Website Security Headers


Website Security Headers provides website administrators and developers with the means to easily implement key security headers that can have a profound impact on the overall security of the website.

Robust website security is more important now than ever before, and the headers featured in this plugin are the most common that will be flagged in the results returned by security audits/scans and penetration tests.

This plugin was created as a WordPress companion for the excellent Security Headers website run by renowned security researcher Scott Helme. This plugin has no affiliation with Scott or his website, rather, this is a nod to his excellent work.

The plugin can be used to configure the following security headers:

  • Strict-Transport-Security
  • Content-Security-Policy
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy

IMPORTANT: if improperly configured, or configured with no knowledge of the impact of your chosen values, these headers can have a negative impact on the functionality and usability of your website. Please make sure that you fully understand the consequences of implementing these headers before adding them. Where possible, test any changes to these headers on a staging/testing site, or during a low-traffic period on the live site.


  • Plugin settings screen
  • Example headers output


  1. Install and activate the plugin.
  2. Go to Settings -> Website Security Headers.
  3. Configure settings and save.
  4. Test the changes on the front-end to verify.


There are no reviews for this plugin.

Contributors & Developers

“Website Security Headers” is open source software. The following people have contributed to this plugin.




  • Author details updated.


  • Initial release.