Title: Secure HTTP Headers
Author: shasha310
Published: <strong>13. април 2021.</strong>
Last modified: 13. април 2021.

---

Претражи додатке

![](https://ps.w.org/secure-http-headers/assets/banner-772x250.png?rev=2513905)

Овај додатак **није испробан са последња 3 главна издања Вордпреса**.Можда се више
не одржава или подржава и можда има грешке са усклађеношћу са новијим издањима Вордреса.

![](https://ps.w.org/secure-http-headers/assets/icon-128x128.png?rev=2513803)

# Secure HTTP Headers

 [shasha310](https://profiles.wordpress.org/shasha310/)

[Преузимање](https://downloads.wordpress.org/plugin/secure-http-headers.1.0.zip)

 * [Детаљи](https://sr.wordpress.org/plugins/secure-http-headers/#description)
 * [Прегледи](https://sr.wordpress.org/plugins/secure-http-headers/#reviews)
 *  [Постављање](https://sr.wordpress.org/plugins/secure-http-headers/#installation)
 * [Изградња](https://sr.wordpress.org/plugins/secure-http-headers/#developers)

 [Подршка](https://wordpress.org/support/plugin/secure-http-headers/)

## Опис

Harden your web applications.

HTTP header fields are components of the header section of request and response 
messages. The headers define the operating parameters of an HTTP transaction.

Securing HTTP headers will improve the resilience of your web application against
many common attacks including those that are on the OWASP top 10 list.

Securing headers can also improve your SEO rank and in addition to preventing websites
from being marked as dangerous by browsers and antivirus applications.

Protect sensitive user information and be compliant with privacy regulations. Defend
users from stealing private data by protecting website cookies. Use the proper directive
such as „secure“, „httponly“ and „samesite“, all of those will be applied automatically
by „Secure HTTP Headers“ plugin.

Secure HTTP Headers will automatically analyze any website and will build up secure
headers directives, by the latest best practice.

In addition, Secure HTTP Headers offers fully configurable options, apply or skip
any header directive as needed.

Install and activate Secure HTTP Headers with full confidence, the deactivation 
of this plugin will return your website header directives to their original state.

### Main plugin functionality

 1.  HTTP Strict Transport Security – helps to protect websites against man-in-the-
     middle attacks and cookie hijacking
 2.  X-Frame-Options – helps to protect users against ClickJacking attacks
 3.  X-Content-Type-Options – helps to prevent the browser from MIME-sniffing
 4.  Referrer-Policy – helps to control how much referrer information should be included
     with requests
 5.  Clear-Site-Data – helps to ensure that data is deleted from the browser if the
     user logs out
 6.  X-Download-Options – helps to control how IE 8 will handle downloaded HTML files
 7.  Access-Control-Allow-Origin – helps to ensure whether the response can be shared
     with requesting code from the given origin
 8.  Cross-Origin-Embedder-Policy – helps to prevent a document from loading any cross-
     origin resources that don’t explicitly grant the document permission
 9.  Permissions-Policy – helps to allow and deny the use of browser features in its
     own frame, and in content within any iframe elements in the document
 10. Cross-Origin-Opener-Policy – helps to protect websites against a set of cross-
     origin attacks dubbed XS-Leaks
 11. Cross-Origin-Resource-Policy – helps to protect websites against speculative side-
     channel attacks, like Spectre, as well as Cross-Site Script Inclusion attacks
 12. X-Permitted-Cross-Domain-Policies – helps to control how cross-domain requests
     from Flash and PDF documents are handled
 13. Cookie Http-Only flag – helps to protect websites against Cross-Site Scripting,
     or XSS attacks
 14. Cookie Secure flag – helps to ensure that cookie is sent over a secure connection
 15. Cookie Samesite Lax flag – helps to protect websites against CSRF and XSSI attacks
 16. Expect-CT – helps to prevent the use of misissued certificates for a website. 
     Note: The Expect-CT will likely become obsolete in June 2021

### What are the optional extras?

Magnisec is offering „Secure HTTP Headers enhanced“

A plugin that contains, in addition, an engine that watches and builds in any website
changes a CSP – Content Security Policy that is best practice and recommended by
all professional securities experts, that mitigate XSS -Cross site Scripting, one
of the most common and destructive attacks.

Price: 50$ /year for a domain.

