Title: HTTP Security Header Author: MOHIT GOYAL Published: 1 novembro, 2024 Last modified: 30 dezembro, 2025 --- Pesquisar plugins ![](https://ps.w.org/security-header/assets/banner-772x250.png?rev=3395050) ![](https://ps.w.org/security-header/assets/icon-256x256.png?rev=3213458) # HTTP Security Header Por [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) [Baixar](https://downloads.wordpress.org/plugin/security-header.3.1.zip) * [Detalhes](https://br.wordpress.org/plugins/security-header/#description) * [Avaliações](https://br.wordpress.org/plugins/security-header/#reviews) * [Instalação](https://br.wordpress.org/plugins/security-header/#installation) * [Desenvolvimento](https://br.wordpress.org/plugins/security-header/#developers) [Suporte](https://wordpress.org/support/plugin/security-header/) ## Descrição **HTTP Security Header** helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks. This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value. ### 🔎 Scan Your Website Security Headers Before configuring headers, instantly check your website’s current security score using our online header scanner: 👉 [Scan Your Website Security Headers](https://inspiredmonks.com/http-security-header-scanner/) ✔ Enter your website URL ✔ Get instant Security Grade (A+ to F) ✔ See which headers are Present or Missing ✔ Get clear, actionable recommendations ✔ Easily fix them using this plugin Used by thousands of websites to enhance security and protect user data. **Features Include:** – Visual toggles for enabling/disabling headers – Option to use **default or custom header values** – Secure fallback if a header is misconfigured– Integrated **header validation** – Support for all major browser-supported headers– Nonce-based saving and admin notices – WP Multisite compatible – “Disable All” and“ Reset to Important Headers” actions – Per-header input validation with real-time error fallback **Supported Headers:** * Strict-Transport-Security (HSTS) * X-Frame-Options * X- Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy* X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin- Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder- Policy (COEP) ### Features * Lightweight and performance-focused * No front-end impact * Choose default or custom header values * Secure validation and auto-fallbacks * Seamless plugin compatibility (including WP Rocket) * Fully translation-ready and i18n-compliant * Nonce-protected admin save actions * Optional reset-to-default support * Reset or disable all headers with one click ## Capturas de tela [⌊Example of site secured using HTTP Security Header plugin.⌉⌊Example of site secured using HTTP Security Header plugin.⌉[ Example of site secured using HTTP Security Header plugin. [⌊Example of missing / weak headers before enabling plugin.⌉⌊Example of missing / weak headers before enabling plugin.⌉[ Example of missing / weak headers before enabling plugin. ## Instalação 1. Upload the plugin folder to `/wp-content/plugins/` 2. Activate the plugin via WordPress admin 3. Navigate to **Settings Security Headers** to configure ## Perguntas frequentes ### Does this modify the .htaccess file? No, this plugin applies headers dynamically using `send_headers` — making it cache- safe, portable, and compatible with all environments. ### Is this plugin multisite compatible? Yes, you can configure headers per site on a WordPress Multisite network. ### What happens if a custom value is invalid? The plugin uses fallback logic to prevent breaking the site by reverting to a known safe default. An admin notice will also appear. ### How do I reset the headers? Click the “Reset to Defaults” option in the admin panel to revert settings to secure recommended defaults. ### Can I disable all headers at once? Yes. The “Disable All” button allows you to turn off all headers in a single action. ### Will this block any scripts or resources? Some headers like `Content-Security-Policy` or `COEP` can affect script loading. Test after enabling them, especially with third-party scripts. ### Does this support headers like COOP, CORP, and COEP? Yes, advanced cross-origin headers like COOP, CORP, and COEP are supported. ## Avaliações ![](https://secure.gravatar.com/avatar/fcce798170fa5b69cc3afcef52cafc5eed3e197f5eff688e00e17f31806a2e36? s=60&d=retro&r=g) ### 󠀁[pretty good](https://wordpress.org/support/topic/pretty-good-311/)󠁿 [Mahmoud Adel Mahmoud Mostafa el-Ashry](https://profiles.wordpress.org/ashryx/) 18 janeiro, 2025 each security header fix