Headers Security Advanced & HSTS WP for WordPress Plugin Directory
By Andrea Ferro
Headers Security Advanced & HSTS WP is a WordPress app, with a 4.9 average rating from 78 reviews, as of July 10, 2026.
Headers Security Advanced & HSTS WP is a WordPress Plugin Directory app by Andrea Ferro. With a rating of 4.9★ from 78 reviews.
AppRanks verdict
Generated from live marketplace data — refreshed daily
Headers Security Advanced & HSTS WP is a category-leading WordPress app with a limited review volume. It is listed in the Headers category on WordPress Plugin Directory, which AppRanks treats as the canonical taxonomy node for ranking and competitor comparison. 78 reviews put it in the early-traction tier — useful for early-stage stores willing to be on the leading edge. Early-traction review counts are sensitive to single launch periods or feature events, so a 30-day re-check before bigger commitments often resolves whether the trend is sustained. Paid-only pricing means evaluating fit on the marketplace listing or via the developer's documentation before installing. AppRanks tracks rating, review count, pricing tier, and category position daily — the figures on this page reflect the most recent scrape from the canonical WordPress Plugin Directory listing.
Pros
- +High average rating (4.9★) signals consistent merchant satisfaction
- +Published by Andrea Ferro — established developer track record
Cons
- −Limited review base (78) — ratings can shift significantly with new feedback
Looking to switch from Headers Security Advanced & HSTS WP?
See Headers Security Advanced & HSTS WP's alternatives ranked by audit score, rating, and review velocity.
How Headers Security Advanced & HSTS WP works
Show full descriptionShow less
Headers Security Advanced & HSTS WP is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.
The Headers Security Advanced & HSTS WP project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.
This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.
Check out the best features of Headers Security Advanced & HSTS WP:
X-XSS-Protection (Deprecated)
Pragma (Deprecated)
Public-Key-Pins (Deprecated)
Expect-CT (Deprecated)
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Allow-Headers
X-Content-Security-Policy
X-Content-Type-Options
X-Frame-Options
X-Permitted-Cross-Domain-Policies
X-Powered-By
Content-Security-Policy
Referrer-Policy
HTTP Strict Transport Security / HSTS
Content-Security-Policy
Content-Security-Policy-Report-Only
Clear-Site-Data
Cross-Origin-Embedder-Policy-Report-Only
Cross-Origin-Opener-Policy-Report-Only
Cross-Origin-Embedder-Policy
Cross-Origin-Opener-Policy
Cross-Origin-Resource-Policy
Permissions-Policy
Strict-dynamic
Strict-Transport-Security
FLoC (Federated Learning of Cohorts)
Headers Security Advanced & HSTS WP is based on OWASP CSRF to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).
HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.
We have put a lot of effort into making the most important services operational with Content Security Policy (CSP), below are some examples that we have tested and used with Headers Security Advanced & HSTS WP:
CSP usage for Google Tag Manager
world’s most popular tag manager
Using CSP for Gravatar
Avatar service for WordPress and Social sites
Using CSP for WordPress Internal Media
support WordPress media
Using CSP for Youtube Embedded Video SDK
support Youtube embedded frames and JS SDK
CSP usage for CookieLaw
privacy technology to meet regulatory requirements
CSP usage for Mailchimp
support for Mailchimp automation, SDK and modules
CSP usage for Google Analytics
support for basic conversion domains such as: stats.g.doubleclick.net and www.google.com
CSP usage for Google Fonts
you’re not loading it on the page, chances are one of your SDKs is using it
Using CSP for Facebook
support Facebook SDK functionality
Using CSP for Stripe
highly secure online payment system
Using CSP for New Relic
it’s a registration and monitoring utility
Using CSP for Linkedin Tags + SDKs
support Linkedin Insight, Linkedin Ads and SDK
Using CSP for OneTrust
OneTrust support helps companies manage privacy requirements
CSP usage for Moat
Moat support to measurement suite such as: ad verification, brand safety, advertising and coverage
CSP usage for jQuery
support of jQuery – JS library
CSP usage for Twitter Widgets & SDKs
support Connect, Widgets and the Twitter client-side SDK
Using CSP for Google Maps
support Google Maps as The ggpht used by streetview
Using CSP for Quantcast Choice
Quantcast support for privacy such as GDPR and CCPA
CSP usage for Twitter Ads & Analytics
Twitter support for advertising and Analytics
Using CSP for Paypal
PayPal support for online payment system
Using CSP for Drift
Drift and Driftt support
CSP usage for Cookiebot
cookie and tracker support, GDPR/ePrivacy and CCPA compliance
CSP usage for Vimeo Embedded Videos SDK
support frames, JS SDK, Froogaloop integration
Using CSP for AppNexus (now Xandr)
AppNexus support for custom retargeting
Using CSP for Mixpanel
support analytics tool with SDK/JS to collect client-side data
Using CSP for Font Awesome
toolkit support for fonts and icons over CSS and Less
Using CSP for Google reCAPTCHA
reCAPTCHA support for fraud and bot protection
CSP usage for Bootstrap CDN
Bootstrap support for CSS frameworks
Using CSP for HubSpot
Hubspot support with many features, used for monitoring and mkt functionality
Using CSP for Hotjar
Hotjar tracker support for analytics and metrics
Using CSP for WP.com
support for wp.com hosting
Using CSP for Akamai mPulse
support for Akamai mPulse, for origin and perimeter integrations
CSP usage for Cloudflare – Rocket-Loader & Mirage
support for Mirage libraries for performance acceleration
Using CSP for Cloudflare – CDN.js
Cloudflare’s open CDN support with multiple libraries
Using CSP for jsDelivr
support jsDelivr free CDN for Open Source
Headers Security Advanced & HSTS WP is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).
