WP Rocket) * Fully translation-ready and i18n-compliant * Nonce-protected admin save actions * Optional reset-to-default support * Reset or disable all headers with one click ## 屏幕截图 * [[ * Example of site secured using HTTP Security Header plugin. * [[ * Example of missing / weak headers before enabling plugin. ## 安装 1. Upload the plugin folder to `/wp-content/plugins/` 2. Activate the plugin via WordPress admin 3. Navigate to **Settings Security Headers** to configure ## 常见问题 ### Does this modify the .htaccess file? No, this plugin applies headers dynamically using `send_headers` — making it cache- safe, portable, and compatible with all environments. ### Is this plugin multisite compatible? Yes, you can configure headers per site on a WordPress Multisite network. ### What happens if a custom value is invalid? The plugin uses fallback logic to prevent breaking the site by reverting to a known safe default. An admin notice will also appear. ### How do I reset the headers? Click the “Reset to Defaults” option in the admin panel to revert settings to secure recommended defaults. ### Can I disable all headers at once? Yes. The “Disable All” button allows you to turn off all headers in a single action. ### Will this block any scripts or resources? Some headers like `Content-Security-Policy` or `COEP` can affect script loading. Test after enabling them, especially with third-party scripts. ### Does this support headers like COOP, CORP, and COEP? Yes, advanced cross-origin headers like COOP, CORP, and COEP are supported. ## 评价 ![](https://secure.gravatar.com/avatar/fcce798170fa5b69cc3afcef52cafc5eed3e197f5eff688e00e17f31806a2e36? s=60&d=retro&r=g) ### 󠀁[pretty good](https://wordpress.org/support/topic/pretty-good-311/)󠁿 [Mahmoud Adel Mahmoud Mostafa el-Ashry](https://profiles.wordpress.org/ashryx/) 2025 年 1 月 18 日 each security header fix is well illustrated ![](https://secure.gravatar.com/avatar/8389285554bb1222b470b60d3c1ead5abe8b9c7cae6894fd941ae87f3e50e0ae? s=60&d=retro&r=g) ### 󠀁[Works Great](https://wordpress.org/support/topic/works-great-9462/)󠁿 [mejoudal](https://profiles.wordpress.org/mejoudal/) 2024 年 12 月 10 日 1 回复 Works Great very simple to use woerks great with Divi ![](https://secure.gravatar.com/avatar/35c4aed5e78d2eac299b57637f9813d8294727127b8b5518302984379e9a20fe? s=60&d=retro&r=g) ### 󠀁[Essential for Enhancing Website Security](https://wordpress.org/support/topic/essential-for-enhancing-website-security/)󠁿 [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) 2024 年 11 月 1 日 I recently integrated the Security Header plugin into my WordPress site, and it has significantly improved my website’s security posture. The user-friendly interface made it easy to enable essential HTTP security headers with just a few clicks. [ 阅读所有3条评价 ](https://wordpress.org/support/plugin/security-header/reviews/) ## 贡献者及开发者 「HTTP Security Header」是开源软件。 以下人员对此插件做出了贡献。 贡献者 * [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/) [帮助将「HTTP Security Header」翻译成简体中文。](https://translate.wordpress.org/projects/wp-plugins/security-header) ### 对开发感兴趣吗? 您可以[浏览代码](https://plugins.trac.wordpress.org/browser/security-header/),查看 [SVN仓库](https://plugins.svn.wordpress.org/security-header/),或通过[RSS](https://plugins.trac.wordpress.org/log/security-header/?limit=100&mode=stop_on_copy&format=rss) 订阅[开发日志](https://plugins.trac.wordpress.org/log/security-header/)。 ## 更新日志 #### 3.1 * NEW: Real-time validation for custom headers with fallback + admin warnings * NEW: “Disable All Headers” button in settings UI * NEW: Reset-to-default activates **only important headers** * Improved validation logic for `Permissions-Policy`, `CSP`, and `Expect-CT` * Refined translations and I18N compliance #### 3.0 * Added support for **Cross-Origin-Embedder-Policy (COEP)** * Refactored header application with **auto-fallback and validation** * Introduced full **nonce protection** and security hardening * Enhanced admin UI with tooltips and mobile-first design * Introduced reset-to-defaults architecture * Removed `.htaccess` dependency #### 2.2 * Merged Feature-Policy with Permissions-Policy * Improved `.htaccess` logic * Enhanced CSP formatting #### 2.1 * Added COOP and CORP headers * Improved UI layout and validation #### 2.0.3 – 2.0.1 * UI improvements and compatibility fixes #### 2.0 * Major refactor with modular header handling #### 1.0 * Initial release ## 额外信息 * 版本 **3.1** * 最后更新:**5 月前** * 活跃安装数量 **1,000+** * WordPress 版本 ** 5.0 或更高版本 ** * 已测试的最高版本为 **6.9.4** * PHP 版本 ** 7.0 或更高版本 ** * 语言 * [English (US)](https://wordpress.org/plugins/security-header/) * 标签 * [clickjacking](https://cn.wordpress.org/plugins/tags/clickjacking/)[content security policy](https://cn.wordpress.org/plugins/tags/content-security-policy/) [Security Headers](https://cn.wordpress.org/plugins/tags/security-headers/)[wordpress security](https://cn.wordpress.org/plugins/tags/wordpress-security/) * [高级视图](https://cn.wordpress.org/plugins/security-header/advanced/) ## 评级 5 星(最高 5 星)。 * [ 3 条 5 星评价 ](https://wordpress.org/support/plugin/security-header/reviews/?filter=5) * [ 0 条 4 星评价 ](https://wordpress.org/support/plugin/security-header/reviews/?filter=4) * [ 0 条 3 星评价 ](https://wordpress.org/support/plugin/security-header/reviews/?filter=3) * [ 0 条 2 星评价 ](https://wordpress.org/support/plugin/security-header/reviews/?filter=2) * [ 0 条 1 星评价 ](https://wordpress.org/support/plugin/security-header/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/security-header/reviews/#new-post) [查看全部评论](https://wordpress.org/support/plugin/security-header/reviews/) ## 贡献者 * [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/) ## 支持 有话要说吗?是否需要帮助? [查看支持论坛](https://wordpress.org/support/plugin/security-header/) ## 捐助 您愿意支持这个插件的发展吗? [ 捐助此插件 ](https://pages.razorpay.com/inspiredmonks)