Adding Custom Headers to Your WordPress Site
If you’d like to add custom headers to your site, we recommend doing so by creating a file called custom-redirects.php
in your site root, if it is not there already.
As we do not allow modification of the server configuration files, custom-redirects.php
is the only method by which Pressable can add these headers. If you prefer to use a plugin, check out the HTTP Headers plugin in the WordPress.org repository.
Working with custom-redirects.php
custom-redirects.php
is prepended to any PHP script that is accessed on a Pressable site. For example, if you access https://yoursite.com/some_php_file.php
, custom-redirects.php
will be loaded before the code in some_php_file.php
.
Some common headers that you may want to set are the following:
header('X-XSS-Protection: 1; mode=block'); header('X-Content-Type-Options: nosniff'); header('X-Frame-Options: SAMEORIGIN'); header('Referrer-Policy: no-referrer-when-downgrade');
Cache headers are set via Batcache when a cached render of your page is available, so those should not be set in custom-redirects.php
.
Additionally, strict-transport-security
headers are added automatically and are not modifiable.