Skip to content

How-to Guides

Technical References

Change or remove HTTP headers added by VIP Go

By default, VIP adds two custom HTTP response headers to every application we host. These headers help us monitor our platform and can be useful when troubleshooting the origin of a request, but if required they can be removed.

HTTP headers are not visible when viewing web pages in a browser, neither are they visible when viewing the HTML source for a web page. HTTP headers are part of the HTTP protocol used to request web pages and request responses from API endpoints, and also to send the response, e.g. the web page or the API response.

HTTP headers added by our platform, along with all other request and response headers, can be inspected by savvy users using specific tools, e.g. cURL. Here is an example of the X-hacker and X-Powered-By HTTP headers added by our platform:

X-hacker: If you’re reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
X-Powered-By: WordPress.com VIP <https://wpvip.com>

How to change or remove the headers

To alter the headers, use the wp_headers filter to unset or modify them as desired. The source code contains the latest header keys and can be used as a reference.

The following snippet can be used to remove the X-hacker header:

add_filter( 'wp_headers', function( $headers ) {
    if ( isset( $headers['X-hacker'] ) ) {
        unset( $headers['X-hacker'] );
    }
    return $headers;
}, 999 );

To change the value of a header, replace the value with a new one. For example:

add_filter( 'wp_headers', function( $headers ) {
   $headers['X-hacker'] = 'Follow the white rabbit over to wpvip.com/careers to join our team.';
   $headers['X-Powered-By'] = 'WordPress VIP, an Automattic Production.';
    return $headers;
}, 999 );

These two snippets can also be mixed and matched as needed.

Last updated: October 16, 2020