HTTP Security Header

HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.

This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.

Features Include: — Visual toggles for enabling/disabling headers — Option to use default or custom header values — Secure fallback if a header is misconfigured — Integrated header validation — Support for all major browser-supported headers — Nonce-based saving and admin notices — WP Multisite compatible — «Disable All» and «Reset to Important Headers» actions — Per-header input validation with real-time error fallback

Supported Headers: * Strict-Transport-Security (HSTS) * X-Frame-Options * X-Content-Type-Options * Referrer-Policy * Content-Security-Policy * Permissions-Policy * X-XSS-Protection * X-Permitted-Cross-Domain-Policies * Expect-CT * Cross-Origin-Opener-Policy (COOP) * Cross-Origin-Resource-Policy (CORP) * Cross-Origin-Embedder-Policy (COEP)

Features

• Lightweight and performance-focused
• No front-end impact
• Choose default or custom header values
• Secure validation and auto-fallbacks
• Seamless plugin compatibility (e.g. WP Rocket)
• Fully translation-ready and i18n-compliant
• Nonce-protected admin save actions
• Optional reset-to-defaults support
• Reset or disable all headers with one click