back to plugins
Active

MS Security Headers

The headers.dev checklist, as a plugin

Dries Buytaert’s HTTP Headers Analyzer lists the HTTP security headers a site should be sending. Checking a site against that list usually means a server config change, and on Elementor Hosting I don’t have server-level access, so I built a plugin instead.

It adds the headers that matter without touching a server file: X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Permitted-Cross-Domain-Policies, and an optional Strict-Transport-Security upgrade. Everything ships with safe defaults, plus a settings page for the cases where a default needs adjusting.

This plugin increased by score from 4 to 6, which is the highest I can go under the circumstances. I was happy with the increase.