What is the HTTP Response Headers module?

This module allows to set HTTP response headers (both standard and non-standard) on pages by various visibility rule settings. Currently the headers can be set by path, content type and user role.

Key Features

  1. Configure list of allowed headers
  2. Ability to configure HTTP headers per content type.
  3. Ability to configure HTTP headers per page.
  4. Ability to configure HTTP headers per user role.
  5. Ability to configure HTTP headers per response status.
  6. The module is using conditions plugins and can be extended. This potentially should also work with Groups module and other modules which provide condition plugins.

Features in Drupal 7 version may vary from Drupal 10 version.

About HTTP security headers

  1. Test your HTTP response headers (securityheaders.io)
  2. HTTP Security
  3. Content Security Policy Level 2
  4. HTTP Security Response Headers Cheat Sheet
  5. What are HTTP security headers?
Supporting organizations: 
Chapter Three (acquired by Kanopi Studios)
Drupal 10/11 development
Eurostar
Drupal 7 development

Project information

Releases

3.0.9 Stable release covered by the Drupal Security Team released 6 August 2024
Works with Drupal: ^9.5 || ^10 || ^11
Install:

Using Composer to manage Drupal site dependencies