Secure Your WordPress Site By Setting HTTP Headers – Better Headers

Better Headers is a WordPress security plugin created for securing your WordPress website by setting HTTP response headers without any server-side technology.

Features:

  • Protect against information leakage by setting the Referrer-Policy headers.
  • Protect against feature misuse by setting the Feature-Policy header.
  • Protect against downgrade attacks by setting the Strict-Transport-Security header.
  • Protect against fraudulent certificates by setting the Expect-CT header.
  • And much more.

How to use it:

1. Download and install the Better Headers plugin on your WordPress website.

2. Go to the Settings page to configure the plugin. All possible options:

Secure Your WordPress Site By Setting HTTP Headers - Better Headers

Referrer Policy:

  • No referrer information should be sent along with requests
  • The full URL should be sent as the referrer when the protocol security level stays the same (HTTP→HTTP, HTTPS→HTTPS), but not sent to a less secure destination (HTTPS→HTTP)
  • The origin of the document should be sent as the referrer in all cases (eg. the domain only)
  • The full URL should be sent when performing a same-origin request, but only send the origin of the document for cross-site requests
  • The full URL should be sent when performing a same-origin request, but no referrer information for cross-site requests
  • The origin of the document should be sent as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but not sent to a less secure destination (HTTPS→HTTP)
  • The full URL should be sent when performing a same-origin request, send the origin only for cross-site requests when the protocol security level stays the same (HTTPS→HTTPS), and send no referrer information to a less secure destination (HTTPS→HTTP)

Feature Policy:

  • Accelerometer
  • Ambient Light Sensor
  • Autoplay
  • Camera
  • Document Domain
  • Encrypted Media
  • Fullscreen
  • Geolocation
  • Gyroscope
  • Legacy Image Formats
  • Magnetometer
  • Microphone
  • Midi
  • Oversized Images
  • Payment Request
  • Speaker
  • Synchronous XHR
  • Unoptimized Images
  • Unsized Media
  • USB
  • Vibrate
  • Virtual Reality

Strict Transport Security:

  • Maximum Age
  • Include Subdomains. Every domain below this will inherit the same Strict Transport Security header
  • Allow Preload. Permit browsers to preload Strict Transport Security configuration automatically

Expect Certificate Transparency:

  • Maximum Age
  • Enforce this policy (show an error instead of a warning)

Miscellaneous:

  • Protect against content sniffing attacks by setting the X-Content-Type-Options header
  • Protect against clickjacking attacks by setting the X-Frame-Options header
  • Protect against cross site scripting attacks by setting the X-XSS-Protection header
  • Protect against cross site Flash attacks by setting the X-Permitted-Cross-Domain-Policies header

3. Save changes and done.

Download WordPress Plugin:

You can download this free WordPress plugin using the download button below. Unless otherwise stated, the WordPress plugin is available under GNU General Public License.

Author: Better Security

Homepage: https://wordpress.org/plugins/better-headers/

Don’t forget to share this WordPress plugin and also check out other awesome plugins on our site.

Rate This Plugin
Sending
User Review
0 (0 votes)
Tags:

Leave a Reply