Better Headers is a WordPress security plugin created for securing your WordPress website by setting HTTP response headers without any server-side technology.
- Protect against information leakage by setting the Referrer-Policy headers.
- Protect against feature misuse by setting the Feature-Policy header.
- Protect against downgrade attacks by setting the Strict-Transport-Security header.
- Protect against fraudulent certificates by setting the Expect-CT header.
- And much more.
How to use it:
1. Download and install the Better Headers plugin on your WordPress website.
2. Go to the Settings page to configure the plugin. All possible options:
- No referrer information should be sent along with requests
- The full URL should be sent as the referrer when the protocol security level stays the same (HTTP→HTTP, HTTPS→HTTPS), but not sent to a less secure destination (HTTPS→HTTP)
- The origin of the document should be sent as the referrer in all cases (eg. the domain only)
- The full URL should be sent when performing a same-origin request, but only send the origin of the document for cross-site requests
- The full URL should be sent when performing a same-origin request, but no referrer information for cross-site requests
- The origin of the document should be sent as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but not sent to a less secure destination (HTTPS→HTTP)
- The full URL should be sent when performing a same-origin request, send the origin only for cross-site requests when the protocol security level stays the same (HTTPS→HTTPS), and send no referrer information to a less secure destination (HTTPS→HTTP)
- Ambient Light Sensor
- Document Domain
- Encrypted Media
- Legacy Image Formats
- Oversized Images
- Payment Request
- Synchronous XHR
- Unoptimized Images
- Unsized Media
- Virtual Reality
Strict Transport Security:
- Maximum Age
- Include Subdomains. Every domain below this will inherit the same Strict Transport Security header
- Allow Preload. Permit browsers to preload Strict Transport Security configuration automatically
Expect Certificate Transparency:
- Maximum Age
- Enforce this policy (show an error instead of a warning)
- Protect against content sniffing attacks by setting the X-Content-Type-Options header
- Protect against clickjacking attacks by setting the X-Frame-Options header
- Protect against cross site scripting attacks by setting the X-XSS-Protection header
- Protect against cross site Flash attacks by setting the X-Permitted-Cross-Domain-Policies header
3. Save changes and done.
Download WordPress Plugin:
You can download this free WordPress plugin using the download button below. Unless otherwise stated, the WordPress plugin is available under GNU General Public License.
Author: Better Security
Don’t forget to share this WordPress plugin and also check out other awesome plugins on our site.