GD Security Headers
Configure various security-related HTTP headers, including CSP, XSS, Referrer Policy and more.
4(8 reviews)
·1.0K+ active installs·Updated 1 year agoAs of April 2026, GD Security Headers is a WordPress csp plugin with 1.0K+ active installations and a 4/5 rating from 8 reviews. It has been downloaded 30K+ times in total. Requires WordPress 5.5+ and PHP 7.4+. Available on WordPress.org since 2019. Last updated 1 year ago — may have compatibility concerns. Download volume is stable this week. Top alternative: Headers Security Advanced & HSTS WP.
4/58 reviews
1.0K+active installs
30K+total downloads
7 yearssince 2019
Overview
Configure various security-related HTTP headers, including Content Security Policy, Feature Policy, Referrer Policy and more. For CSP and XSS plugin supports report logging with 2 additional database tables to store reports from browsers.
Supported security headers
The plugin has support for the following HTTP headers:
- Content Security Policy (CSP) – with reporting
- XSS Protection (XXP) – with reporting
- Feature Policy (Permissions Policy)
- Content Type – No Sniff Policy
- Strict Transport Security
- Referrer Policy
- Frame Options
For CSP, the plugin allows you to set rules for all currently supported directives, additional settings including setting the policy in Report or Live mode. The plugin also includes special extensions that can automatically fill CSP rules for popular…
Screenshots
Ratings & Reviews
48 reviews
5 ★
6
4 ★
0
3 ★
0
2 ★
0
1 ★
2
Recent Reviews
Extremely helpful
by nichu42·1 year ago
It’s the best plug-in for setting security headers that I found so far. Easy set-up, good explanations.
But what really stands out is the local reporting feature!
Thank you very much!
Does the business
by tszesty·3 years ago
Easy to install and relatively easy to configure.
I only want to set CSP rules and it lets me do that easily, having the shortcuts for common rules such as Google Analytics etc is useful.
The report-only features is clear and easy to use when starting to add rules and you need to gather a list of them.
If had had one feature request it would be for the plugin to show an estimated header size.. I sometimes trip header size limits on a server when I need to add a lot of rules. If it coudl detect the server limit and warn if getting close – that’d be nice.
All in all good plugin. Really dont know why some people only gave it 1 star, I can only assume they made mistakes configuring it.
Very usefull plugin
by nadeistos·3 years ago
A+ on headers scan, thank you for your work 🙂
Good Error Support!
by Anonymous User·4 years ago
Thank you!
A lot of mistakes in the generated CSP
by mesmer7·4 years ago·1 reply
There are a lot mistakes in the generated Content-Security-Policy statement. It fails to insert the blob and data directives. It adds a semicolon and double quote at the end of the line that shouldn’t be there.
The only thing this plugin is really good for is the report page.
Download Trends
Today: 8Yesterday: 13This week: 89Period total: 4K
Compatibility
| WordPress | 5.5+ requiredTested up to 6.6.5 |
| PHP | 7.4+ required |
Version Adoption
v1.8
87.9%
v1.7
7.3%
Other
4.8%
Top Alternatives to GD Security Headers
Frequently Asked Questions
Changelog
1.8 (2024.06.07)
- New: system requirements: PHP 7.4 or newer
- New: tested with WordPress 6.4 to 6.6
- New: strict transport security: extra value for ‘preload’ flag
- Edit: updated list of permissions policy elements
- Edit: updated permissions policy, Browsing Topics replacing FLoC
…and 3 more changes
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.