Fix It Easy Security Headers
WP Fix It Easy Security Headers adds a simple page under Tools Security Headers where you can toggle common HTTP security headers:
- Strict-Transport-Security (HSTS)
- Content-Security-Policy (CSP)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
On activation, all headers are enabled by default and you’re redirected to the settings screen.
For convenience, the page and the Plugins screen include a “Check Headers” button that opens SecurityHeaders.com with your site’s URL prefilled (built dynamically from home_url()).
Notes on CSP
This plugin ships with a permissive default CSP intended to “work everywhere” out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site.
Key Features
- One-click toggles for popular headers
- Dynamic “Check Headers” scan link
- Uses the WordPress Settings API (nonce + capability checks)
- Output escaping and sanitization following PHPCS
Details
Related plugins
Plugins that also contain the tag csp
Headers Security Advanced & HSTS WP
Content Security Policy Manager
CSP Friendly Security
No unsafe-inline
Auto SRI
Security Headers & Caching
About
Plugin for that tries to help you find the WordPress plugin you are looking for.
| Please enjoy an image of Crush (this awesome turtle) and have a lovely day! |  |
We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.