內容簡介
WordPress外掛程式Security Headers是一個幫助提升網站安全性的瀏覽器外掛程式,它透過檢查正在瀏覽的網頁的HTTP headers,來尋找與常見安全header有關的資訊,例如Content-Security-Policy、Strict-Transport-Security和X-XSS-Protection,並且提供改進網站安全性的建議。使用起來簡單且易於安裝,推薦給任何想要提升網頁瀏覽體驗安全性的使用者。
問題與答案:
問題:什麼是Security Headers的作用?
答案:它可以透過檢查HTTP headers來尋找常見安全headers的資訊並且提供改進網站安全性的建議,從而提升網站的安全性。
問題:Security Headers有哪些檢查的安全headers?
答案:它會檢查Content-Security-Policy、Strict-Transport-Security和X-XSS-Protection等常見安全headers。
問題:Security Headers可以改善什麼?
答案:它可以改善網站的安全性。
問題:安裝使用Security Headers是否簡單?
答案:是的,使用起來簡單且易於安裝。
問題:推薦將Security Headers外掛程式推薦給哪些使用者?
答案:它推薦給任何想要提升網頁瀏覽體驗安全性的使用者。
問題:在WordPress界面中Security Headers的設置在哪裡?
答案:它在「設定」選單下的「Security Headers & Caching」選項中。
外掛標籤
開發者團隊
原文外掛簡介
Security Headers & Caching is a comprehensive WordPress plugin that helps protect your website by implementing essential HTTP security headers and optimizing performance through intelligent caching mechanisms. Compatible with all hosting providers including Aruba, SiteGround, Bluehost, and more.
Key Features
Easy Configuration – Simple admin interface to enable/disable security headers
Multiple Security Headers – Comprehensive security header support
Smart Caching – Configurable cache duration for better performance
Universal Compatibility – Works with all hosting providers
No Conflicts – Compatible with popular security and caching plugins
Translation Ready – Full internationalization support
Security Headers Included
X-Powered-By – Removes server technology information to prevent targeted attacks
Content-Security-Policy (CSP) – Controls which resources can be loaded to prevent XSS attacks
Strict-Transport-Security (HSTS) – Forces HTTPS connections for enhanced security
X-XSS-Protection – Enables XSS filtering in older browsers
X-Frame-Options – Prevents clickjacking attacks by controlling iframe embedding
X-Content-Type-Options – Prevents MIME type sniffing
Referrer-Policy – Controls how much referrer information is shared
Permissions-Policy – Controls browser features and APIs
Caching Features
Configurable cache duration (seconds)
Automatic cache headers management
Compatible with CDN services
No conflict with existing cache plugins
Why Security Headers Matter
Security headers are HTTP response headers that tell your browser how to behave when handling your website’s content. They help protect against:
Cross-Site Scripting (XSS) attacks
Clickjacking attempts
Code injection attacks
MIME type sniffing
Protocol downgrade attacks
And much more…
Developer Friendly
The plugin provides filters for developers to customize headers:
shc_security_headers – Filter to modify security headers array
Test Your Security
After installing and configuring the plugin, test your site’s security at:
* Security Headers
* Mozilla Observatory
Privacy
This plugin does not collect, store, or transmit any user data. It only modifies HTTP response headers sent by your server.
Developer Documentation
Filters
shc_security_headers
Modify the security headers before they are sent.
add_filter( 'shc_security_headers', function( $headers ) {
// Add custom header
$headers['X-Custom-Header'] = 'custom-value';
// Modify existing header
$headers['X-Frame-Options'] = 'DENY';
return $headers;
} );
Constants
SHC_VERSION – Plugin version number
SHC_PLUGIN_DIR – Plugin directory path
SHC_PLUGIN_URL – Plugin directory URL
SHC_PLUGIN_BASENAME – Plugin basename
Support
For support, feature requests, or bug reports, please visit:
* Plugin Website
Credits
Developed by Studio Be4 – Web Design & Development Agency
License
This plugin is licensed under the GPLv2 or later.
