On install and activation the header is inserted into requests, but the setting page does allow one to set any attributes. Users can edit the PHP as a work around. Seems overkill to have a plugin for one security related header, would make sense to offer other headers affecting XSS and sniffing for example.
You must log in to submit a review. You can also log in or register using the form near the top of this page.