HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.
This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.
🔎 Scan Your Website Security Headers
Before configuring headers, instantly check your website’s current security score using our online header scanner:
👉 Scan Your Website Security Headers
✔ Enter your website URL
✔ Get instant Security Grade (A+ to F)
✔ See which headers are Present or Missing
✔ Get clear, actionable recommendations
✔ Easily fix them using this plugin
Used by thousands of websites to enhance security and protect user data.
Features Include:
– Visual toggles for enabling/disabling headers
– Option to use default or custom header values
– Secure fallback if a header is misconfigured
– Integrated header validation
– Support for all major browser-supported headers
– Nonce-based saving and admin notices
– WP Multisite compatible
– “Disable All” and “Reset to Important Headers” actions
– Per-header input validation with real-time error fallback
Supported Headers:
* Strict-Transport-Security (HSTS)
* X-Frame-Options
* X-Content-Type-Options
* Referrer-Policy
* Content-Security-Policy
* Permissions-Policy
* X-XSS-Protection
* X-Permitted-Cross-Domain-Policies
* Expect-CT
* Cross-Origin-Opener-Policy (COOP)
* Cross-Origin-Resource-Policy (CORP)
* Cross-Origin-Embedder-Policy (COEP)
Features
- Lightweight and performance-focused
- No front-end impact
- Choose default or custom header values
- Secure validation and auto-fallbacks
- Seamless plugin compatibility (including WP Rocket)
- Fully translation-ready and i18n-compliant
- Nonce-protected admin save actions
- Optional reset-to-default support
- Reset or disable all headers with one click
