Wordpress Secure Headers Helper: Send HTTP headers that implement security measures

Recommend this page to a friend!
  Info   View files Documentation   View files View files (4)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog (2)    
Last Updated Ratings Unique User Downloads Download Rankings
2021-03-19 (21 days ago) RSS 2.0 feedNot yet rated by the usersTotal: 49 This week: 24All time: 9,981 This week: 10Up
Version License PHP version Categories
wp-secure-headers 1.0.2BSD License7PHP 5, Security, Blogs
Description Author

This class can send HTTP headers that implement security measures.

It can register a WordPress action function that will be called to set the response HTTP headers that are sent when pages generated by WordPress are served.

The class sets security related headers like:

- X-Frame-Options
- X-Content-Type-Options
- X-XSS-Protection
- Referrer-Policy
- Strict-Transport-Security
- Expect-CT

The class also provides a way to set other headers.

Innovation Award
PHP Programming Innovation award nominee
March 2021
Nowadays there are several HTTP headers that can be used to protect better Web applications and their users against harm that could be caused by certain types of security attacks.

This class can be used to send those HTTP headers in a WordPress applications. It makes it easier to develop more secure WordPress based sites and plugins.

Manuel Lemos
Picture of Carlos Artur Curvelo da Matos
  Performance   Level  
Name: Carlos Artur Curvelo da ... <contact>
Classes: 6 packages by
Country: Portugal Portugal
Age: 43
All time rank: 423547 in Portugal Portugal
Week rank: 6 Up3 in Portugal Portugal Up
Innovation award
Innovation award
Nominee: 3x


WP Secure Headers Helper

A simple helper class to manage HTTP Security Headers made available when a website is under any SSL certificate. Unfortunately, many plugins are used to configure SSL, but miss the more elaborated part of it - include secure headers to requests. This class aims to offer a simple interface to set up those - bringing predefined headers adequate for most WP websites, but also enabling the coder to set or alter any header - and that may include customized HTTP headers as well.


As we prefer, this library can be installed using Composer

composer require carloswph/wp-secure-headers.

Alternatively, you can just copy the class inside the src folder and use it in your plugin or theme.


The class WPH\Security\Headers inserts secure headers for Wordpress. Having that said, it already comes with some basic headers, which can be seen by using the static method wPH\Security\Headers::list(). In the future, we intend to build some chained methods to allow configuring in detail two specific headers: Content-Security-Policy and Permissions-Policy. For the moment, both can be added to class instance through the set() method.

Using with Composer

use WPH\Security\Headers;

require __DIR__ . '/vendor/autoload.php';

$sec_headers = new Headers();
$sec_headers->set('Content-Security-Policy', 'connect-src "self"'); // Add new headers to the class array property.


  • Methods to setup and configure CSP and Permissions Policy headers
  • Some cookie managing tools
  Files folder image Files  
File Role Description
Files folder imagesrc (1 file)
Accessible without login Plain text file composer.json Data Auxiliary data
Accessible without login Plain text file composer.lock Data Auxiliary data
Accessible without login Plain text file README.md Doc. Documentation

  Files folder image Files  /  src  
File Role Description
  Plain text file Headers.php Class Class source

 Version Control Unique User Downloads Download Rankings  
This week:24
All time:9,981
This week:10Up

For more information send a message to info at phpclasses dot org.