Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP/HTTPS.

Headit is a simple plugin to allow you to add custom HTTP response headers to your site.

Add a nonce to each script and style tags, and set those nonces in CSP header.

Configure various security-related HTTP headers, including CSP, XSS, Referrer Policy and more.

Block XSS vulnerabilities by adding a Content Security Policy header, plugin receives violations to easily maintain the security policy.