Setting (security) HTTP response headers

We’ve a looming requirement to set some security headers, things like content-security-policy and cache-control.

These feel like something that should be able to be generated by Wordpress itself, rather than our needing to manually figure out what it needs.

Is this something we can just enable in Kinsta somewhere? I haven’t yet found a likely-looking tickbox.

Failing that, can we get Kinsta to return manually-entered headers, or will we need to configure those downstream?


Hey @Avi_Greenbury welcome to Kinsta Community!
As these type of headers requires custom values, there’s no tickbox or tools in MyKinsta that will enable those for you.
However, our support can manually add some headers in Nginx upon request, but the user will need to share which headers and values to add.

Feel free to start a support request via chat in MyKinsta whenever you know the values and headers you would like to add.