Configure various security related HTTP headers, including Content Security Policy, Referrer Policy and more. For CSP and XSS plugin supports report logging with 2 additional database tables to store reports from browsers.
The plugin has support for following HTTP headers:
- Content Security Policy (CSP) – with reporting
- XSS Protection (XXP) – with reporting
- Content Type – No Sniff Policy
- Strict Transport Security
- Referrer Policy
- Frame Options
For CSP, plugin allows you to set rules for all currently supported directives, additional settings including setting the policy in Report or Live mode. Plugin also includes special extensions that can automatically fill CSP rules for popular Google services you might be using on your website (Fonts, Maps, Adsense, Analytics and Translate).
Plugin can add all the generated headers into .HTACCESS file (for Apache web servers), and they will be applied to all files, not just WordPress generated content. If your website is not using Apache (or .HTACCESS), all rules are generated with each page request and will work with any server type.
Various Headers settings
XSS Protection settings
Content Security Policy settings
.HTACCESS with security headers