Title: Security Headers
Author: Joseph Mendez
Published: <strong>2022 年 9 月 24 日</strong>
Last modified: 2026 年 3 月 26 日

---

搜尋外掛

![](https://ps.w.org/firstpage-sg-security-headers/assets/banner-772x250.png?rev
=2789535)

![](https://ps.w.org/firstpage-sg-security-headers/assets/icon.svg?rev=2789535)

# Security Headers

 由 [Joseph Mendez](https://profiles.wordpress.org/joshme21/) 開發

[下載](https://downloads.wordpress.org/plugin/firstpage-sg-security-headers.1.4.0.zip)

 * [詳細資料](https://tw.wordpress.org/plugins/firstpage-sg-security-headers/#description)
 * [使用者評論](https://tw.wordpress.org/plugins/firstpage-sg-security-headers/#reviews)
 *  [安裝方式](https://tw.wordpress.org/plugins/firstpage-sg-security-headers/#installation)
 * [開發資訊](https://tw.wordpress.org/plugins/firstpage-sg-security-headers/#developers)

 [技術支援](https://wordpress.org/support/plugin/firstpage-sg-security-headers/)

## 外掛說明

Security Headers helps site owners manage modern browser security headers from inside
WordPress.

Features include:

 * Admin settings page under Settings > Security Headers
 * HSTS controls with preload warning
 * Referrer-Policy and X-Frame-Options settings
 * Permissions-Policy custom value field
 * Content-Security-Policy builder with Report-Only mode
 * Diagnostics screen showing configured headers
 * Test tool to fetch and inspect your live response headers
 * Import, export, and reset settings tools
 * Cleanup on uninstall

### Why security headers important?

When auditing websites, security headers are frequently forgotten.

Although some may argue that website security is unrelated to SEO, it does become
so when a site is compromised and search traffic completely disappears.

Everyone who publishes content online should pay special attention to security headers.

Getting hacked is not good. You lose traffic, customers and it’s a pain to resolve
all the issues.

But good thing you’re smart and have searched for this plugin :).

## 安裝方式

 1. Upload the plugin folder to `/wp-content/plugins/`
 2. Activate the plugin in WordPress
 3. Go to Settings > Security Headers
 4. Save your preferred configuration

## 常見問題集

### Is Content-Security-Policy enabled by default?

No. CSP is disabled by default because a strict policy can break scripts, styles,
embeds, or third-party integrations if it is not configured carefully.

### Should I use Report-Only mode first?

Yes. Report-Only mode is the safest way to start testing CSP because it reports 
problems without blocking resources.

### Does HSTS work on HTTP sites?

No. HSTS should only be enabled when your site is fully available over HTTPS.

## 使用者評論

![](https://secure.gravatar.com/avatar/043fa4640ad96d725a6e59cff4538afca1f74558ac131a2c04fb537f032fec21?
s=60&d=retro&r=g)

### 󠀁[Site Killer](https://wordpress.org/support/topic/site-killer-3/)󠁿

 [nofarrell](https://profiles.wordpress.org/nofarrell/) 2023 年 5 月 29 日

No warning, no instruction of what to do if you site goes down, no configuration
options, deleting the plugin directory does not resort your website. From my experience,
unless you have hours with nothing better to do except rebuild your WordPress website,
installing advise not to install this plugin

![](https://secure.gravatar.com/avatar/b6398168f573fac25a612a2eea6c89261fd77ca69cf66857f4df344d91b37a8a?
s=60&d=retro&r=g)

### 󠀁[great work – A+ score indeed!!!!](https://wordpress.org/support/topic/great-work-a-score-indeed/)󠁿

 [vevsglobal](https://profiles.wordpress.org/vevsglobalph/) 2022 年 9 月 27 日

I installed the plugin. great work!!!!!! from F score to A+ score. Thank you for
creating this plugin, t was really hard to do it on a htaccess file and server configuration
stuff not familiar… and with this plugin i dont need to touch teh htaccess file,
it works.

 [ 閱讀全部 2 則使用者評論 ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/)

## 參與者及開發者

以下人員參與了開源軟體〈Security Headers〉的開發相關工作。

參與者

 *   [ Joseph Mendez ](https://profiles.wordpress.org/joshme21/)

〈Security Headers〉外掛目前已有 2 個本地化語言版本。 感謝[全部譯者](https://translate.wordpress.org/projects/wp-plugins/firstpage-sg-security-headers/contributors)
為這個外掛做出的貢獻。

[將〈Security Headers〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/firstpage-sg-security-headers)

### 對開發相關資訊感興趣？

任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/firstpage-sg-security-headers/)、
查看 [SVN 存放庫](https://plugins.svn.wordpress.org/firstpage-sg-security-headers/)，
或透過 [RSS](https://plugins.trac.wordpress.org/log/firstpage-sg-security-headers/?limit=100&mode=stop_on_copy&format=rss)
訂閱[開發記錄](https://plugins.trac.wordpress.org/log/firstpage-sg-security-headers/)。

## 變更記錄

#### 1.3.0

 * Added diagnostics and live header testing tools in wp-admin.
 * Added import, export, and reset tools for plugin settings.
 * Added a configurable Content-Security-Policy builder with Report-Only support.
 * Added uninstall cleanup for stored plugin options.

#### 1.2.0

 * Added a WordPress admin settings page under Settings > Security Headers.
 * Added saved plugin options with sanitization and safer defaults.
 * Connected PHP and Apache header output to the saved admin settings.

#### 1.1.0

 * Updated plugin metadata for modern WordPress compatibility.
 * Removed deprecated legacy headers.
 * Limited default headers to a conservative modern set to reduce breakage.
 * Only sends HSTS on HTTPS requests.

#### 1.0.0

 * First release

## 中繼資料

 *  版本 **1.4.0**
 *  最後更新 **3 個月前**
 *  啟用安裝數 **700+**
 *  WordPress 版本需求 ** 6.0 或更新版本 **
 *  已測試相容的 WordPress 版本 **6.9.4**
 *  PHP 版本需求 ** 7.4 或更新版本 **
 *  語言
 * [English (US)](https://wordpress.org/plugins/firstpage-sg-security-headers/)、
   [Spanish (Chile)](https://cl.wordpress.org/plugins/firstpage-sg-security-headers/)、
   及 [Spanish (Spain)](https://es.wordpress.org/plugins/firstpage-sg-security-headers/).
 *  [將這個外掛本地化為你的母語版本](https://translate.wordpress.org/projects/wp-plugins/firstpage-sg-security-headers)
 * 標籤:
 * [Security Headers](https://tw.wordpress.org/plugins/tags/security-headers/)
 *  [進階檢視](https://tw.wordpress.org/plugins/firstpage-sg-security-headers/advanced/)

## 評分

 3 星，滿分為 5 星

 *  [  1 個 5 星使用者評論     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=5)
 *  [  0 個 4 星使用者評論     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=4)
 *  [  0 個 3 星使用者評論     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=3)
 *  [  0 個 2 星使用者評論     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=2)
 *  [  1 個 1 星使用者評論     ](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/?filter=1)

[Your review](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/#new-post)

[查看全部使用者評論](https://wordpress.org/support/plugin/firstpage-sg-security-headers/reviews/)

## 參與者

 *   [ Joseph Mendez ](https://profiles.wordpress.org/joshme21/)

## 技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

 [檢視技術支援論壇](https://wordpress.org/support/plugin/firstpage-sg-security-headers/)

## 贊助

想要支援這個外掛的發展嗎？

 [ 贊助這個外掛 ](https://paypal.me/jose88882020)