Title: GD Security Headers Author: Milan Petrovic Published: 28 مارس 2019 Last modified: 12 می 2026 --- جستجوی افزونه‌ها ![](https://ps.w.org/gd-security-headers/assets/banner-772x250.png?rev=2058730) ![](https://ps.w.org/gd-security-headers/assets/icon.svg?rev=2889275) # GD Security Headers توسط [Milan Petrovic](https://profiles.wordpress.org/gdragon/) [دانلود](https://downloads.wordpress.org/plugin/gd-security-headers.zip) * [جزئیات](https://fa.wordpress.org/plugins/gd-security-headers/#description) * [نقد و بررسی‌ها](https://fa.wordpress.org/plugins/gd-security-headers/#reviews) * [نصب](https://fa.wordpress.org/plugins/gd-security-headers/#installation) * [توسعه](https://fa.wordpress.org/plugins/gd-security-headers/#developers) [پشتیبانی](https://wordpress.org/support/plugin/gd-security-headers/) ## توضیحات Configure various security-related HTTP headers, including Content Security Policy, Feature Policy, Referrer Policy and more. For CSP and XSS plugin supports report logging with 2 additional database tables to store reports from browsers. #### Supported security headers The plugin has support for the following HTTP headers: * Content Security Policy (CSP) – with reporting * XSS Protection (XXP) – with reporting * Feature Policy (Permissions Policy) * Content Type – No Sniff Policy * Strict Transport Security * Referrer Policy * Frame Options For CSP, the plugin allows you to set rules for all currently supported directives, additional settings including setting the policy in Report or Live mode. The plugin also includes special extensions that can automatically fill CSP rules for popular Google services you might be using on your website (Fonts, Maps, Adsense, Analytics, TagManager and more) and other popular services (Gravatar, Instagram, PayPal Vimeo and more). And, for Feature Policy (or Permissions Policy), the plugin allows you to set rules for all currently supported rules (over 25 rules, supported by different browsers). #### FLoC / Browsing Topics Permissions Policy rules list includes ‘browsing-topics’ rule that can be used to disable Google’s new tracking method ‘Browsing Topics API’ (which replaced ‘Federated Learning of Cohorts’ or ‘FLoC’). #### Methods for adding headers The plugin can add all the generated headers into HTACCESS file (for Apache web servers), and they will be applied to all files, not just WordPress generated content. If your website is not using Apache (or .HTACCESS), all rules are generated with each page request and will work with any server type. And, if you don’t use Apache web server, the plugin has a panel where it displays generated headers for most popular servers: Apache, Nginx and IIS, and you can copy generated headers to add to server configuration files. #### About the plugin * More information about [GD Security Headers](https://plugins.dev4press.com/gd-security-headers/) * Support and Knowledge Base for [GD Security Headers](https://support.dev4press.com/kb/product/gd-security-headers/) ## عکس‌های صفحه * [[ * Plugin Dashboard * [[ * CSP Reports * [[ * Various Headers settings * [[ * XSS Protection settings * [[ * Content Security Policy settings * [[ * Global settings * [[ * Generated security headers * [[ * Tools * [[ * HTACCESS with security headers ## نصب #### General Requirements * PHP: 7.4 or newer #### PHP Notice * Plugin doesn’t work with PHP 7.3 or older versions. #### WordPress Requirements * WordPress: 5.5 or newer #### WordPress Notice * Plugin doesn’t work with WordPress 5.4 or older versions. #### Basic Installation * Plugin folder in the WordPress plugins folder must be `gd-security-headers`. * Upload `gd-security-headers` folder to the `/wp-content/plugins/` directory. * Activate