Adding Custom Headers to Your WordPress Site

Category: Tutorials Last modified: September 21, 2023

If you’d like to add custom headers to your site, we recommend doing so by creating a file called custom-redirects.php in your site root, if it is not there already.

As we do not allow modification of the server configuration files, custom-redirects.php is the only method by which Pressable can add these headers. If you prefer to use a plugin, check out the Redirection plugin in the WordPress.org repository and the plugin’s information on custom headers.

Working with custom-redirects.php

custom-redirects.php is prepended to any PHP script that is accessed on a Pressable site. For example, if you access https://yoursite.com/some_php_file.php, custom-redirects.php will be loaded before the code in some_php_file.php.

Some common headers that you may want to set are the following:

header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('Referrer-Policy: no-referrer-when-downgrade');

Cache headers are set via Batcache when a cached render of your page is available, so those should not be set in custom-redirects.php.

Additionally, strict-transport-security headers are added automatically and are not modifiable.

A friendly support expert working on a laptop.

Still Need Support?

We do our best to write useful documentation but we understand that sometimes you just need extra help. Log into your MyPressable dashboard and chat with one of our friendly experts 24 hours a day, 7 days a week.

G2 high performer mid-market. G2 easiest to do business with. G2 most implementable. G2 high performer for small business.

Learn more about our WordPress cloud platform