This plugin is fully compatible with Autoptimize and any cache plugin (Cache Enabler or Wp Super Cache by example)
Some of the tweaks that this plugin automatically applies securely are the following:
SET HTTP SECURITY HEADERS
- X-Frame-Options: SAMEORIGIN
- X-XSS-Protection: 1;mode=block
- Content-Security-Policy: default-src 'self' https://* data: 'unsafe-inline' 'unsafe-eval'
- Referrer-Policy: no-referrer-when-downgrade
- X-Content-Type-Options: nosniff
REMOVE THIS
- Remove Really Simple Discovery link from header
- Remove wlwmanifest.xml (Windows Live Writer) from header
- Remove Shortlink URL from header
- Remove WordPress Generator Version from header
- Remove s.w.org DNS Prefetch
- Remove generator name from RSS Feeds
- Remove Capital P Dangit filter
- Remove WordPress and WooCommerce meta generator tags
- Remove Jquery_migrate
- Remove Dashicons in admin bar (only for non logged users)
- Remove Post oEmbed
AND MORE AUTO SETTINGS
- Change Control Heartbeat API interval (60 seconds)
- Disable the XML-RPC interface
- Disable the plugins and theme editor
- Disable PDF thumbnails preview
- Disable Self Pingbacks
- Limit Post Revisions to 1
Just activate the plugin and test your site’s speed in your favourite tool (GTMetrix, Pingdom Tools, Securityheaders.com, etc.)