Now available! Manage your sites, clients, and billing all from one place with Growth Suite.

Learn More

Enabling HTTP headers

Updated on July 14th, 2021

Flywheel customers often find value in manipulating their site’s HTTP headers. Configuring a combination of headers can aid in the security of your site as well as contribute to performance – and who doesn’t want a faster, more secure site?!

Thankfully, basic HTTP headers can be added to a WordPress site without much technical skill by using a plugin. More complex headers, composed by your development team, can be implemented with the help of Flywheel support. In this article, we’ll talk about what HTTP headers are, provide some examples, and discuss methods to add them to your site.


What are HTTP Headers?

HTTP headers are code that allow the server and the client browser to exchange information during a request or response. They can carry instructions or details regarding the browser, the requested page, the server capabilities, and more.


A comprehensive guide to HTTP Headers can be found over at MDN Web Docs.


HTTP Header Examples

Below are some examples of common HTTP headers and values. Click on the header type to learn more!

Strict-Transport-Security (HSTS)

The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP.


Strict-Transport-Security: max-age=63072000; includeSubDomains;


When utilizing the HSTS header, you can also submit your domain for HSTS Preloading. This will add your domain to a list of domains shipped out to browsers instructing them to never request anything over HTTP. This reduces calls made to your site and can potentially speed up initial load times for new visitors. Pretty nifty! You can submit your site here:

X-XSS-Protection (XSS)

The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.


X-XSS-Protection: 1


The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests.


Referrer-Policy: no-referrer-when-downgrade


The Cache-Control HTTP header holds directives (instructions) for caching in both requests and responses.


Cache-Control: max-age=<seconds>


How can I add HTTP headers to my site on Flywheel?


We recommend working with your developer to implement HTTP headers within your custom Theme or Plugin. WordPress provides a send_headers action hook to send additional HTTP Headers as needed.

Contact Flywheel support

Our support team is happy to help add HTTP Headers to your site – please prepare a list of specific HTTP Headers, methods, and values you would like added, and our support team will get them added to your site’s NGINX Web Server config. Just visit the help section of your Flywheel dashboard to create a support ticket!

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all


Everything about billing, invoices and payments can be found here.

View all


Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Growth Suite

Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.

View all


Flywheel help

Help is just a click away! Log into the Flywheel dashboard to instantly chat with an expert, open a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next WordPress site in minutes.

 Free migrations  24/7/365 support  14‑day demo sites