Headit is a simple plugin to allow you to add custom HTTP response headers to your site.

Ayesh Karunaratne

SameSite Cookies

CSRF-protection for authentication cookies. When enabled, this plugin makes sure the "SameSite" flag is set in authentication cookies.

Comment Form CSRF Protection

Prevent Cross-Site Request Forgery attacks on your comments form.

Julio Potier

Anti CSRF

The CSRF vulnerability is the most famous web vulnerability, since ... i do not remember, too long !

PureDevs

ympervej86

Secure User Registration by PureDevs

The plugin enhances site security by implementing layers of protection to user registration forms, safeguarding the site from attacks like CSRF and au …

StampyCode

<p>This plugin addresses the need for a simple way to add HTTP headers to outbound HTTP responses in your site.</p>
<p>These headers can include custom ones specific to your application, or can be security related. Some you may wish to specify to protect your site may include:</p>
<ul>
<li>Public-Key-Pins</li>
<li>Strict-Transport-Security</li>
<li>X-Frame-Options</li>
<li>X-XSS-Protection</li>
<li>X-Content-Type-Options</li>
<li>Content-Security-Policy</li>
<li>Content-Security-Policy-Report-Only</li>
</ul>
<h3>Related Links</h3>
<ul>
<li><a href="http://www.troyhunt.com/2015/09/introducing-you-to-browser-security.html" rel="nofollow ugc">Troy Hunt – Introducing you to browser security headers on Pluralsight</a></li>
<li><a href="https://app.pluralsight.com/library/courses/browser-security-headers" rel="nofollow ugc">PluralSight.com – Introduction to Browser Security Headers</a></li>
<li><a href="https://www.owasp.org/index.php/List_of_useful_HTTP_headers" rel="nofollow ugc">OWASP – List of useful HTTP headers</a></li>
<li><a href="https://scotthelme.co.uk/hardening-your-http-response-headers/" rel="nofollow ugc">Scott Helme – Hardening your HTTP response headers</a></li>
</ul>


Alternatives to Headit

Top alternatives