This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.



This plugin addresses the need for a simple way to add HTTP headers to outbound HTTP responses in your site.

These headers can include custom ones specific to your application, or can be security related. Some you may wish to specify to protect your site may include:

  • Public-Key-Pins
  • Strict-Transport-Security
  • X-Frame-Options
  • X-XSS-Protection
  • X-Content-Type-Options
  • Content-Security-Policy
  • Content-Security-Policy-Report-Only

Related Links


  • The plugin should appear in your plugins list when installed. Note the ‘Settings’ link where you can configure for Headit.
  • This is the settings window for Headit.


This section describes how to install the plugin and get it working.

  1. Upload the plugin files to the /wp-content/plugins/headit directory, or install the plugin through the WordPress plugins screen directly
  2. Activate the plugin through the Plugins screen in WordPress
  3. Use the Settings->Headit screen to configure the plugin


Can I set dynamic headers using Headit?

Currently Headit can only be used to add static headers to your site.

Can I override existing headers?

All headers added using this plugin will not replace existing headers present in the response.


There are no reviews for this plugin.

Contributors & Developers

“Headit” is open source software. The following people have contributed to this plugin.


Translate “Headit” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Able to set custom static response headers