Security Header Generator

Сүрөттөө

This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.

Скриншоттор

  • Standard Header Settings
  • Content Security Policy Settings
  • Permissions Settings
  • Documentation
  • Import/Export Settings
  • Headers Set

Орнотуу

  1. Download the plugin, unzip it, and upload to your sites /wp-content/plugins/ directory
    1. You can also upload it directly to your Plugins admin
  2. Activate the plugin through the ‘Plugins’ menu in WordPress

FAQ.KG

What is a Content Security Policy?

A Content Security Policy is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

Сын-пикирлер

Декабрь 18, 2022-ж. 1 reply
The plugin does what it promises. Thank you for this work.
Декабрь 18, 2021-ж. 1 reply
Easy and Fast configuration. Don’t block image and Divi
Read all 5 reviews

Contributors & Developers

“Security Header Generator” is open source software. The following people have contributed to this plugin.

Мүчөлөрү

Өзгөртүүлөр

5.1.31

  • Fix: Issue where menu would disappear on non-multisite

5.1.29

  • Fix: Some undefined array keys when some settings not set
  • Verify: WP Core 6.7 Compatibility
  • Fix: Defaults for settings.
    • Found headers were being applied after turning off setting that should not have been
  • Clean Up: Versions older than 4

5.0.11

  • Add: sandbox directive for Content Security Policy
    • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
  • Fix: Application of CSP headers when there is no value set
    • No longer sets the directive if nothing is configured for it.
  • Fix: Some styling in the admin pages
  • Remove: Deprecated CLI methods
  • Update: JS Libraries for settings framework
  • Verified: PHP 8.3 Compatibility

4.6.01

  • Verified: WP Core 6.6 Compatibility
  • Updated: settings fw: Fixed: PHP 8.x deprecated notices.
  • Updated: Documentation
  • Removed: references to implementation to avoid confusion

4.1.22

  • Removed: CLI Generator
  • Verified: WP Core 6.5 Compatibility
  • Add: Apply CSP to REST API
    • Please be aware, once this is switched on it will also be active for the admin area of the site.
    • Hook: wpsh_send_restapi_headers

4.0.01

  • Verified: Core Version 6.4 compliant
  • Remove: navigate-to directive for Content Security Policy
    • Per: https://docs.w3cub.com/http/headers/content-security-policy/navigate-to no longer supported in any browser
  • Add: report-to directive for Content Security Policy
    • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to
    • Please be aware, this directive currently does nothing in Firefox and Safari
  • Updated: WordPress Defaults. Compliant ONLY with the following:
    • Plugins: Gravity Forms
    • Themes: Twenty Twenty, Twenty Twenty-One, Twenty Twenty-Two, Twenty Twenty-Three
  • Updated: WordPress Core version requirements to 5.6.10