Bluehost Agency: Adding Custom Headers to Your WordPress Site

HTTP headers play a vital role in how your website communicates with your visitors' browsers, affecting everything from security to how content is handled. In this guide, we'll explore what HTTP headers are and show you how to add them to your site effectively.

What Are HTTP Headers?
Best Practices and Considerations
How to add the custom-redirects.php file
Summary

What Are HTTP Headers?

HTTP headers are directives sent from a web server to a visitor’s browser along with the site’s content. They tell the browser how to process that content—such as enforcing security policies, controlling caching behavior, or providing information about the server itself.

While the Bluehost platform includes strong security defaults, you may still need to add custom headers to satisfy a security scanner’s requirements or to enable advanced features. This guide shows the proper way to implement them using the custom-redirects.php file.

Best Practices and Considerations

Testing: Be sure to carefully test any changes made via custom-redirects.php, particularly with caching systems like page cache and edge cache. Incorrect configurations may lead to unexpected results or performance issues.
Performance Impact: Because custom-redirects.php is executed on every request, overusing complex scripts or multiple redirects can negatively impact your site's performance. Always consider performance when using this file.

How to add the custom-redirects.php file

The most reliable way to add custom headers to your site is by using a dedicated file named custom-redirects.php in your site’s root directory (/htdocs). If the file isn’t already there, you can create it—our platform will automatically load it whenever your site runs.

Connect to your site using SSH or SFTP, and you should be in /htdocs when you connect.
Create or edit the file named custom-redirects.php.
Add your custom header functions to this file.

Note: Cache headers are set via Batcache when a cached render of your page is available, so those should not be set in custom-redirects.php.

Example Custom Header:

<?php
// Add custom headers to your site.
// Each header should be on its own line.
header('X-Content-Type-Options: nosniff');
header('X-Frame-Options: SAMEORIGIN');
header('Referrer-Policy: no-referrer-when-downgrade');
header('X-XSS-Protection: 1; mode=block');
?>

This file is executed with each PHP request that your site handles, so only incorporate headers that should be applied across the entire site. Exercise caution—adding wrong or incorrectly formatted headers can lead to issues with various parts of your site.

Summary

To add custom HTTP headers, simply create or update the custom-redirects.php file in your /htdocs directory using SSH or SFTP, then insert your header rules. As this file executes with every PHP request, we advise you to thoroughly test your modifications to prevent any caching issues or performance problems. If you have any doubts about the steps, our Support team is always available to assist you.

If you need further assistance, feel free to contact us via Chat or Phone:

Chat Support - While on our website, you should see a CHAT bubble in the bottom right-hand corner of the page. Click anywhere on the bubble to begin a chat session.
Phone Support -
- US: 888-401-4678
- International: +1 801-765-9400

You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.

Did you find this article helpful?