{"id":327647,"date":"2026-06-19T18:41:49","date_gmt":"2026-06-19T18:41:49","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/shieldpress-security-headers-audit\/"},"modified":"2026-06-19T18:41:26","modified_gmt":"2026-06-19T18:41:26","slug":"chetan-security-headers-audit","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/chetan-security-headers-audit\/","author":20590949,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.0.0","stable_tag":"1.0.0","tested":"7.0","requires":"6.0","requires_php":"8.0","requires_plugins":null,"header_name":"Security Headers Audit","header_author":"Chetan Chowdhari","header_description":"Complete security header management, console and CSP audit logging, and configuration changes audit logs.","assets_banners_color":"132947","last_updated":"2026-06-19 18:41:26","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"https:\/\/chowdharichetan.github.io\/","rating":0,"author_block_rating":0,"active_installs":0,"downloads":40,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.0.0":{"tag":"1.0.0","author":"chetan2721","date":"2026-06-19 18:41:26"}},"upgrade_notice":{"1.0.0":"<p>Initial release of Security Headers Audit.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3579095,"resolution":"256x256","location":"assets","locale":"","width":256,"height":243}},"assets_banners":{"banner-772x250.png":{"filename":"banner-772x250.png","revision":3579095,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[8534,19966,600,153786,14958],"plugin_category":[54],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-327647","plugin","type-plugin","status-publish","hentry","plugin_tags-audit-log","plugin_tags-csp","plugin_tags-security","plugin_tags-security-headers","plugin_tags-xss","plugin_category-security-and-spam-protection","plugin_committers-chetan2721"],"banners":{"banner":"https:\/\/ps.w.org\/chetan-security-headers-audit\/assets\/banner-772x250.png?rev=3579095","banner_2x":false,"banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/chetan-security-headers-audit\/assets\/icon-256x256.jpg?rev=3579095","icon_2x":"https:\/\/ps.w.org\/chetan-security-headers-audit\/assets\/icon-256x256.jpg?rev=3579095","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>Security Headers Audit helps WordPress site owners strengthen browser-side security through modern HTTP security headers and comprehensive auditing tools.<\/p>\n\n<p>The plugin provides an easy-to-use interface for configuring recommended security headers, monitoring Content Security Policy (CSP) violations, recording browser console errors, and tracking security-related configuration changes within WordPress.<\/p>\n\n<p>By implementing industry-standard browser security protections, Security Headers Audit can help reduce exposure to common web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME-type attacks, and unsafe cross-origin interactions.<\/p>\n\n<h3>Key Features<\/h3>\n\n<ul>\n<li>Configure HTTP Security Headers from a centralized dashboard.<\/li>\n<li>Content Security Policy (CSP) management.<\/li>\n<li>Strict-Transport-Security (HSTS) support.<\/li>\n<li>X-Frame-Options protection against clickjacking.<\/li>\n<li>X-Content-Type-Options support to prevent MIME sniffing.<\/li>\n<li>Referrer-Policy management.<\/li>\n<li>Permissions-Policy configuration for browser feature control.<\/li>\n<li>Cross-Origin-Opener-Policy (COOP) support.<\/li>\n<li>Cross-Origin-Embedder-Policy (COEP) support.<\/li>\n<li>Cross-Origin-Resource-Policy (CORP) support.<\/li>\n<li>CSP violation monitoring and logging.<\/li>\n<li>Browser console error collection.<\/li>\n<li>Security configuration audit trail.<\/li>\n<li>Import and export settings.<\/li>\n<li>Clean uninstall support.<\/li>\n<\/ul>\n\n<h3>Supported Security Headers<\/h3>\n\n<ul>\n<li>Content-Security-Policy (CSP)<\/li>\n<li>Strict-Transport-Security (HSTS)<\/li>\n<li>X-Frame-Options<\/li>\n<li>X-Content-Type-Options<\/li>\n<li>Referrer-Policy<\/li>\n<li>Permissions-Policy<\/li>\n<li>Cross-Origin-Opener-Policy (COOP)<\/li>\n<li>Cross-Origin-Embedder-Policy (COEP)<\/li>\n<li>Cross-Origin-Resource-Policy (CORP)<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin files to the <code>\/wp-content\/plugins-security-headers-audit<\/code> directory, or install the plugin through the WordPress Plugins screen.<\/li>\n<li>Activate the plugin through the \"Plugins\" screen in WordPress.<\/li>\n<li>Open the  Security Headers Audit\" menu in the WordPress admin dashboard.<\/li>\n<li>Configure your preferred security headers and auditing options.<\/li>\n<li>Save your settings.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"what%20is%20content%20security%20policy%20%28csp%29%3F\"><h3>What is Content Security Policy (CSP)?<\/h3><\/dt>\n<dd><p>Content Security Policy (CSP) is a browser security mechanism that helps prevent Cross-Site Scripting (XSS) and code injection attacks by controlling which resources can be loaded and executed.<\/p><\/dd>\n<dt id=\"can%20i%20use%20security%20headers%20audit%20on%20existing%20websites%3F\"><h3>Can I use Security Headers Audit on existing websites?<\/h3><\/dt>\n<dd><p>Yes. Security Headers Audit can be installed on both new and existing WordPress websites. Always test security header changes in a staging environment before deploying to production.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20impact%20website%20performance%3F\"><h3>Does the plugin impact website performance?<\/h3><\/dt>\n<dd><p>Security Headers Audit is lightweight and designed to have minimal impact on performance. Security headers are applied during normal request processing, while audit data is stored efficiently within WordPress.<\/p><\/dd>\n<dt id=\"does%20security%20headers%20audit%20remove%20data%20on%20uninstall%3F\"><h3>Does Security Headers Audit remove data on uninstall?<\/h3><\/dt>\n<dd><p>Yes. The plugin includes uninstall cleanup functionality to remove plugin-generated data if desired.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial public release.<\/li>\n<li>Added HTTP Security Headers management.<\/li>\n<li>Added Content Security Policy (CSP) support.<\/li>\n<li>Added Strict-Transport-Security (HSTS) support.<\/li>\n<li>Added X-Frame-Options configuration.<\/li>\n<li>Added X-Content-Type-Options configuration.<\/li>\n<li>Added Referrer-Policy configuration.<\/li>\n<li>Added Permissions-Policy configuration.<\/li>\n<li>Added Cross-Origin policies (COOP, COEP, CORP).<\/li>\n<li>Added CSP violation logging.<\/li>\n<li>Added browser console error logging.<\/li>\n<li>Added security audit trail.<\/li>\n<li>Added settings management dashboard.<\/li>\n<li>Added import and export functionality.<\/li>\n<li>Added uninstall cleanup support.<\/li>\n<\/ul>","raw_excerpt":"Manage HTTP security headers, monitor Content Security Policy (CSP) violations, capture browser console errors, and maintain a complete audit trail of &hellip;","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/327647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=327647"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/chetan2721"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=327647"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=327647"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=327647"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=327647"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=327647"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=327647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}