Rating: 5 stars

Thank you very much. I’ve A+ in test on webpagetest.org …

Rating: 5 stars

This plugin solved security issues in the header – works very well!

Rating: 4 stars

Up to the v. 2.5.6 there is the only neglect: in summer 2020 Feature-Policy header has been renamed to Permissions-Policy. I hope it will be fixed with the next plugin update.

Rating: 5 stars

I’ve learned a lot about Content Security Policy in the last 2 days. This is a good plugin for managing HTTP headers for security improvements.

Rating: 5 stars

This has been a very useful plugin at shoring up HSTS. Make sure you test your site at each step to ensure the very policy you are implementing doesn’t block needed content. Once you’ve got the hang of how it works it is easy to setup and configure.

Rating: 5 stars

As a rookie regarding WordPress security I was pretty lost about HTTP Security headers until I found this pluging. So far it seems to be working great for me, even though I had to do some extra research to set up the Content Security Policy and Feature Policy thanks to these links (even if they are a bit old).

Maybe you could add them (or similar ressources) as references to create a CSP / feature policy for beginners like me ?

Thanks Carl for the great plugin and keep up the good work !

• This topic was modified 4 years, 11 months ago by Jan Dembowski. Reason: Deleted links

Rating: 5 stars

This plugin is easy to use. It is confined to a limited set of options to set the http headers. It seems that the most important ones have been chosen since testing my website after installing and setting the plugin yielded an A+ score on securityheaders.com. The only thing missings is cache-control; this would boost the performance of my website even more. Thanks to the maker of this plugin, I feel my website is safe and up-to-par with other safe websites like banking platforms.

Rating: 5 stars

Well im was going crazy all around the web searching for a way to protect my header i attemp to do almost everyting thats on the web to achieve this but on every scan i got this message: To improve the security of your site against some types of XSS (cross-site scripting) attacks, it is recommended that you add the following header to your site:

X-XSS-Protection: 1; mode=block
It is supported by IE (Internet Explorer) and Chrome. You can enable it by modifying your Apache settings or your .htaccess file, and adding the following line to it:

Header set X-XSS-Protection “1; mode=block”
i even attemp to follow these instructions but even adding that code this warning was still showing well i installed this plugin and i will try it to see if it help with what i need to do buy i want to thank the plugin developer for this amazing tool playing around with the h.access file is no game, i will like to get in touch with this developer to check if im using the right configuration…

• This topic was modified 5 years, 4 months ago by fuegodon.

Rating: 5 stars

If I could, I would give you 10 stars and dance at your wedding. You just saved me HOURS of work trying to figure out how to secure my site. After two hacks, I had enough and started securing it on my own. To slow and labor intensive (W3C school). Literally took me not even 5 minutes.

So, THANK YOU, THANK YOU, THANK YOU.

Rating: 5 stars

Really easy to set up, a lot of different options but still not hard to get into. The plugin does exactly what it is meant to do and does a great job at it! Adding a CSP to your site is only a matter of minutes with the plugin, but is a great addition to make your website secure against a lot of different attacks.

Thanks a lot for the plugin!

Rating: 5 stars

I’ve used this to implement http security headers on my WordPress site. Very easy to use and get good scores on evaluation sites. Content Security Policy seems to be an emerging technique to improve security. Its easy to implement using this plugin. Only one problem I’ve noticed: When I input data in the box for base-uri: and then check with Google CSP Evaluator it shoes all of the CSP values except for base-uri where it shows “base-uri;” regards of what’s entered in the plugin. Base-uri doesn’t fall back to the default-src directive so this shows up as an issue.
Still deserves 5 stars for its ease of use.

Rating: 5 stars

As a newcomer to CSP etc. I found this plugin easy to use, alongside the linked documentation on the Mozilla Dev Network. Thanks, Carl!

Rating: 5 stars

I really like this plugin. I tried others for CSP and I chose this over the others for its ease of use.

CSP is complicated enough. By using this plugin it is easier to implement a content security policy and security headers on WordPress. I highly recommend this plugin.

Thanks for taking the time to make this plugin.

Rating: 5 stars

Perfect plugin for the job it needs to do. The developer is great as well!

Rating: 5 stars

Really useful plugin for helping with these headers. In addition to https://securityheaders.io also check out your site using https://www.ssllabs.com/ssltest/ for additional feedback. Many thanks.

Rating: 5 stars

I had started writing code in my header and was trying various values for the many directives, after breaking the pages. I decided to look at plugins. The issue was how to speed up the process. This plugin seemed to offer what I needed. In conjunction with the https://securityheaders.io site, I soon attained an ‘A’ rating. Thank you Conrad for a very useful plugin. This is a great start and I hope you will keep up with the new levels of CSP.

• This topic was modified 7 years, 7 months ago by Malae.
• This topic was modified 7 years, 7 months ago by Malae.
• This topic was modified 7 years, 7 months ago by Malae.

Rating: 5 stars

Includes some generally hidden header attributes.