This is a WordPress plugin that checks your WordPress website for common headers associated with security. This plugin is opinionated and these things will not directly apply to every situation, so it is best to analyze individual applications to determine your own best path forward.
| Header name | Expects |
|---|---|
| strict-transport-security | max-age >= 31536000 |
| referrer-policy | no-referrer no-referrer-when-downgrade origin origin-when-cross-origin same-origin strict-origin strict-origin-when-cross-origin |
| permissions-policy | Just expects this to exist in some way |
| content-security-policy | Minimum of: default-src 'none' |
| x-frame-options | deny sameorigin allow-from |
| x-content-type-options | nosniff |
| x-xss-protection | 0 1 (informs you that it is deprecated and recommends CSP) |