Adding Custom Headers to Your WordPress Site

Category: Tutorials Last modified: May 22, 2023

If you’d like to add custom headers to your site, we recommend doing so by creating a file called custom-redirects.php in your site root, if it is not there already.

As we do not allow modification of the server configuration files, custom-redirects.php is the only method by which Pressable can add these headers. If you prefer to use a plugin, check out the HTTP Headers plugin in the WordPress.org repository.

Working with custom-redirects.php

custom-redirects.php is prepended to any PHP script that is accessed on a Pressable site. For example, if you access https://yoursite.com/some_php_file.php, custom-redirects.php will be loaded before the code in some_php_file.php.

Some common headers that you may want to set are the following:

header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('Referrer-Policy: no-referrer-when-downgrade');

Cache headers are set via Batcache when a cached render of your page is available, so those should not be set in custom-redirects.php.

Additionally, strict-transport-security headers are added automatically and are not modifiable.

A friendly support expert working on a laptop.

Still need support?

We do our best to write helpful documentation but we understand that sometimes you just need extra help. Log into your MyPressable dashboard and chat with one of our friendly experts 24 hours a day, 7 days a week.

G2 leader small business badge. G2 easiest setup mid-market badge. G2 badge - best results - small business spring 2023 G2 best support mid-market badge.

Learn more about our WordPress cloud platform