If you’d like to add custom headers to your site, we recommend doing so by creating a file called
custom-redirects.php in your site root, if it is not there already.
As we do not allow modification of the server configuration files,
custom-redirects.php is the only method by which Pressable can add these headers. If you prefer to use a plugin, check out the HTTP Headers plugin in the WordPress.org repository.
Working with custom-redirects.php
custom-redirects.php is prepended to any PHP script that is accessed on a Pressable site. For example, if you access
custom-redirects.php will be loaded before the code in
Some common headers that you may want to set are the following:
header('X-XSS-Protection: 1; mode=block'); header('X-Content-Type-Options: nosniff'); header('X-Frame-Options: SAMEORIGIN'); header('Referrer-Policy: no-referrer-when-downgrade');
Cache headers are set via Batcache when a cached render of your page is available, so those should not be set in
strict-transport-security headers are added automatically and are not modifiable.