Title: Fix It Easy Security Headers Author: WP Fix It - WordPress Experts Published: 24 août 2025 Last modified: 24 août 2025 --- Recherche d’extensions ![](https://ps.w.org/fix-it-easy-security-headers/assets/banner-772x250.png?rev= 3349315) ![](https://ps.w.org/fix-it-easy-security-headers/assets/icon-256x256.gif?rev=3349315) # Fix It Easy Security Headers Par [WP Fix It – WordPress Experts](https://profiles.wordpress.org/wpfixit/) [Télécharger](https://downloads.wordpress.org/plugin/fix-it-easy-security-headers.1.1.zip) * [Détails](https://fr.wordpress.org/plugins/fix-it-easy-security-headers/#description) * [Avis](https://fr.wordpress.org/plugins/fix-it-easy-security-headers/#reviews) * [Installation](https://fr.wordpress.org/plugins/fix-it-easy-security-headers/#installation) * [Développement](https://fr.wordpress.org/plugins/fix-it-easy-security-headers/#developers) [Support](https://wordpress.org/support/plugin/fix-it-easy-security-headers/) ## Description **WP Fix It Easy Security Headers** adds a simple page under **Tools Security Headers** where you can toggle common HTTP security headers: * **Strict-Transport-Security (HSTS)** * **Content-Security-Policy (CSP)** * **X-Frame-Options** * **X-Content-Type-Options** * **Referrer-Policy** * **Permissions-Policy** On activation, all headers are **enabled by default** and you’re redirected to the settings screen. For convenience, the page and the Plugins screen include a **“Check Headers”** button that opens SecurityHeaders.com with your site’s URL prefilled (built dynamically from `home_url()`). ### Notes on CSP This plugin ships with a **permissive** default CSP intended to “work everywhere” out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site. ### Key Features * One-click toggles for popular headers * Dynamic “Check Headers” scan link * Uses the WordPress Settings API (nonce + capability checks) * Output escaping and sanitization following PHPCS ## Captures d’écrans * [[ * Settings screen with header toggles and “Check Headers” button. ## Installation 1. Upload the plugin folder to `/wp-content/plugins/fix-it-easy-security-headers/` or install via Plugins Add New. 2. Activate the plugin. 3. You’ll be redirected to **Tools Security Headers**. Review and adjust toggles as needed. 4. (Optional) Click **Check Headers** to verify your headers on SecurityHeaders.com. ## FAQ ### Where do I manage the settings? Go to **Tools Security Headers**. ### What happens on activation? All header options are enabled and you’re redirected once to the settings page. ### Will this break my site? Most headers are safe defaults. The provided CSP is intentionally permissive; it shouldn’t block assets. For strict CSPs, tailor directives to your stack and test. ### Can I use this on multisite? Yes. The “Check Headers” URL is derived from `home_url()`. Activation redirect is skipped for network/bulk activations. ### Why don’t I see a “Settings saved” notice twice? The page prints only this plugin’s scoped settings messages to avoid duplicate notices. ### Can I customize the CSP? Yes. You can modify the `$csp` string in `security_headers_add_headers()` to fit your site’s needs. ## Avis Il n’y a aucun avis pour cette extension. ## Contributeurs/contributrices & développeurs/développeuses « Fix It Easy Security Headers » est un logiciel libre. Les personnes suivantes ont contribué à cette extension. Contributeurs * [ WP Fix It – WordPress Experts ](https://profiles.wordpress.org/wpfixit/) [Traduisez « Fix It Easy Security Headers » dans votre langue.](https://translate.wordpress.org/projects/wp-plugins/fix-it-easy-security-headers) ### Le développement vous intéresse ? [Parcourir le code](https://plugins.trac.wordpress.org/browser/fix-it-easy-security-headers/), consulter le [SVN dépôt](https://plugins.svn.wordpress.org/fix-it-easy-security-headers/), ou s’inscrire au [journal de développement](https://plugins.trac.wordpress.org/log/fix-it-easy-security-headers/) par [RSS](https://plugins.trac.wordpress.org/log/fix-it-easy-security-headers/?limit=100&mode=stop_on_copy&format=rss). ## Journal des modifications #### 1.1 * Initial release. * Header toggles for HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer- Policy, Permissions-Policy. * Activation enables all options and redirects to settings. * Dynamic SecurityHeaders.com scan link. ## Méta * Version **1.1** * Dernière mise à jour **il y a 9 mois** * Installations actives **10+** * Version de WordPress ** 5.8 ou plus ** * Testé jusqu’à **6.8.5** * Version de PHP ** 7.4 ou plus ** * Langue * [English (US)](https://wordpress.org/plugins/fix-it-easy-security-headers/) * Étiquettes * [csp](https://fr.wordpress.org/plugins/tags/csp/)[headers](https://fr.wordpress.org/plugins/tags/headers/) [hsts](https://fr.wordpress.org/plugins/tags/hsts/)[security](https://fr.wordpress.org/plugins/tags/security/) * [Vue avancée](https://fr.wordpress.org/plugins/fix-it-easy-security-headers/advanced/) ## Évaluations Aucun avis n’a encore été envoyé. [Your review](https://wordpress.org/support/plugin/fix-it-easy-security-headers/reviews/#new-post) [Voir tous les avis](https://wordpress.org/support/plugin/fix-it-easy-security-headers/reviews/) ## Contributeurs * [ WP Fix It – WordPress Experts ](https://profiles.wordpress.org/wpfixit/) ## Support Quelque chose à dire ? Besoin d’aide ? [Voir le forum de support](https://wordpress.org/support/plugin/fix-it-easy-security-headers/) ## Faire un don Souhaitez-vous soutenir l’avancement de cette extension ? [ Faire un don à cette extension ](https://www.wpfixit.com)