HTTP Security Header
by MOHIT GOYAL on WordPress.org
Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.
With Plugin: Your website is secured with essential security headers.
HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.
This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.
Features Include:
– Visual toggles for enabling/disabling headers
– Option to use default or custom header values
– Secure fallback if a header is misconfigured
– Integrated header validation
– Support for all major browser-supported headers
– Nonce-based saving and admin notices
– WP Multisite compatible
– “Disable All” and “Reset to Important Headers” actions
– Per-header input validation with real-time error fallback
Supported Headers:
* Strict-Transport-Security (HSTS)
* X-Frame-Options
* X-Content-Type-Options
* Referrer-Policy
* Content-Security-Policy
* Permissions-Policy
* X-XSS-Protection
* X-Permitted-Cross-Domain-Policies
* Expect-CT
* Cross-Origin-Opener-Policy (COOP)
* Cross-Origin-Resource-Policy (CORP)
* Cross-Origin-Embedder-Policy (COEP)
Features
- Lightweight and performance-focused
- No front-end impact
- Choose default or custom header values
- Secure validation and auto-fallbacks
- Seamless plugin compatibility (e.g. WP Rocket)
- Fully translation-ready and i18n-compliant
- Nonce-protected admin save actions
- Optional reset-to-defaults support
- Reset or disable all headers with one click
