Security Headers
Plug-in to ease the setting of TLS headers for HSTS and similar
5(8 reviews)
·4.0K+ active installs·Updated 7 years agoAs of April 2026, Security Headers is a WordPress tls plugin with 4.0K+ active installations and a 5/5 rating from 8 reviews. It has been downloaded 47K+ times in total. Requires WordPress 3.8.1+ and PHP 5.6+. Available on WordPress.org since 2015. Last updated 7 years ago — may have compatibility concerns. Download volume is stable this week. Top alternative: Simple HTTPS.
5/58 reviews
4.0K+active installs
47K+total downloads
11 yearssince 2015
Overview
TLS is growing in complexity. Server Name Indication (SNI) now means HTTPS sites may be on shared IP addresses, or otherwise restricted. For these servers it is handy to be able to set desired HTTP headers without access to the web servers configuration or using .htaccess file.
This plug-in exposes controls for:
- HSTS (Strict-Transport-Security)
- HPKP (Public-Key-Pins)
- Disabling content sniffing (X-Content-Type-Options)
- XSS protection (X-XSS-Protection)
- Clickjacking mitigation (X-Frame-Options in main site)
- Expect-CT
HSTS is used to ensure that future connections to a website always use TLS, and disallowing bypass of certificate warnings for the site.
HPKP is used if you don’t want to rely solely on the Certificate Authority trust model for certificate issuance.
Disabling content sn…
Ratings & Reviews
58 reviews
5 ★
8
4 ★
0
3 ★
0
2 ★
0
1 ★
0
Recent Reviews
Incompatible with Tawk.to
by krsi78·5 years ago
Just a quick warning: if you enable this plugin, the Tawk.to widget is no longer displayed in Chrome, Firefox and Safari. Edge is not affected (yet?).
Perfect
by flch·7 years ago
Works great and makes security much easier.
Thanks for this great plugin!
handles these security points no one else does
by tone_milazzo·7 years ago
My topic can’t be empty so I’m writing this to fill it.
Excellent
by bozon·8 years ago·2 replies
Works really well! Tested with [link removed]
For the future releases it would be good to include Content-Security-Policy and the forthcoming Expect-CT options.
- This topic was modified 8 years, 9 months ago by bdbrown. Reason: Links not permitted in reviews
Perfect
by WebBever·8 years ago
Easy to use, works like a charm!
Download Trends
Today: 6Yesterday: 10This week: 56Period total: 2K
Compatibility
| WordPress | 3.8.1+ requiredTested up to 5.1.22 |
| PHP | 5.6+ required |
Version Adoption
v1.1
96.4%
Other
3.6%
Top Alternatives to Security Headers
Frequently Asked Questions
Changelog
1.1
Fix missing close anchor which breaks recent WordPress
Contributors
Plugin data sourced from WordPress.org. Analysis and metrics by PluginSift.