the plugin through the ‘Plugins’ menu in WordPress. ## سوالات متداول ### Does plugin work with WordPress MultiSite installations? Yes. In Multisite installation, the plugin is available for configuration on the Network level, and headers are configured for all sites in the network at once. ### Where can I configure the plugin? The plugin has its own top-level item in the WordPress admin side menu: GD Security Headers. This will open a panel with global plugin settings. In Multisite installation, a plugin panel is in the Network administration. ### Can I translate the plugin to my language? Yes. The POT file is provided as a base for translation. Translation files should go into Languages directory. ## نقد و بررسی‌ها ![](https://secure.gravatar.com/avatar/276fbbb6680dec89bc3cbde7e0e2e578361dfe5c7520c72b60d6d4e09e119fe0? s=60&d=retro&r=g) ### 󠀁[Extremely helpful](https://wordpress.org/support/topic/extremely-helpful-85/)󠁿 [nichu42](https://profiles.wordpress.org/nicolai42/) 3 ژوئن 2024 It’s the best plug-in for setting security headers that I found so far. Easy set- up, good explanations.But what really stands out is the local reporting feature! Thank you very much! ![](https://secure.gravatar.com/avatar/f5593e083e1c673953fec6e8537a808806fcb0e5dba8ff3528a96ea453ca3b95? s=60&d=retro&r=g) ### 󠀁[Does the business](https://wordpress.org/support/topic/does-the-business-2/)󠁿 [tszesty](https://profiles.wordpress.org/tszesty/) 13 فوریه 2023 Easy to install and relatively easy to configure.I only want to set CSP rules and it lets me do that easily, having the shortcuts for common rules such as Google Analytics etc is useful.The report-only features is clear and easy to use when starting to add rules and you need to gather a list of them.If had had one feature request it would be for the plugin to show an estimated header size.. I sometimes trip header size limits on a server when I need to add a lot of rules. If it coudl detect the server limit and warn if getting close – that’d be nice.All in all good plugin. Really dont know why some people only gave it 1 star, I can only assume they made mistakes configuring it. ![](https://secure.gravatar.com/avatar/5724f2d2f357ac934836583c6ab4e0ec52fb4228ea07bac5c76d14d43322c3d5? s=60&d=retro&r=g) ### 󠀁[Very usefull plugin](https://wordpress.org/support/topic/very-usefull-plugin-142/)󠁿 [nadeistos](https://profiles.wordpress.org/nadeistos/) 5 می 2022 A+ on headers scan, thank you for your work 🙂 ![](https://secure.gravatar.com/avatar/020f8ad7c559ee596f581f1f51540e369cfc88f5ff76ec62f9e8a324160caf66? s=60&d=retro&r=g) ### 󠀁[Good Error Support!](https://wordpress.org/support/topic/good-error-support/)󠁿 [Anonymous User](https://profiles.wordpress.org/anonymized-20115841/) 4 فوریه 2022 Thank you! ![](https://secure.gravatar.com/avatar/c4013d605692b83e8352621b52cd24ca743bd7918df5ddad2677f9136d775ff8? s=60&d=retro&r=g) ### 󠀁[A lot of mistakes in the generated CSP](https://wordpress.org/support/topic/a-lot-of-mistakes-in-the-generated-csp/)󠁿 [mesmer7](https://profiles.wordpress.org/mesmer7/) 4 سپتامبر 2021 1 پاسخ There are a lot mistakes in the generated Content-Security-Policy statement. It fails to insert the blob and data directives. It adds a semicolon and double quote at the end of the line that shouldn’t be there. The only thing this plugin is really good for is the report page. ![](https://secure.gravatar.com/avatar/103ba4deb01915e59d6001d845a545e0dde359b5a42a3b93849de7daced3115b? s=60&d=retro&r=g) ### 󠀁[invalid characters](https://wordpress.org/support/topic/invalid-characters/)󠁿 [advertino](https://profiles.wordpress.org/advertino/) 30 ژوئن 2021 The Content-Security-Policy directive ‘script-src’ contains ‘script-src’ as a source expression. Did you want to add it as a directive and forget a semicolon? The Content- Security-Policy directive name ‘widget.gleamjs.io’ contains one or more invalid characters. Only ASCII alphanumeric characters or dashes ‘-‘ are allowed in directive names. The Content-Security-Policy directive name ‘www.googletagservices.com’ contains one or more invalid characters. Only ASCII alphanumeric characters or dashes ‘-‘ are allowed in directive names. etc etc etc [ خواندن تمامی 8 نقد و بررسی‌ ](https://wordpress.org/support/plugin/gd-security-headers/reviews/) ## توسعه دهندگان و همکاران “GD Security Headers” نرم افزار متن باز است. افراد زیر در این افزونه مشارکت کرده‌اند. مشارکت کنندگان * [ Milan Petrovic ](https://profiles.wordpress.org/gdragon/) [ترجمه “GD Security Headers” به زبان شما.](https://translate.wordpress.org/projects/wp-plugins/gd-security-headers) ### علاقه‌ مند به توسعه هستید؟ [Browse the code](https://plugins.trac.wordpress.org/browser/gd-security-headers/), check out the [SVN repository](https://plugins.svn.wordpress.org/gd-security-headers/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/gd-security-headers/) by [RSS](https://plugins.trac.wordpress.org/log/gd-security-headers/?limit=100&mode=stop_on_copy&format=rss). ## گزارش تغییرات #### 1.9 (2026.05.12) * New: tested with WordPress up to 7.0 * Edit: improved import data sanitization * Edit: improvements to the echo of escaped values * Edit: sanitize user_agent on input before storing it * Edit: d4pLib 2.8.20 * Fix: XSS vulnerability via user_agent #### 1.8 (2024.06.07) * New: system requirements: PHP 7.4 or newer * New: tested with WordPress 6.4 to 6.6 * New: strict transport security: extra value for ‘preload’ flag * Edit: updated list of permissions policy elements * Edit: updated permissions policy, Browsing Topics replacing FLoC * Edit: added more information for some settings * Edit: changes to default values for some settings * Edit: d4pLib 2.8.17 #### 1.7.1 (2023.10.29) * Edit: improvements to the CSP logs panel input processing * Edit: improvements to the CSP logs panel arguments sanitization * Edit: improvements to the log classes PHP code * Fix: union based SQL injection vulnerability with the CSP logs panel #### 1.7 (2023.08.24) * New: system requirements: PHP 7.3 or newer * New: tested with WordPress 6.0 to 6.3 * Edit: various improvements to display escaping and sanitation * Edit: various improvements to the core code * Edit: d4pLib 2.8.15 * Fix: reflected XSS vulnerability with error message handling #### 1.6.1 (2022.05.16) * New: tested with WordPress 6.0 #### 1.6 (2022.02.04) * New: system requirements: PHP 7.2 or newer * New: system requirements: WordPress 5.3 or newer * New: tested with WordPress 5.9 * New: csp addon: send reports to custom log URL * New: csp addon: support for ‘base-uri’ directive * New: csp addon: predefined rules list for Instagram * Edit: csp addon: updated various predefined rules lists * Edit: csp addon: updated settings information about some rules * Edit: d4pLib 2.8.14 * Fix: csp addon: few typos in the rules names * Fix: csp addon: minor issues with saving settings #### 1.5 (2021.04.20) * New: feature/permissions policy addon: support for ‘interest-cohort’ * New: feature/permissions policy addon: dashboard information widget * Edit: feature/permissions policy addon: expanded information in the settings panel * Edit: feature/permissions policy addon: improved values explanations * Fix: feature/permissions policy addon: few typos in the rules names #### 1.4 (2020.10.05) * New: csp addon: generate predefined rules for one or more CDN’s * New: csp addon: predefined rules list for