Secure HTTP Headers is a WordPress app, with a 3.0 average rating from 2 reviews, as of July 9, 2026.
Secure HTTP Headers is a WordPress Plugin Directory app by shasha310. With a rating of 3.0★ from 2 reviews.
AppRanks data: Secure HTTP Headers ranks #0 in Cookies on WordPress Plugin Directory, placing it in the top 1% of that category.
AppRanks verdict
Generated from live marketplace data — refreshed daily
Secure HTTP Headers is a mixed-rating WordPress app with a limited review volume. It is listed in the Security category on WordPress Plugin Directory, which AppRanks treats as the canonical taxonomy node for ranking and competitor comparison. 2 reviews put it in the early-traction tier — useful for early-stage stores willing to be on the leading edge. Early-traction review counts are sensitive to single launch periods or feature events, so a 30-day re-check before bigger commitments often resolves whether the trend is sustained. Paid-only pricing means evaluating fit on the marketplace listing or via the developer's documentation before installing. AppRanks tracks rating, review count, pricing tier, and category position daily — the figures on this page reflect the most recent scrape from the canonical WordPress Plugin Directory listing.
Pros
- +Published by shasha310 — established developer track record
Cons
- −Average rating below 4.0 (3.0★) — read recent low-star reviews before committing
- −Limited review base (2) — ratings can shift significantly with new feedback
Looking to switch from Secure HTTP Headers?
See Secure HTTP Headers's alternatives ranked by audit score, rating, and review velocity.
How Secure HTTP Headers works
Show full descriptionShow less
Harden your web applications.
HTTP header fields are components of the header section of request and response messages. The headers define the operating parameters of an HTTP transaction.
Securing HTTP headers will improve the resilience of your web application against many common attacks including those that are on the OWASP top 10 list.
Securing headers can also improve your SEO rank and in addition to preventing websites from being marked as dangerous by browsers and antivirus applications.
Protect sensitive user information and be compliant with privacy regulations. Defend users from stealing private data by protecting website cookies. Use the proper directive such as “secure”, “httponly” and “samesite”, all of those will be applied automatically by “Secure HTTP Headers” plugin.
Secure HTTP Headers will automatically analyze any website and will build up secure headers directives, by the latest best practice.
In addition, Secure HTTP Headers offers fully configurable options, apply or skip any header directive as needed.
Install and activate Secure HTTP Headers with full confidence, the deactivation of this plugin will return your website header directives to their original state.
Main plugin functionality
HTTP Strict Transport Security – helps to protect websites against man-in-the-middle attacks and cookie hijacking
X-Frame-Options – helps to protect users against ClickJacking attacks
X-Content-Type-Options – helps to prevent the browser from MIME-sniffing
Referrer-Policy – helps to control how much referrer information should be included with requests
Clear-Site-Data – helps to ensure that data is deleted from the browser if the user logs out
X-Download-Options – helps to control how IE 8 will handle downloaded HTML files
Access-Control-Allow-Origin – helps to ensure whether the response can be shared with requesting code from the given origin
Cross-Origin-Embedder-Policy – helps to prevent a document from loading any cross-origin resources that don’t explicitly grant the document permission
Permissions-Policy – helps to allow and deny the use of browser features in its own frame, and in content within any iframe elements in the document
Cross-Origin-Opener-Policy – helps to protect websites against a set of cross-origin attacks dubbed XS-Leaks
Cross-Origin-Resource-Policy – helps to protect websites against speculative side-channel attacks, like Spectre, as well as Cross-Site Script Inclusion attacks
X-Permitted-Cross-Domain-Policies – helps to control how cross-domain requests from Flash and PDF documents are handled
Cookie Http-Only flag – helps to protect websites against Cross-Site Scripting, or XSS attacks
Cookie Secure flag – helps to ensure that cookie is sent over a secure connection
Cookie Samesite Lax flag – helps to protect websites against CSRF and XSSI attacks
Expect-CT – helps to prevent the use of misissued certificates for a website. Note: The Expect-CT will likely become obsolete in June 2021
What are the optional extras? Magnisec is offering “Secure HTTP Headers enhanced”
A plugin that contains, in addition, an engine that watches and builds in any website changes a CSP – Content Security Policy that is best practice and recommended by all professional securities experts, that mitigate XSS -Cross site Scripting, one of the most common and destructive attacks.
Price: 50$ /year for a domain.
More details and installation here
Category rankings
As of Jul 9, 2026See 90-day rank history for each category
Track daily rank changes, category shifts, and position volatility.
Competitors & alternatives
Secure HTTP Headersdoesn't have curated competitor matchups yet. Other tracked security apps on WordPress:
Where Secure HTTP Headers stands in the Security category
Secure HTTP Headers ranks #0 of 635 apps in the Security category, placing it in the top 1% of the listing.
Frequently asked questions
What is Secure HTTP Headers?
Secure HTTP Headers is an app for WordPress. It currently holds a 3.0-star rating from 2 merchant reviews, and AppRanks has been tracking its public marketplace data on a daily refresh cycle. It is listed under the Security category on AppRanks, where you can see its current category position, review-velocity trend, and how it compares against the top alternatives in the same space. Developed by shasha310.
Who uses Secure HTTP Headers?
Currently around 100 active stores have installed Secure HTTP Headers. Its review base is still building, which usually maps to early-stage merchants and stores piloting a new workflow. It is part of the Security category on WordPress.