Title: HeaderShield
Author: Vishwa
Published: <strong>March 20, 2026</strong>
Last modified: March 20, 2026

---

Search plugins

![](https://ps.w.org/headershield/assets/banner-772x250.png?rev=3487110)

![](https://ps.w.org/headershield/assets/icon.svg?rev=3487110)

# HeaderShield

 By [Vishwa](https://profiles.wordpress.org/sbvi1122/)

[Download](https://downloads.wordpress.org/plugin/headershield.1.0.14.zip)

[Live Preview](https://twd.wordpress.org/plugins/headershield/?preview=1)

 * [Details](https://twd.wordpress.org/plugins/headershield/#description)
 * [Reviews](https://twd.wordpress.org/plugins/headershield/#reviews)
 *  [Installation](https://twd.wordpress.org/plugins/headershield/#installation)
 * [Development](https://twd.wordpress.org/plugins/headershield/#developers)

 [Support](https://wordpress.org/support/plugin/headershield/)

## Description

HeaderShield adds a conservative set of security headers that improve browser protection
without breaking most sites. It also provides optional strict cross-origin protections
for sites that are ready for them.

Default headers include:

 * X-Frame-Options
 * X-Content-Type-Options
 * X-XSS-Protection (legacy)
 * Referrer-Policy
 * Permissions-Policy
 * Content-Security-Policy (upgrade-insecure-requests)
 * Strict-Transport-Security (HTTPS only)

Strict Mode can additionally enable COEP, COOP, and CORP for stronger isolation,
but may break third‑party scripts or embeds. Use with care and test on staging first.

#### Source code for third-party assets

The admin UI uses SlimSelect for the multi-select dropdown. Human-readable source
is included in the plugin:

 * JavaScript: `assets/js/slimselect.js` (minified build: `assets/js/slimselect.
   min.js`)
 * CSS: `assets/css/slimselect.css` (minified build: `assets/css/slimselect.min.
   css`)

Upstream project: https://github.com/brianvoe/slim-select (MIT). This plugin does
not use a custom build process; the included files are from the published release.

## Installation

 1. Upload the `headershield` plugin folder to `/wp-content/plugins/`, or install via**
    Plugins  Add New** and search for HeaderShield.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Go to **Security Headers** in the admin sidebar to configure settings.

#### Optional: use as must-use plugin

You can also copy the main plugin file into `/wp-content/mu-plugins/` so it is always
active and cannot be disabled from the Plugins screen.

## FAQ

### Will this break my site?

The default headers are conservative and should be safe for most sites. Strict Mode
may break embeds, analytics, fonts, or CDNs, so test on staging first.

### Does this affect SEO?

No. These headers improve browser security and do not affect SEO.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“HeaderShield” is open source software. The following people have contributed to
this plugin.

Contributors

 *   [ Vishwa ](https://profiles.wordpress.org/sbvi1122/)
 *   [ vishvega ](https://profiles.wordpress.org/vishvega/)

[Translate “HeaderShield” into your language.](https://translate.wordpress.org/projects/wp-plugins/headershield)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/headershield/), check
out the [SVN repository](https://plugins.svn.wordpress.org/headershield/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/headershield/) by
[RSS](https://plugins.trac.wordpress.org/log/headershield/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.14

 * Initial public release.

## Meta

 *  Version **1.0.14**
 *  Last updated **2 weeks ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 5.0 or higher **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/headershield/)
 * Tags
 * [csp](https://twd.wordpress.org/plugins/tags/csp/)[hardening](https://twd.wordpress.org/plugins/tags/hardening/)
   [headers](https://twd.wordpress.org/plugins/tags/headers/)[hsts](https://twd.wordpress.org/plugins/tags/hsts/)
   [security](https://twd.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://twd.wordpress.org/plugins/headershield/advanced/)

## Ratings

No reviews have been submitted yet.

[Add my review](https://wordpress.org/support/plugin/headershield/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/headershield/reviews/)

## Contributors

 *   [ Vishwa ](https://profiles.wordpress.org/sbvi1122/)
 *   [ vishvega ](https://profiles.wordpress.org/vishvega/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/headershield/)

## Donate

Would you like to support the advancement of this plugin?

 [ Donate to this plugin ](https://wordpress.org/support/plugin/headershield/)