HTTP Headers

Developed by

Not Version 9 Ready Yet.
I've been playing with the .htaccess settings for few weeks, didn't quite get all the green lights with ‘https://www…


Response headers allow a server to send additional information with a response. HTTP response headers can be used for many purposes. E.g. to tell how long a result may be cached, which server the request handled, or what kind of data is returned. The HTTP Headers add-on focuses on security headers.

Available headers

The following response headers can be configured:

  • Content-Security-Policy (CSP)
  • Referrer-Policy
  • Strict-Transport-Security
  • X-Content-Type-Options
  • X-XSS-Protection

Target audience

HTTP Headers is an add-on for advanced users. It can be used by beginners, but it is expected the user is familiar with HTTP headers and how they should be configured.


Once HTTP Headers is installed, you can also inspect the response headers via the dashboard Test page. You'd also run a scan via, or run a cURL command, e.g. with curl -I (the -I makes sure only the headers are shown).


- PHP 5.6+
- concrete5 8.3.1+

See all add-ons from A3020

Current Version: 1.0.1
Fully Translatable: Yes
Needs External Libraries: No
Compatible 8.3.1+
License: Standard
Support Response: Replies to tickets every few days.
Support Hosted: On
Needs extra server permissions: No
Needs Internet: No
Marketplace Tests:
Passed Automated Tests
Passed PRB Review