HeaderShield
HeaderShield adds a conservative set of security headers that improve browser protection without breaking most sites. It also provides optional strict cross-origin protections for sites that are ready for them.
Default headers include:
- X-Frame-Options
- X-Content-Type-Options
- X-XSS-Protection (legacy)
- Referrer-Policy
- Permissions-Policy
- Content-Security-Policy (upgrade-insecure-requests)
- Strict-Transport-Security (HTTPS only)
Strict Mode can additionally enable COEP, COOP, and CORP for stronger isolation, but may break third‑party scripts or embeds. Use with care and test on staging first.
Source code for third-party assets
The admin UI uses SlimSelect for the multi-select dropdown. Human-readable source is included in the plugin:
- JavaScript:
assets/js/slimselect.js(minified build:assets/js/slimselect.min.js) - CSS:
assets/css/slimselect.css(minified build:assets/css/slimselect.min.css)
Upstream project: https://github.com/brianvoe/slim-select (MIT). This plugin does not use a custom build process; the included files are from the published release.
Details
Related plugins
Plugins that also contain the tag csp
Headers Security Advanced & HSTS WP
Content Security Policy Manager
CSP Friendly Security
No unsafe-inline
Auto SRI
Security Headers & Caching
About
Plugin for that tries to help you find the WordPress plugin you are looking for.
| Please enjoy an image of Crush (this awesome turtle) and have a lovely day! |  |
We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.