Security Headers Audit

Security Headers Audit helps WordPress site owners strengthen browser-side security through modern HTTP security headers and comprehensive auditing tools.

The plugin provides an easy-to-use interface for configuring recommended security headers, monitoring Content Security Policy (CSP) violations, recording browser console errors, and tracking security-related configuration changes within WordPress.

By implementing industry-standard browser security protections, Security Headers Audit can help reduce exposure to common web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME-type attacks, and unsafe cross-origin interactions.

Key Features

• Configure HTTP Security Headers from a centralized dashboard.
• Content Security Policy (CSP) management.
• Strict-Transport-Security (HSTS) support.
• X-Frame-Options protection against clickjacking.
• X-Content-Type-Options support to prevent MIME sniffing.
• Referrer-Policy management.
• Permissions-Policy configuration for browser feature control.
• Cross-Origin-Opener-Policy (COOP) support.
• Cross-Origin-Embedder-Policy (COEP) support.
• Cross-Origin-Resource-Policy (CORP) support.
• CSP violation monitoring and logging.
• Browser console error collection.
• Security configuration audit trail.
• Import and export settings.
• Clean uninstall support.

Supported Security Headers

• Content-Security-Policy (CSP)
• Strict-Transport-Security (HSTS)
• X-Frame-Options
• X-Content-Type-Options
• Referrer-Policy
• Permissions-Policy
• Cross-Origin-Opener-Policy (COOP)
• Cross-Origin-Embedder-Policy (COEP)
• Cross-Origin-Resource-Policy (CORP)