http-security

Thank you very much. I've A+ in test on webpagetest.org ...

This plugin solved security issues in the header - works very well!

Up to the v. 2.5.6 there is the only neglect: in summer 2020 Feature-Policy header has been renamed to Permissions-Policy. I hope it will be fixed with the next plugin update.

I've learned a lot about Content Security Policy in the last 2 days. This is a good plugin for managing HTTP headers for security improvements.

This has been a very useful plugin at shoring up HSTS. Make sure you test your site at each step to ensure the very policy you are implementing doesn't block needed content. Once you've got the hang of how it works it is easy to setup and configure.

As a rookie regarding WordPress security I was pretty lost about HTTP Security headers until I found this pluging. So far it seems to be working great for me, even though I had to do some extra research to set up the Content Security Policy and Feature Policy thanks to these links (even if they are a bit old). Maybe you could add them (or similar ressources) as references to create a CSP / feature policy for beginners like me ? Thanks Carl for the great plugin and keep up the good work !