HTTP Security Header
HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.
This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.
🔎 Scan Your Website Security Headers
Before configuring headers, instantly check your website’s current security score using our online header scanner:
👉 Scan Your Website Security Headers
✔ Enter your website URL ✔ Get instant Security Grade (A+ to F) ✔ See which headers are Present or Missing ✔ Get clear, actionable recommendations ✔ Easily fix them using this plugin
Used by thousands of websites to enhance security and protect user data.
Features Include: – Visual toggles for enabling/disabling headers – Option to use default or custom header values – Secure fallback if a header is misconfigured – Integrated header validation – Support for all major browser-supported headers – Nonce-based saving and admin notices – WP Multisite compatible – “Disable All” and “Reset to Important Headers” actions – Per-header input validation with real-time error fallback
Supported Headers: * Strict-Transport-Security (HSTS) * X-Frame-Options * X-Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy * X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin-Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder-Policy (COEP)
Features
- Lightweight and performance-focused
- No front-end impact
- Choose default or custom header values
- Secure validation and auto-fallbacks
- Seamless plugin compatibility (including WP Rocket)
- Fully translation-ready and i18n-compliant
- Nonce-protected admin save actions
- Optional reset-to-default support
- Reset or disable all headers with one click