Headit is a simple plugin to allow you to add custom HTTP response headers to your site.
Configure various security-related HTTP headers, including CSP, XSS, Referrer Policy and more.
Automatically adds Subresource Integrity (SRI) to external scripts/styles and safely excludes Google reCAPTCHA and Google Fonts.
Block XSS vulnerabilities by adding a Content Security Policy header, plugin receives violations to easily maintain the security policy.
Automatically enforces essential HTTP security headers to protect your site from XSS, clickjacking, and protocol downgrade attacks.
Configure core HTTP security headers for your WordPress site in a few clicks.
Serve WordPress cleanly over .onion with URL rewriting, Onion-Location, and privacy hardening.
Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP/HTTPS.