is well illustrated ![](https://secure.gravatar.com/avatar/8389285554bb1222b470b60d3c1ead5abe8b9c7cae6894fd941ae87f3e50e0ae? s=60&d=retro&r=g) ### 󠀁[Works Great](https://wordpress.org/support/topic/works-great-9462/)󠁿 [mejoudal](https://profiles.wordpress.org/mejoudal/) 10 dezembro, 2024 1 resposta Works Great very simple to use woerks great with Divi ![](https://secure.gravatar.com/avatar/35c4aed5e78d2eac299b57637f9813d8294727127b8b5518302984379e9a20fe? s=60&d=retro&r=g) ### 󠀁[Essential for Enhancing Website Security](https://wordpress.org/support/topic/essential-for-enhancing-website-security/)󠁿 [MOHIT GOYAL](https://profiles.wordpress.org/mohitgoyal1108/) 1 novembro, 2024 I recently integrated the Security Header plugin into my WordPress site, and it has significantly improved my website’s security posture. The user-friendly interface made it easy to enable essential HTTP security headers with just a few clicks. [ Leia todas as 3 avaliações ](https://wordpress.org/support/plugin/security-header/reviews/) ## Colaboradores e desenvolvedores “HTTP Security Header” é um programa de código aberto. As seguintes pessoas contribuíram para este plugin. Colaboradores * [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/) [Traduzir o “HTTP Security Header” para seu idioma.](https://translate.wordpress.org/projects/wp-plugins/security-header) ### Interessado no desenvolvimento? [Navegue pelo código](https://plugins.trac.wordpress.org/browser/security-header/), consulte o [repositório SVN](https://plugins.svn.wordpress.org/security-header/) ou assine o [registro de desenvolvimento](https://plugins.trac.wordpress.org/log/security-header/) por [RSS](https://plugins.trac.wordpress.org/log/security-header/?limit=100&mode=stop_on_copy&format=rss). ## Registro de alterações #### 3.1 * NEW: Real-time validation for custom headers with fallback + admin warnings * NEW: “Disable All Headers” button in settings UI * NEW: Reset-to-default activates **only important headers** * Improved validation logic for `Permissions-Policy`, `CSP`, and `Expect-CT` * Refined translations and I18N compliance #### 3.0 * Added support for **Cross-Origin-Embedder-Policy (COEP)** * Refactored header application with **auto-fallback and validation** * Introduced full **nonce protection** and security hardening * Enhanced admin UI with tooltips and mobile-first design * Introduced reset-to-defaults architecture * Removed `.htaccess` dependency #### 2.2 * Merged Feature-Policy with Permissions-Policy * Improved `.htaccess` logic * Enhanced CSP formatting #### 2.1 * Added COOP and CORP headers * Improved UI layout and validation #### 2.0.3 – 2.0.1 * UI improvements and compatibility fixes #### 2.0 * Major refactor with modular header handling #### 1.0 * Initial release ## Meta * Versão **3.1** * Última atualização **6 meses atrás** * Instalações ativas **1.000+** * Versão do WordPress ** 5.0 ou superior ** * Testado até **6.9.4** * Versão do PHP ** 7.0 ou superior ** * Idioma * [English (US)](https://wordpress.org/plugins/security-header/) * Tags * [clickjacking](https://br.wordpress.org/plugins/tags/clickjacking/)[content security policy](https://br.wordpress.org/plugins/tags/content-security-policy/) [Security Headers](https://br.wordpress.org/plugins/tags/security-headers/)[wordpress security](https://br.wordpress.org/plugins/tags/wordpress-security/) * [Visualização avançada](https://br.wordpress.org/plugins/security-header/advanced/) ## Classificações 5 de 5 estrelas. * [ 3 avaliações com 5 estrelas ](https://wordpress.org/support/plugin/security-header/reviews/?filter=5) * [ 0 avaliação com 4 estrela ](https://wordpress.org/support/plugin/security-header/reviews/?filter=4) * [ 0 avaliação com 3 estrela ](https://wordpress.org/support/plugin/security-header/reviews/?filter=3) * [ 0 avaliação com 2 estrela ](https://wordpress.org/support/plugin/security-header/reviews/?filter=2) * [ 0 avaliação com 1 estrela ](https://wordpress.org/support/plugin/security-header/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/security-header/reviews/#new-post) [Ver todas avaliações](https://wordpress.org/support/plugin/security-header/reviews/) ## Colaboradores * [ MOHIT GOYAL ](https://profiles.wordpress.org/mohitgoyal1108/) ## Suporte Tem algo a dizer? Precisa de ajuda? [Ver fórum de suporte](https://wordpress.org/support/plugin/security-header/) ## Doar Gostaria de contribuir para o desenvolvimento deste plugin? [ Doe para este plugin ](https://pages.razorpay.com/inspiredmonks)