Этот плагин был закрыт с 03.03.2021, он более не доступен для загрузки. Плагин был закрыт временно, ожидается проверка.


First of all this plugin didn't update htaccess itself, no new headers were not generated. So I had to do it manually. Secondly there is an error in the suggested htaccess code: # HTTP security settings start Header set Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Header set X-Frame-Options: SAMEORIGIN Header set Referrer-Policy: strict-origin-when-cross-origin Header set X-XSS-Protection: "1; mode=block" Header set X-Content-Type-Options: nosniff # HTTP security settings end It generates 500 error with "Too many arguments to directive" in the logs. The solution is to add "" to the line: Header set Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload" I would also suggest to add enclosure: <IfModule mod_headers.c> </IfModule>
This plugin solved security issues in the header - works very well!
Up to the v. 2.5.6 there is the only neglect: in summer 2020 Feature-Policy header has been renamed to Permissions-Policy. I hope it will be fixed with the next plugin update.
I've learned a lot about Content Security Policy in the last 2 days. This is a good plugin for managing HTTP headers for security improvements.
This has been a very useful plugin at shoring up HSTS. Make sure you test your site at each step to ensure the very policy you are implementing doesn't block needed content. Once you've got the hang of how it works it is easy to setup and configure.
Посмотреть все 18 отзывов

Участники и разработчики

«HTTP headers to improve web site security» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:


«HTTP headers to improve web site security» переведён на 8 языков. Благодарим переводчиков за их работу.

Перевести «HTTP headers to improve web site security» на ваш язык.

Заинтересованы в разработке?

Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.