Robert Miller

Robert Miller


WordPress Security Headers

WordPress plugin that checks your WordPress website for common headers associated with security. Uses PHP, MySQL

WordPress Security Headers
This plugin is opinionated and these things will not directly apply to every situation, so it is best to analyze individual applications to determine your own best path forward.

Download Plugin
View Source Code

Headers checked for

strict-transport-securitymax-age >= 31536000
referrer-policy no-referrer, no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin
permissions-policyJust expects this to exist in some way
content-security-policyMinimum of: default-src 'none'
x-frame-optionsdeny, sameorigin, allow-from
x-xss-protection0, 1 (informs you that it is deprecated and recommends CSP)