More details and installation [here](https://magnisec.com)

## Снимци екрана

[⌊In the left sidebar menu, navigate to Settings > Secure HTTP Headers and choose
your website's server⌉⌊In the left sidebar menu, navigate to Settings > Secure HTTP
Headers and choose your website's server⌉[

In the left sidebar menu, navigate to Settings > Secure HTTP Headers and choose 
your website’s server

[⌊Click the button "Recommended configuration" or choose your custom configuration⌉⌊
Click the button "Recommended configuration" or choose your custom configuration⌉[

Click the button „Recommended configuration“ or choose your custom configuration

[⌊If your server is NGINX, follow directions for securing your website⌉⌊If your 
server is NGINX, follow directions for securing your website⌉[

If your server is NGINX, follow directions for securing your website

## Постављање

 1. Upload plugin files to your plugins folder, or install using WordPress built-in
    Add New Plugin installer
 2. Activate the plugin
 3. Choose a custom configuration or select recommended one.

## ЧПП

### What will happen if I deactivate Secure HTTP Headers?

Your initial configuration will restore with no change.

## Прегледи

![](https://secure.gravatar.com/avatar/1b24085a7c8604bf616a16bb0b48aacd84b00a2ff79b2e98f4040f1e3974e9b9?
s=60&d=retro&r=g)

### 󠀁[Conflict with other Security Plugin](https://wordpress.org/support/topic/conflict-with-other-security-plugin/)󠁿

 [Mike Padua](https://profiles.wordpress.org/jsuria/) 11. јун 2021.

This plugin has not been thoroughly tested. It caused a code 500 error on our Wordpress
installation (good thing it was just staging!), making the site and admin panel 
inaccessible. Please pull this out of the plugin market as this needs to be tested
alongside different security plugins as well.

![](https://secure.gravatar.com/avatar/fd1d58ce44ef22dd5be33ba7dff3235101a6ab0102776b77dda7ccbd30c23405?
s=60&d=retro&r=g)

### 󠀁[Works.](https://wordpress.org/support/topic/works-1911/)󠁿

 [Curtis](https://profiles.wordpress.org/salsafire/) 5. јун 2021.

Thank you for developing this plugin. Combined with another plugin, the default 
configuration is helping to get the ‘A’ rating I was looking for from the url test.

 [ Види сва 2 прегледа ](https://wordpress.org/support/plugin/secure-http-headers/reviews/)

## Сарадници и градитељи

„Secure HTTP Headers“ је софтвер отвореног кода. Следећи људи су допринели овом 
додатку.

Сарадници

 *   [ shasha310 ](https://profiles.wordpress.org/shasha310/)

[Преведите „Secure HTTP Headers“ на свој језик.](https://translate.wordpress.org/projects/wp-plugins/secure-http-headers)

### Заинтересовани сте за градњу?

[Прегледајте код](https://plugins.trac.wordpress.org/browser/secure-http-headers/),
проверите [SVN складиште](https://plugins.svn.wordpress.org/secure-http-headers/)
или се пријавите на [белешку градње](https://plugins.trac.wordpress.org/log/secure-http-headers/)
преко [RSS-а](https://plugins.trac.wordpress.org/log/secure-http-headers/?limit=100&mode=stop_on_copy&format=rss).

## Белешка о изменама

#### 1.0

 * Initial Version.

## Мета

 *  Version **1.0**
 *  Last updated **5 година раније**
 *  Active installations **100+**
 *  WordPress version ** 5.3 или новије **
 *  Tested up to **5.7.15**
 *  PHP version ** 7.2 или новије **
 *  Language
 * [English (US)](https://wordpress.org/plugins/secure-http-headers/)
 * Tags
 * [cookies](https://sr.wordpress.org/plugins/tags/cookies/)[hardening](https://sr.wordpress.org/plugins/tags/hardening/)
   [headers](https://sr.wordpress.org/plugins/tags/headers/)[security](https://sr.wordpress.org/plugins/tags/security/)
 *  [Напредни преглед](https://sr.wordpress.org/plugins/secure-http-headers/advanced/)

## Оцене

 3 out of 5 stars.

 *  [  1 5-star review     ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=5)
 *  [  0 4-star reviews     ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=4)
 *  [  0 3-star reviews     ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=3)
 *  [  0 2-star reviews     ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=2)
 *  [  1 1-star review     ](https://wordpress.org/support/plugin/secure-http-headers/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/secure-http-headers/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/secure-http-headers/reviews/)

## Сарадници

 *   [ shasha310 ](https://profiles.wordpress.org/shasha310/)

## Подршка

Имате нешто да кажете? Потребна вам је помоћ?

 [Види форум подршке](https://wordpress.org/support/plugin/secure-http-headers/)