Title: Security Headers Audit
Author: Chowdhari Chetan
Published: <strong>June 19, 2026</strong>
Last modified: June 28, 2026

---

Search plugins

![](https://ps.w.org/chetan-security-headers-audit/assets/banner-772x250.png?rev
=3579095)

![](https://ps.w.org/chetan-security-headers-audit/assets/icon-256x256.jpg?rev=3579095)

# Security Headers Audit

 By [Chowdhari Chetan](https://profiles.wordpress.org/chetan2721/)

[Download](https://downloads.wordpress.org/plugin/chetan-security-headers-audit.1.0.1.zip)

 * [Details](https://test.wordpress.org/plugins/chetan-security-headers-audit/#description)
 * [Reviews](https://test.wordpress.org/plugins/chetan-security-headers-audit/#reviews)
 *  [Installation](https://test.wordpress.org/plugins/chetan-security-headers-audit/#installation)
 * [Development](https://test.wordpress.org/plugins/chetan-security-headers-audit/#developers)

 [Support](https://wordpress.org/support/plugin/chetan-security-headers-audit/)

## Description

Security Headers Audit empowers WordPress site owners to fortify their browser-side
security through modern HTTP security headers and robust, comprehensive auditing
tools.

The plugin provides a professional, easy-to-use interface for configuring recommended
security headers, seamlessly monitoring Content Security Policy (CSP) violations,
recording browser console errors, and tracking security-related configuration changes
within WordPress.

By proactively implementing industry-standard browser security protections, Security
Headers Audit helps drastically reduce exposure to common web vulnerabilities such
as Cross-Site Scripting (XSS), clickjacking, MIME-type sniffing attacks, and unsafe
cross-origin interactions.

### Key Features

 * **Centralized Dashboard**: Configure HTTP Security Headers effortlessly.
 * **CSP Management**: Complete Content Security Policy builder and manager.
 * **HSTS Support**: Enforce Strict-Transport-Security (HSTS) for SSL protection.
 * **Clickjacking Protection**: X-Frame-Options to prevent unauthorized iframe embedding.
 * **MIME Sniffing Prevention**: X-Content-Type-Options support.
 * **Privacy Controls**: Comprehensive Referrer-Policy management.
 * **Feature Policies**: Permissions-Policy configuration for browser hardware and
   feature control.
 * **Cross-Origin Protections**: Full support for COOP, COEP, and CORP policies.
 * **Violation Monitoring**: Detailed CSP violation logging and reporting.
 * **Frontend Error Collection**: Log JavaScript browser console errors experienced
   by real users.
 * **Audit Trail**: Track all security configuration changes made by administrators.
 * **Portability**: Import and export settings securely.
 * **Clean Uninstall**: Complete database cleanup support upon uninstallation.

### Supported Security Headers

 * Content-Security-Policy (CSP)
 * Strict-Transport-Security (HSTS)
 * X-Frame-Options
 * X-Content-Type-Options
 * Referrer-Policy
 * Permissions-Policy
 * Cross-Origin-Opener-Policy (COOP)
 * Cross-Origin-Embedder-Policy (COEP)
 * Cross-Origin-Resource-Policy (CORP)

## Screenshots

[⌊Dashboard Overview - Manage all HTTP security headers and CSP settings from a 
single, intuitive interface.⌉⌊Dashboard Overview - Manage all HTTP security headers
and CSP settings from a single, intuitive interface.⌉[

**Dashboard Overview** – Manage all HTTP security headers and CSP settings from 
a single, intuitive interface.

[⌊CSP Audit Log - Easily monitor Content Security Policy violations and fix them
with the click of a button.⌉⌊CSP Audit Log - Easily monitor Content Security Policy
violations and fix them with the click of a button.⌉[

**CSP Audit Log** – Easily monitor Content Security Policy violations and fix them
with the click of a button.

[⌊Browser Console Log - Capture and review JavaScript console errors experienced
by your visitors.⌉⌊Browser Console Log - Capture and review JavaScript console errors
experienced by your visitors.⌉[

**Browser Console Log** – Capture and review JavaScript console errors experienced
by your visitors.

[⌊Header Checker - Instantly test your website's security header grade within the
WordPress dashboard.⌉⌊Header Checker - Instantly test your website's security header
grade within the WordPress dashboard.⌉[

**Header Checker** – Instantly test your website’s security header grade within 
the WordPress dashboard.

## Installation

 1. Upload the plugin folder to the `/wp-content/plugins/` directory, or install the
    plugin directly through the WordPress Plugins screen.
 2. Activate the plugin through the “Plugins” screen in WordPress.
 3. Locate the new “Security Headers Audit” menu within your WordPress admin dashboard.
 4. Navigate to the Settings tab to configure your preferred security headers and auditing
    options.
 5. Save your settings and run the built-in Header Checker to verify your new security
    grade!

