Secure HTTP Headers For WordPress Websites

An easy-to-config WordPress plugin that allows you to secure HTTP headers and add cookie flags you prefer. Supports both Nginx and Apache.

How to use it:

1. Install and activate the Secure HTTP Headers plugin.

2. Go to the settings page and choose your server: either Apache or Nginx.

Secure HTTP Headers Choose Server

3. Choose headers you want to secure:

  • Strict-Transport-Security
  • Expect-CT
  • Cross-Origin-Resource-Policy
  • Referrer-Policy
  • Cross-Origin-Embedder-Policy
  • Cross-Origin-Opener-Policy
  • Clear-Site-Data
  • X-Download-Options
  • X-Frame-Options
  • X-Content-Type-Options
  • Access-Control-Allow-Origin
  • Permissions-Policy
  • X-Permitted-Cross-Domain-Policies

Secure HTTP Headers Enable Disable

4. Choose cookie flags you want to add:

  • Cookie Secure flag
  • Cookie HttpOnly flag
  • Cookie Samesite Lax flag

Secure HTTP Headers Cookie Flags

5. Choose directives you want to allow:

  • autoplay
  • camera
  • document-domain
  • encrypted-media
  • fullscreen
  • geolocation
  • microphone
  • midi
  • payment
  • publickey-credentials-get
  • usb
  • xr-spatial-tracking

Secure HTTP Headers Directives

Download WordPress Plugin:

You can download this free WordPress plugin using the download button below. Unless otherwise stated, the WordPress plugin is available under GNU General Public License.

Author: MagniSec


Don’t forget to share this WordPress plugin and also check out other awesome plugins on our site.

Rate This Article
User Review
0 (0 votes)