GD Security Headers Wordpress Plugin - Rating, Reviews, Demo & Download

GD Security Headers Preview Wordpress Plugin - Rating, Reviews, Demo & Download
No ratings yet
Free
Follow for free plugins, new theme releases and theme news

Plugin Description

Configure various security-related HTTP headers, including Content Security Policy, Feature Policy, Referrer Policy and more. For CSP and XSS plugin supports report logging with 2 additional database tables to store reports from browsers.

Supported security headers

The plugin has support for the following HTTP headers:

  • Content Security Policy (CSP) – with reporting
  • XSS Protection (XXP) – with reporting
  • Feature Policy (Permissions Policy)
  • Content Type – No Sniff Policy
  • Strict Transport Security
  • Referrer Policy
  • Frame Options

For CSP, the plugin allows you to set rules for all currently supported directives, additional settings including setting the policy in Report or Live mode. The plugin also includes special extensions that can automatically fill CSP rules for popular Google services you might be using on your website (Fonts, Maps, Adsense, Analytics, TagManager and more) and other popular services (Gravatar, Instagram, PayPal Vimeo and more).

And, for Feature Policy (or Permissions Policy), the plugin allows you to set rules for all currently supported rules (over 25 rules, supported by different browsers).

FLoC / Browsing Topics

Permissions Policy rules list includes ‘browsing-topics’ rule that can be used to disable Google’s new tracking method ‘Browsing Topics API’ (which replaced ‘Federated Learning of Cohorts’ or ‘FLoC’).

Methods for adding headers

The plugin can add all the generated headers into HTACCESS file (for Apache web servers), and they will be applied to all files, not just WordPress generated content. If your website is not using Apache (or .HTACCESS), all rules are generated with each page request and will work with any server type.

And, if you don’t use Apache web server, the plugin has a panel where it displays generated headers for most popular servers: Apache, Nginx and IIS, and you can copy generated headers to add to server configuration files.

About the plugin

Screenshots

  1. Plugin Dashboard

    Plugin Dashboard

  2. CSP Reports

    CSP Reports

  3. Various Headers settings

    Various Headers settings

  4. XSS Protection settings

    XSS Protection settings

  5. Content Security Policy settings

    Content Security Policy settings

  6. Global settings

    Global settings

  7. Generated security headers

    Generated security headers

  8. Tools

    Tools

  9. HTACCESS with security headers

    HTACCESS with security headers


Reviews & Comments