GD Security Headers is a brand new plugin available for free on WordPress.org that will help you setup HTTP security headers and receive reports when CSP and XXS Protection directives have been violated.
The plugin includes settings to configure various HTTP security related headers that can help protect the website and the website users from various types of cross site scripting attacks, manipulation of data and external files loaded by the website.
All HTTP headers generated by the plugin can be added to each page generated by WordPress and it works with any web server, or, if you use Apache web server, all headers can be saved to HTACCESS file. The plugin currently supports
- Content Security Policy (CSP) – editor for CSP rules, with automatic rules set up for popular Google services (Fonts, Adsense, Maps, Translations, Analytics) and the ability to log in reports from browsers when the policy has been violated
- XSS Protection (XXP) – with the ability to log in reports from browsers when the policy has been violated
- Content-Type – No Sniff Policy
- Strict Transport Security
- Referrer Policy
- Frame Options
And, more security related headers will be added in the future versions. Plugin is available for free on WordPress.org, so check it out:
Let me know what you think about the new plugin, and if you have any questions or suggestions.