Adding Custom Headers to Your WordPress Site

Category: Pressable Tutorials Last modified: January 24, 2024

If you’d like to add custom headers to your site, we recommend doing so by creating a file called custom-redirects.php in your site root, if it is not there already.

As we do not allow modification of the server configuration files, custom-redirects.php is the only method by which Pressable can add these headers. If you prefer to use a plugin, check out the Redirection plugin in the WordPress.org repository and the plugin’s information on custom headers.

Working with custom-redirects.php

custom-redirects.php is prepended to any PHP script that is accessed on a Pressable site. For example, if you access https://yoursite.com/some_php_file.php, custom-redirects.php will be loaded before the code in some_php_file.php.

Some common headers that you may want to set are the following:

header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('Referrer-Policy: no-referrer-when-downgrade');

Cache headers are set via Batcache when a cached render of your page is available, so those should not be set in custom-redirects.php.

Additionally, strict-transport-security headers are added automatically and are not modifiable.

A friendly support expert working on a laptop.

Still Need Support?

We do our best to write useful documentation but we understand that sometimes you just need extra help. Log into your MyPressable dashboard and chat with one of our friendly experts 24 hours a day, 7 days a week.

G2 Easiest Admin for mid-market spring 2024 G2 badge highest user adoption for mid-market spring 2024 G2 badge high performer spring 2024 G2 badge best results for mid-market spring 2024

Learn more about our WordPress cloud platform