X-Pingback
Automated backlink notifications between WordPress sites depend on discovering the pingback endpoint. The X-Pingback unofficial response header provides the URL of a site's XML-RPC pingback handler.
Note
The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated and needs to be transitioned to the formal naming convention for HTTP headers.
Usage
WordPress automatically adds the X-Pingback
header to every response when pingbacks are enabled.
The header value points to the site's xmlrpc.php
file, which handles incoming pingback notifications.
The Pingback protocol allows one website to notify
another when linking to its content. When site A
publishes a post containing a link to site B, site A
sends an XML-RPC request to the pingback endpoint
advertised by site B. This creates a backlink
reference on site B, similar to a trackback. The
X-Pingback header is one of two discovery
methods for the endpoint. The other is a <link>
element in the HTML <head>.
The header originates from the
Pingback 1.0 specification,
which predates modern linking and webmention
standards. While the protocol remains functional in
WordPress, many site operators disable pingbacks
due to spam abuse and the security surface exposed
by the xmlrpc.php endpoint. Disabling XML-RPC or
pingbacks in WordPress settings removes this header
from responses.
Values
The value is always an absolute URL pointing to the
site's XML-RPC endpoint. In WordPress installations,
this is the xmlrpc.php file at the site root or
within a subdirectory when WordPress is installed in
a subfolder.
Example
A standard WordPress site includes the pingback
endpoint at the root of the domain. The URL points
to the xmlrpc.php handler where incoming pingback
requests are processed.
X-Pingback: https://example.re/xmlrpc.php
When WordPress is installed in a subdirectory, the endpoint URL reflects the installation path.
X-Pingback: https://example.re/wordpress/xmlrpc.php
A full response showing the X-Pingback header alongside other common WordPress headers. The X-Redirect-By header identifies WordPress as the redirect source, while X-Pingback advertises the pingback endpoint.
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Pingback: https://example.re/xmlrpc.php
X-Redirect-By: WordPress
Note
Pingbacks were once considered an SEO signal
because they generate backlinks between sites.
In practice, search engines assign little to no
value to pingback-generated links. Most pingback
traffic is automated spam, and the xmlrpc.php
endpoint is a frequent target for DDoS
amplification and brute-force attacks. Disabling
pingbacks and removing the X-Pingback header
reduces attack surface without any measurable
SEO impact.