This WordPress Plugin add secure headers to you WordPress site.
The Following Headers are included:
- Strict-Transport-Security: Enforces SSL if your website is using SSL (which it should be)
- X-Frame-Options: Prevents Clickjacking
- X-XSS-Protection: Prevents XSS attacks
- X-Content-Type-Options: set to 'nosniff to prevent MIME-type sniffing
- Referrer-Policy: set to 'no-referrer-when-downgrade'
- No setup required!
Upload the "wp-secure-http-headers" folder to your wp-content/plugins directory, then Activate it.