HTTP Security Header

HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.

This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.

🔎 Scan Your Website Security Headers

Before configuring headers, instantly check your website’s current security score using our online header scanner:

👉 Scan Your Website Security Headers

✔ Enter your website URL
✔ Get instant Security Grade (A+ to F)
✔ See which headers are Present or Missing
✔ Get clear, actionable recommendations
✔ Easily fix them using this plugin

Used by thousands of websites to enhance security and protect user data.

Features Include:
– Visual toggles for enabling/disabling headers
– Option to use default or custom header values
– Secure fallback if a header is misconfigured
– Integrated header validation
– Support for all major browser-supported headers
– Nonce-based saving and admin notices
– WP Multisite compatible
– “Disable All” and “Reset to Important Headers” actions
– Per-header input validation with real-time error fallback

Supported Headers:
* Strict-Transport-Security (HSTS)
* X-Frame-Options
* X-Content-Type-Options
* Referrer-Policy
* Content-Security-Policy
* Permissions-Policy
* X-XSS-Protection
* X-Permitted-Cross-Domain-Policies
* Expect-CT
* Cross-Origin-Opener-Policy (COOP)
* Cross-Origin-Resource-Policy (CORP)
* Cross-Origin-Embedder-Policy (COEP)

Features

• Lightweight and performance-focused
• No front-end impact
• Choose default or custom header values
• Secure validation and auto-fallbacks
• Seamless plugin compatibility (including WP Rocket)
• Fully translation-ready and i18n-compliant
• Nonce-protected admin save actions
• Optional reset-to-default support
• Reset or disable all headers with one click