HTTP Security Header
HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.
This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.
Features Include: – Visual toggles for enabling/disabling headers – Option to use default or custom header values – Secure fallback if a header is misconfigured – Integrated header validation – Support for all major browser-supported headers – Nonce-based saving and admin notices – WP Multisite compatible – « Disable All » and « Reset to Important Headers » actions – Per-header input validation with real-time error fallback
Supported Headers: * Strict-Transport-Security (HSTS) * X-Frame-Options * X-Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy * X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin-Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder-Policy (COEP)
Features
- Lightweight and performance-focused
- No front-end impact
- Choose default or custom header values
- Secure validation and auto-fallbacks
- Seamless plugin compatibility (e.g. WP Rocket)
- Fully translation-ready and i18n-compliant
- Nonce-protected admin save actions
- Optional reset-to-defaults support
- Reset or disable all headers with one click