HTTP Security Header
Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.
5(3 reviews)
·900 active installs·Updated 3 months agoAs of April 2026, HTTP Security Header is a WordPress clickjacking plugin with 900 active installations and a 5/5 rating from 3 reviews. It has been downloaded 4.5K+ times in total. Requires WordPress 5.0+ and PHP 7.0+. Available on WordPress.org since 2024. Top alternative: Headers Security Advanced & HSTS WP.
5/53 reviews
900active installs
4.5K+total downloads
2 yearssince 2024
Overview
HTTP Security Header helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.
This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.
🔎 Scan Your Website Security Headers
Before configuring headers, instantly check your website’s current security score using our online header scanner:
👉 Scan Your Website Security Headers
✔ Enter your website URL
✔ Get instant Security Grade (A+ to F)
✔ See which headers are Present or Missing
✔ Get clear, actionable recommendations
✔ Easily fix them usin…
Screenshots
Ratings & Reviews
53 reviews
5 ★
3
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Compatibility
| WordPress | 5.0+ requiredTested up to 6.9.4 |
| PHP | 7.0+ required |
Top Alternatives to HTTP Security Header
Frequently Asked Questions
Changelog
3.1
- NEW: Real-time validation for custom headers with fallback + admin warnings
- NEW: “Disable All Headers” button in settings UI
- NEW: Reset-to-default activates only important headers
- Improved validation logic for
Permissions-Policy,CSP, andExpect-CT - Refined translations and I18N compliance
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.