HTTP Headers
HTTP Headers adds CORS & security HTTP headers to your website.
4.3(70 reviews)
·50K+ active installs·Updated 1 year agoAs of April 2026, HTTP Headers is a WordPress csp header plugin with 50K+ active installations and a 4.3/5 rating from 70 reviews. It has been downloaded 718K+ times in total. Requires WordPress 3.2+ and PHP 5.3+. Available on WordPress.org since 2016. Last updated 1 year ago — may have compatibility concerns. Downloads are up 8% this week. Support resolution rate: 0%.
4.3/570 reviews
50K+active installs
0%resolved
10 yearssince 2016
Overview
HTTP Headers gives your control over the http headers returned by your blog or website.
Headers supported by HTTP Headers includes:
- Access-Control-Allow-Origin
- Access-Control-Allow-Credentials
- Access-Control-Max-Age
- Access-Control-Allow-Methods
- Access-Control-Allow-Headers
- Access-Control-Expose-Headers
- Age
- Content-Security-Policy
- Content-Security-Policy-Report-Only
- Cache-Control
- Clear-Site-Data
- Connection
- Content-Encoding
- Content-Type
- Cross-Origin-Embedder-Policy
- Cross-Origin-Opener-Policy
- Cross-Origin-Resource-Policy
- Expect-CT
- Expires
- Feature-Policy
- NEL
- Permissions-Policy
- Pragma
- P3P
- Referrer-Policy
- Report-To
- Strict-Transport-Security
- Timing-Allow-Origin
- Vary
- WWW-Authenticate
- X-Content-Type-Options
- X-DNS-Prefetch-Control
- X-Download-Options
- X-Frame-Options
- X-Permitted-Cross-Domain-Polici…
Screenshots
Ratings & Reviews
4.370 reviews
5 ★
51
4 ★
5
3 ★
4
2 ★
5
1 ★
5
Recent Reviews
Make Main and sub-domain site down
by ysc711·7 months ago·2 replies
Never use this plugin as the security settings make my main site and all sub-domain sites down and even after uninstallation / removal of everything and start to install a new WP, it doesn’t work anymore
worked exactly as promised except 2
by fairshareitservices·11 months ago
worked exactly as promised except 2
Easy to use and almost perfect
by sunb1·1 year ago
Went through a bunch of options of adding security headers to my sites and settled on this plugin.
Would be 5 stars if two things get fixed/added. 1st is that it would be great to have a save button at the top also so you don’t have to scroll so much to the bottom to save options (especially on CSP screen). And the 2nd would be that the boxes where we are able to input sites etc, sometimes you have to paste numerous websites in that field and it is ridiculously annoying to try to scroll through, see whats already there or copy and paste outside in notepad for example and then paste it back in. Would be great if that field could be expanded or just bigger.
Not compatible with Elementor
by RipRapRob·1 year ago
When used with Elementor, you can’t edit the pages. Had to uninstall, since I don’t know what else it will break.
effective plugin – save the x-content-type
by swampscrapper·1 year ago·2 replies
I am finding this a very effective tool to help clients reach security compliance. There is one glitch I believe, however, is with the x-content-type-options. Once you enable this the only option is “nosniff”. And once enabled, there is no way to reset it. And unfortunately i believe this setting is creating errors on my site. I can’t even seem to find the line for it in my .htaccess file. Any recommendations?
Download Trends
Today: 116Yesterday: 153This week: 833Period total: 61K
Compatibility
| WordPress | 3.2+ requiredTested up to 6.7.5 |
| PHP | 5.3+ required |
Version Adoption
v1.19
91.5%
v1.18
7.6%
Other
0.9%
Frequently Asked Questions
Changelog
1.19.2
Release Date – 22nd December, 2024
- Added “script-src-elem” directive to “Content-Security-Policy” header
- Added “script-src-attr” directive to “Content-Security-Policy” header
- Added “style-src-elem” directive to “Content-Security-Policy” header
- Added “style-src-attr” directive to “Content-Security-Policy” header
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.