{"id":285111,"date":"2026-03-20T10:23:30","date_gmt":"2026-03-20T10:23:30","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/headershield\/"},"modified":"2026-03-20T10:25:52","modified_gmt":"2026-03-20T10:25:52","slug":"headershield","status":"publish","type":"plugin","link":"https:\/\/szl.wordpress.org\/plugins\/headershield\/","author":23243436,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"1.0.14","stable_tag":"1.0.14","tested":"6.9.4","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"HeaderShield","header_author":"Vishwa Liyanarachchi","header_description":"Adds safe, modern HTTP security headers with an admin toggle to enable or disable strict cross-origin protections.","assets_banners_color":"a8becb","last_updated":"2026-03-20 10:25:52","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/wordpress.org\/support\/plugin\/headershield\/","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":84,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.14":{"tag":"1.0.14","author":"sbvi1122","date":"2026-03-20 10:25:52"},"1.0.1401":{"tag":"1.0.1401","author":"sbvi1122","date":"2026-03-20 11:06:32"}},"upgrade_notice":{"1.0.14":"<p>Initial public release. Adds security headers with an admin UI and optional strict cross-origin protections.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":3487110,"resolution":"256x256","location":"assets","locale":""},"icon.svg":{"filename":"icon.svg","revision":3487110,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3487110,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3487110,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{"blueprint.json":{"filename":"blueprint.json","revision":3488503,"resolution":false,"location":"assets","locale":"","contents":"{\"$schema\":\"https:\\\/\\\/playground.wordpress.net\\\/blueprint-schema.json\",\"landingPage\":\"\\\/wp-admin\\\/\",\"features\":{\"networking\":true},\"steps\":[{\"step\":\"login\",\"username\":\"admin\",\"password\":\"password\"},{\"step\":\"installPlugin\",\"pluginData\":{\"resource\":\"wordpress.org\\\/plugins\",\"slug\":\"headershield\"},\"options\":{\"activate\":true}}]}"}},"all_blocks":[],"tagged_versions":["1.0.14","1.0.1401"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings page.","2":"User guide page."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[19966,31093,2846,34310,600],"plugin_category":[54],"plugin_contributors":[258189,258188],"plugin_business_model":[],"class_list":["post-285111","plugin","type-plugin","status-publish","hentry","plugin_tags-csp","plugin_tags-hardening","plugin_tags-headers","plugin_tags-hsts","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-sbvi1122","plugin_contributors-vishvega","plugin_committers-sbvi1122"],"banners":{"banner":"https:\/\/ps.w.org\/headershield\/assets\/banner-772x250.png?rev=3487110","banner_2x":"https:\/\/ps.w.org\/headershield\/assets\/banner-1544x500.png?rev=3487110","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/headershield\/assets\/icon.svg?rev=3487110","icon":"https:\/\/ps.w.org\/headershield\/assets\/icon.svg?rev=3487110","icon_2x":false,"generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>HeaderShield adds a conservative set of security headers that improve browser protection without breaking most sites. It also provides optional strict cross-origin protections for sites that are ready for them.<\/p>\n\n<p>Default headers include:<\/p>\n\n<ul>\n<li>X-Frame-Options<\/li>\n<li>X-Content-Type-Options<\/li>\n<li>X-XSS-Protection (legacy)<\/li>\n<li>Referrer-Policy<\/li>\n<li>Permissions-Policy<\/li>\n<li>Content-Security-Policy (upgrade-insecure-requests)<\/li>\n<li>Strict-Transport-Security (HTTPS only)<\/li>\n<\/ul>\n\n<p>Strict Mode can additionally enable COEP, COOP, and CORP for stronger isolation, but may break third\u2011party scripts or embeds. Use with care and test on staging first.<\/p>\n\n<h4>Source code for third-party assets<\/h4>\n\n<p>The admin UI uses SlimSelect for the multi-select dropdown. Human-readable source is included in the plugin:<\/p>\n\n<ul>\n<li>JavaScript: <code>assets\/js\/slimselect.js<\/code> (minified build: <code>assets\/js\/slimselect.min.js<\/code>)<\/li>\n<li>CSS: <code>assets\/css\/slimselect.css<\/code> (minified build: <code>assets\/css\/slimselect.min.css<\/code>)<\/li>\n<\/ul>\n\n<p>Upstream project: https:\/\/github.com\/brianvoe\/slim-select (MIT). This plugin does not use a custom build process; the included files are from the published release.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the <code>headershield<\/code> plugin folder to <code>\/wp-content\/plugins\/<\/code>, or install via <strong>Plugins \u2192 Add New<\/strong> and search for HeaderShield.<\/li>\n<li>Activate the plugin through the <strong>Plugins<\/strong> menu in WordPress.<\/li>\n<li>Go to <strong>Security Headers<\/strong> in the admin sidebar to configure settings.<\/li>\n<\/ol>\n\n<h4>Optional: use as must-use plugin<\/h4>\n\n<p>You can also copy the main plugin file into <code>\/wp-content\/mu-plugins\/<\/code> so it is always active and cannot be disabled from the Plugins screen.<\/p>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20break%20my%20site%3F\"><h3>Will this break my site?<\/h3><\/dt>\n<dd><p>The default headers are conservative and should be safe for most sites. Strict Mode may break embeds, analytics, fonts, or CDNs, so test on staging first.<\/p><\/dd>\n<dt id=\"does%20this%20affect%20seo%3F\"><h3>Does this affect SEO?<\/h3><\/dt>\n<dd><p>No. These headers improve browser security and do not affect SEO.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.14<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<\/ul>","raw_excerpt":"Add safe, modern HTTP security headers with optional strict cross-origin protections and a simple admin UI.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/285111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=285111"}],"author":[{"embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/sbvi1122"}],"wp:attachment":[{"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=285111"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=285111"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=285111"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=285111"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=285111"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/szl.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=285111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}