Integration with Sentry, Report URI, URIports and Datadog
Sentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:
* Receive detailed reports on content security policy (CSP) violations.
* Monitor and analyze JavaScript exceptions occurring on their site.
* Benefit from advanced tools for proactive troubleshooting.
Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.
Free Forever Every security header, every configuration option, and every protection this plugin offers today will remain completely free. No features will ever be moved behind a paywall. Shield is a separate set of brand-new monitoring tools built on top. The free plugin gets better because Shield exists, not worse.
Even though FLoC is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special “automatic blocking of FLoC” feature, trying to always offer the best tool with privacy protection and cyber security as main targets and focus.
Analyze your site before and after using Headers Security Advanced & HSTS WP security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security / HSTS best practices.
Check HTTP Security Headers on securityheaders.com
Check HTTP Strict Transport Security / HSTS at hstspreload.org
Check WebPageTest at webpagetest.org
Check HSTS test website gf.dev/hsts-test
Check CSP test website csper.io/evaluator
Check CSP Evaluator csp-evaluator.withgoogle.com
CSP Content Security Policy Generator addons.mozilla.org
This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.
Shield — Advanced Features (Optional) Every feature this plugin offers today is and will remain completely free, forever. Shield is a separate set of brand-new advanced tools for professionals who need deeper monitoring and automation:
Security Advisor — Analyzes your configuration and gives personalized recommendations in plain language
CSP Guide — Recommended tools, safe workflow, WordPress-specific CSP snippets, and CSP FAQ
Security Score Dashboard — Real-time A+ to F grade with header status for all 10 security headers
Email & Webhook Alerts — Get notified via email, Slack, Discord, Microsoft Teams, or custom webhook when something changes
CSP Violation Analytics — See which resources browsers are blocking and why
Weekly Automated Scans — Automatic security audit with scan history and trend tracking
Nothing existing moves behind a paywall. Revenue from Shield directly funds free updates and maintenance for all 100,000+ users. Learn more at openheaders.org/pro.
Category rankings
As of Jul 10, 2026- Clickjacking#0of 2Top 1%
- Csp#0of 6Top 1%
- Headers#0of 12Top 1%
- Headers security#0of 1Top 1%
- Hsts#0of 5Top 1%
- _browse_popular#478of 508Top 95%
See 90-day rank history for each category
Track daily rank changes, category shifts, and position volatility.
Keyword rankings
Headers Security Advanced & HSTS WP ranks for 5 keywords across WordPress Plugin Directory. Here are the top 3:
- 1.faqRank #374
- Rank #608
- Rank #612
Competitors & alternatives
Headers Security Advanced & HSTS WPdoesn't have curated competitor matchups yet. Other tracked headers apps on WordPress:
Where Headers Security Advanced & HSTS WP stands in the Headers category
Headers Security Advanced & HSTS WP ranks #0 of 12 apps in the Headers category, placing it in the top 1% of the listing.
Frequently asked questions
What is Headers Security Advanced & HSTS WP?
Headers Security Advanced & HSTS WP is an app for WordPress. It currently holds a 4.9-star rating from 78 merchant reviews, and AppRanks has been tracking its public marketplace data on a daily refresh cycle. It is listed under the Headers category on AppRanks, where you can see its current category position, review-velocity trend, and how it compares against the top alternatives in the same space. Developed by Andrea Ferro.
Who uses Headers Security Advanced & HSTS WP?
Currently around 90,000 active stores have installed Headers Security Advanced & HSTS WP. Its review base is still building, which usually maps to early-stage merchants and stores piloting a new workflow. It is part of the Headers category on WordPress.