WordPress.org * New: csp addon: support for ‘prefetch-src’ directive * New: feature policy addon: support for updated ‘permission-policy’ version * New: feature policy addon: expanded list of policies that can be included * Edit: csp addon: improved settings organization showing CSP rule levels * Edit: feature policy addon: included support information for some policies * Edit: d4pLib 2.8.13 * Fix: csp addon: problem with generating the rules with ‘all’ basic value * Fix: feature policy addon: few minor issues with building rules #### 1.3 (2020.05.08) * Edit: csp addon: expanded some of the google based preset rules * Edit: d4pLib 2.8.8 * Fix: x-frame policy: invalid headers generated when not using .htaccess * Fix: strict-transport-security policy: invalid headers generated when not using. htaccess * Fix: referer policy: invalid headers generated when not using .htaccess * Fix: feature policy: problem printing empty policy header #### 1.2 (2019.12.05) * New: support for feature policy header * New: csp addon: predefined rules list for Google YouTube * New: csp addon: predefined rules list for Google Tag Manager * New: csp addon: predefined rules list for Gravatar * New: csp addon: predefined rules list for Gleam * New: csp addon: predefined rules list for Vimeo * New: csp addon: auto generated rules for some special data sources * Edit: csp addon: expanded some Google based preset rules * Edit: csp addon: various improvements in the generator * Edit: d4pLib 2.8.2 #### 1.1.1 (2019.08.15) * Edit: d4pLib 2.7.6 * Fix: problem with saving the plugin settings in some cases #### 1.1 (2019.05.11) * New: panel with generated headers for various servers * New: headers panel: for apache servers * New: headers panel: for nginx servers * New: headers panel: for iis servers * New: new method for building the HTACCESS headers * Edit: improved additional headers object * Edit: updated rules for Google Analytics * Edit: do not run when WordPress runs CRON * Edit: removed some unused code and strings #### 1.0 (2019.03.21) * First plugin version ## اطلاعات * نگارش **1.9** * Last updated **3 هفته پیش** * نصب‌های فعال **1,000+** * نگارش وردپرس ** 5.5 یا بالاتر ** * Tested up to **7.0** * نگارش PHP ** 7.4 یا بالاتر ** * زبان * [English (US)](https://wordpress.org/plugins/gd-security-headers/) * Tags * [content security policy](https://fa.wordpress.org/plugins/tags/content-security-policy/) [csp](https://fa.wordpress.org/plugins/tags/csp/)[dev4press](https://fa.wordpress.org/plugins/tags/dev4press/) [security](https://fa.wordpress.org/plugins/tags/security/) * [نمایش پیشرفته](https://fa.wordpress.org/plugins/gd-security-headers/advanced/) ## امتیازها 4 از 5 ستاره. * [ امتیاز 6 5-ستاره ](https://wordpress.org/support/plugin/gd-security-headers/reviews/?filter=5) * [ امتیاز 0 4-ستاره ](https://wordpress.org/support/plugin/gd-security-headers/reviews/?filter=4) * [ امتیاز 0 3-ستاره ](https://wordpress.org/support/plugin/gd-security-headers/reviews/?filter=3) * [ امتیاز 0 2-ستاره ](https://wordpress.org/support/plugin/gd-security-headers/reviews/?filter=2) * [ امتیاز 2 1-ستاره ](https://wordpress.org/support/plugin/gd-security-headers/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/gd-security-headers/reviews/#new-post) [مشاهده همه بررسی‌ها](https://wordpress.org/support/plugin/gd-security-headers/reviews/) ## مشارکت کنندگان * [ Milan Petrovic ](https://profiles.wordpress.org/gdragon/) ## پشتیبانی چیزی برای گفتن دارید؟ نیاز به کمک دارید؟ [مشاهده انجمن پشتیبانی](https://wordpress.org/support/plugin/gd-security-headers/) ## کمک مالی آیا تمایل دارید از پیشرفت این افزونه حمایت کنید؟ [ کمک مالی به این افزونه ](https://plugins.dev4press.com/gd-security-headers/)