## FAQ

### What is Content Security Policy (CSP)?

Content Security Policy (CSP) is an added layer of security that helps detect and
mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data
injection attacks. This plugin allows you to seamlessly build your CSP rules to 
restrict which external resources (such as scripts, stylesheets, and images) can
be loaded, actively preventing malicious scripts from executing on your site.

### Can I safely use Security Headers Audit on existing live websites?

Yes. Security Headers Audit is designed to be installed safely on both new and existing
WordPress websites. However, because strict security headers (like HSTS and rigid
CSP rules) can inadvertently block legitimate resources or break site functionality
if misconfigured, we strongly recommend testing all security header changes in a
staging environment or utilizing report-only modes before enforcing them on a live
production site.

### Will this plugin slow down my website performance?

No. Security Headers Audit is incredibly lightweight and built with maximum performance
in mind. The security headers are injected rapidly at the server response level,
causing zero measurable impact on your frontend loading speeds. All audit logs are
asynchronously collected and efficiently stored in optimized database tables within
WordPress.

### Does Security Headers Audit clean up its data upon uninstall?

Yes. The plugin respects your database hygiene. It includes a built-in uninstall
routine that ensures all custom database tables, audit logs, and settings configurations
are completely removed when you explicitly delete the plugin, leaving no orphaned
data behind.

### What happens if I lock myself out with HSTS or a strict CSP?

If you accidentally misconfigure Strict-Transport-Security (HSTS) or your Content
Security Policy (CSP) causing your site to break, you can safely deactivate the 
plugin via FTP or a File Manager by renaming the `/wp-content/plugins/chetan-security-
headers-audit/` folder. This will instantly disable the headers and restore normal
access so you can readjust your settings.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Security Headers Audit” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Chowdhari Chetan ](https://profiles.wordpress.org/chetan2721/)

[Translate “Security Headers Audit” into your language.](https://translate.wordpress.org/projects/wp-plugins/chetan-security-headers-audit)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/chetan-security-headers-audit/),
check out the [SVN repository](https://plugins.svn.wordpress.org/chetan-security-headers-audit/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/chetan-security-headers-audit/)
by [RSS](https://plugins.trac.wordpress.org/log/chetan-security-headers-audit/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.0.1

 * Major Refactor: Cleaned up plugin architecture and removed unused legacy code
   strings.
 * Enhancement: Renamed dashboard menu slugs to conform to standard WordPress naming
   conventions (`security-headers-audit`).
 * Enhancement: Improved general backend UI labels, descriptions, and dashboard 
   messaging.
 * Fix: Addressed character encoding issues preventing `strict_types` from executing
   correctly on specific Windows/PowerShell environments.
 * Update: Improved documentation, added precise FAQs, and updated the readme structure.

#### 1.0.0

 * Initial public release.
 * Added HTTP Security Headers management.
 * Added Content Security Policy (CSP) support.
 * Added Strict-Transport-Security (HSTS) support.
 * Added X-Frame-Options configuration.
 * Added X-Content-Type-Options configuration.
 * Added Referrer-Policy configuration.
 * Added Permissions-Policy configuration.
 * Added Cross-Origin policies (COOP, COEP, CORP).
 * Added CSP violation logging.
 * Added browser console error logging.
 * Added security audit trail.
 * Added settings management dashboard.
 * Added import and export functionality.
 * Added uninstall cleanup support.

## Meta

 *  Version **1.0.1**
 *  Last updated **5 days ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 6.0 or higher **
 *  Tested up to **7.0**
 *  PHP version ** 8.0 or higher **
 *  Language
 * [English (US)](https://wordpress.org/plugins/chetan-security-headers-audit/)
 * Tags
 * [audit log](https://test.wordpress.org/plugins/tags/audit-log/)[csp](https://test.wordpress.org/plugins/tags/csp/)
   [security](https://test.wordpress.org/plugins/tags/security/)[Security Headers](https://test.wordpress.org/plugins/tags/security-headers/)
   [xss](https://test.wordpress.org/plugins/tags/xss/)
 *  [Advanced View](https://test.wordpress.org/plugins/chetan-security-headers-audit/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/chetan-security-headers-audit/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/chetan-security-headers-audit/reviews/)

## Contributors

 *   [ Chowdhari Chetan ](https://profiles.wordpress.org/chetan2721/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/chetan-security-headers-audit/)