Title: BoundaryGuard Headers Author: Jay Suthar Published: December 29, 2025 Last modified: January 5, 2026 --- Search plugins ![](https://ps.w.org/boundaryguard-headers/assets/banner-772x250.png?rev=3428818) ![](https://ps.w.org/boundaryguard-headers/assets/icon-256x256.png?rev=3428818) # BoundaryGuard Headers By [Jay Suthar](https://profiles.wordpress.org/jsjack74/) [Download](https://downloads.wordpress.org/plugin/boundaryguard-headers.1.0.0.zip) * [Details](https://twd.wordpress.org/plugins/boundaryguard-headers/#description) * [Reviews](https://twd.wordpress.org/plugins/boundaryguard-headers/#reviews) * [Installation](https://twd.wordpress.org/plugins/boundaryguard-headers/#installation) * [Development](https://twd.wordpress.org/plugins/boundaryguard-headers/#developers) [Support](https://wordpress.org/support/plugin/boundaryguard-headers/) ## Description BoundaryGuard Headers enforces modern HTTP security headers to harden your WordPress site against XSS, clickjacking, mixed content, and cross-origin attacks. **Key Features:** * **Essential Protection:** Adds X-Frame-Options, X-Content-Type-Options, Referrer- Policy, and Permissions-Policy to reduce attack surface and prevent clickjacking. * **HSTS (Strict Transport Security):** Forces HTTPS connections to help prevent protocol downgrade and man-in-the-middle attacks. * **Advanced Isolation (COOP/COEP):** Enables Cross-Origin-Opener-Policy and Cross- Origin-Embedder-Policy to improve cross-origin isolation and mitigate certain side-channel attacks. * **Content Security Policy (CSP):** One of the strongest defenses against XSS. Includes a dashboard-based CSP builder with preset options to whitelist trusted sources for scripts, styles, images, and more. * **CSP Report-Only Mode:** Test your policy safely without blocking content. * **Server Header Hardening:** Removes or limits exposure of headers such as `X- Powered-By` and `Server`. * **Lightweight and Fast:** Uses PHP headers for broad server compatibility and minimal performance impact. * **No `.htaccess` Editing Required:** Works without modifying server configuration files. Designed for developers and site owners who want stronger security without unnecessary complexity. ### External Services This plugin provides a Content Security Policy (CSP) builder. To assist users, it includes “Preset Buttons” that allow users to quickly add domain names to their own CSP whitelist. **This plugin DOES NOT connect to, load data from, or send data to these services automatically.** The following third-party domains are referenced as presets within the admin dashboard for whitelisting purposes: * Google Analytics (www.google-analytics. com) – Used for tracking whitelisting. [Privacy: https://policies.google.com/privacy]* Google Tag Manager (www.googletagmanager.com) – Used for tag management. [Privacy: https://policies.google.com/privacy] * Stripe (js.stripe.com, api.stripe.com) – Used for payment processing. [Privacy: https://stripe.com/privacy] * Facebook (www. facebook.com, connect.facebook.net) – Used for social embeds. [Privacy: https:// www.facebook.com/policy.php] * YouTube (www.youtube.com, i.ytimg.com) – Used for video embeds. [Privacy: https://policies.google.com/privacy] * Vimeo (player.vimeo. com) – Used for video embeds. [Privacy: https://vimeo.com/privacy] * Gravatar (secure. gravatar.com) – Used for user avatars. [Privacy: https://automattic.com/privacy/] ## Installation 1. Upload the `boundaryguard-headers` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the **Plugins** menu in WordPress. 3. Configure the settings from **Settings BoundaryGuard Headers**. ## FAQ ### Does this plugin edit .htaccess? No. BoundaryGuard Headers uses PHP headers, which improves compatibility across different hosting environments. ### Can I test Content Security Policy without breaking my site? Yes. The plugin includes a **CSP Report-Only Mode** that allows you to monitor policy violations without blocking any resources. ### Will this affect site performance? No. The plugin is lightweight and adds negligible overhead, as headers are sent as part of the normal HTTP response. ## Reviews ![](https://secure.gravatar.com/avatar/c344067e40ea7ac6265911750c5634490947a5aac22fcc81cab5c0bd68a2ed5e? s=60&d=retro&r=g) ### 󠀁[Best plugin for security](https://wordpress.org/support/topic/best-plugin-for-security-3/)󠁿 [jaymakadiya](https://profiles.wordpress.org/jaymakadiya/) December 30, 2025 I’ve been using BoundaryGuard Headers on my WordPress site, and overall it’s a very helpful security plugin. It focuses on adding important HTTP security headers — like Content Security Policy, X-Frame-Options, and HSTS — which helps protect the site from things like XSS attacks and clickjacking. [ Read all 1 review ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/) ## Contributors & Developers “BoundaryGuard Headers” is open source software. The following people have contributed to this plugin. Contributors * [ Jay Suthar ](https://profiles.wordpress.org/jsjack74/) [Translate “BoundaryGuard Headers” into your language.](https://translate.wordpress.org/projects/wp-plugins/boundaryguard-headers) ### Interested in development? [Browse the code](https://plugins.trac.wordpress.org/browser/boundaryguard-headers/), check out the [SVN repository](https://plugins.svn.wordpress.org/boundaryguard-headers/), or subscribe to the [development log](https://plugins.trac.wordpress.org/log/boundaryguard-headers/) by [RSS](https://plugins.trac.wordpress.org/log/boundaryguard-headers/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.0.0 * Initial release * Added essential HTTP security headers * Implemented HSTS support * Added CSP builder with report-only mode ## Meta * Version **1.0.0** * Last updated **3 months ago** * Active installations **Fewer than 10** * WordPress version ** 6.0 or higher ** * Tested up to **6.9.4** * PHP version ** 7.4 or higher ** * Language * [English (US)](https://wordpress.org/plugins/boundaryguard-headers/) * Tags * [csp](https://twd.wordpress.org/plugins/tags/csp/)[hsts](https://twd.wordpress.org/plugins/tags/hsts/) [http-headers](https://twd.wordpress.org/plugins/tags/http-headers/)[security](https://twd.wordpress.org/plugins/tags/security/) [xss](https://twd.wordpress.org/plugins/tags/xss/) * [Advanced View](https://twd.wordpress.org/plugins/boundaryguard-headers/advanced/) ## Ratings 5 out of 5 stars. * [ 1 5-star review ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=5) * [ 0 4-star reviews ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=4) * [ 0 3-star reviews ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=3) * [ 0 2-star reviews ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=2) * [ 0 1-star reviews ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=1) [Add my review](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/#new-post) [See all reviews](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/) ## Contributors * [ Jay Suthar ](https://profiles.wordpress.org/jsjack74/) ## Support Got something to say? Need help? [View support forum](https://wordpress.org/support/plugin/boundaryguard-headers/)