Title: BoundaryGuard Headers Author: Jay Suthar Published: 2025 年 12 月 29 日 Last modified: 2026 年 1 月 5 日 --- 搜尋外掛 ![](https://ps.w.org/boundaryguard-headers/assets/banner-772x250.png?rev=3428818) ![](https://ps.w.org/boundaryguard-headers/assets/icon-256x256.png?rev=3428818) # BoundaryGuard Headers 由 [Jay Suthar](https://profiles.wordpress.org/jsjack74/) 開發 [下載](https://downloads.wordpress.org/plugin/boundaryguard-headers.1.0.0.zip) * [詳細資料](https://tw.wordpress.org/plugins/boundaryguard-headers/#description) * [使用者評論](https://tw.wordpress.org/plugins/boundaryguard-headers/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/boundaryguard-headers/#installation) * [開發資訊](https://tw.wordpress.org/plugins/boundaryguard-headers/#developers) [技術支援](https://wordpress.org/support/plugin/boundaryguard-headers/) ## 外掛說明 BoundaryGuard Headers enforces modern HTTP security headers to harden your WordPress site against XSS, clickjacking, mixed content, and cross-origin attacks. **Key Features:** * **Essential Protection:** Adds X-Frame-Options, X-Content-Type-Options, Referrer- Policy, and Permissions-Policy to reduce attack surface and prevent clickjacking. * **HSTS (Strict Transport Security):** Forces HTTPS connections to help prevent protocol downgrade and man-in-the-middle attacks. * **Advanced Isolation (COOP/COEP):** Enables Cross-Origin-Opener-Policy and Cross- Origin-Embedder-Policy to improve cross-origin isolation and mitigate certain side-channel attacks. * **Content Security Policy (CSP):** One of the strongest defenses against XSS. Includes a dashboard-based CSP builder with preset options to whitelist trusted sources for scripts, styles, images, and more. * **CSP Report-Only Mode:** Test your policy safely without blocking content. * **Server Header Hardening:** Removes or limits exposure of headers such as `X- Powered-By` and `Server`. * **Lightweight and Fast:** Uses PHP headers for broad server compatibility and minimal performance impact. * **No `.htaccess` Editing Required:** Works without modifying server configuration files. Designed for developers and site owners who want stronger security without unnecessary complexity. ### External Services This plugin provides a Content Security Policy (CSP) builder. To assist users, it includes “Preset Buttons” that allow users to quickly add domain names to their own CSP whitelist. **This plugin DOES NOT connect to, load data from, or send data to these services automatically.** The following third-party domains are referenced as presets within the admin dashboard for whitelisting purposes: * Google Analytics (www.google-analytics. com) – Used for tracking whitelisting. [Privacy: https://policies.google.com/privacy]* Google Tag Manager (www.googletagmanager.com) – Used for tag management. [Privacy: https://policies.google.com/privacy] * Stripe (js.stripe.com, api.stripe.com) – Used for payment processing. [Privacy: https://stripe.com/privacy] * Facebook (www. facebook.com, connect.facebook.net) – Used for social embeds. [Privacy: https:// www.facebook.com/policy.php] * YouTube (www.youtube.com, i.ytimg.com) – Used for video embeds. [Privacy: https://policies.google.com/privacy] * Vimeo (player.vimeo. com) – Used for video embeds. [Privacy: https://vimeo.com/privacy] * Gravatar (secure. gravatar.com) – Used for user avatars. [Privacy: https://automattic.com/privacy/] ## 安裝方式 1. Upload the `boundaryguard-headers` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the **Plugins** menu in WordPress. 3. Configure the settings from **Settings BoundaryGuard Headers**. ## 常見問題集 ### Does this plugin edit .htaccess? No. BoundaryGuard Headers uses PHP headers, which improves compatibility across different hosting environments. ### Can I test Content Security Policy without breaking my site? Yes. The plugin includes a **CSP Report-Only Mode** that allows you to monitor policy violations without blocking any resources. ### Will this affect site performance? No. The plugin is lightweight and adds negligible overhead, as headers are sent as part of the normal HTTP response. ## 使用者評論 ![](https://secure.gravatar.com/avatar/c344067e40ea7ac6265911750c5634490947a5aac22fcc81cab5c0bd68a2ed5e? s=60&d=retro&r=g) ### 󠀁[Best plugin for security](https://wordpress.org/support/topic/best-plugin-for-security-3/)󠁿 [jaymakadiya](https://profiles.wordpress.org/jaymakadiya/) 2025 年 12 月 30 日 I’ve been using BoundaryGuard Headers on my WordPress site, and overall it’s a very helpful security plugin. It focuses on adding important HTTP security headers — like Content Security Policy, X-Frame-Options, and HSTS — which helps protect the site from things like XSS attacks and clickjacking. [ 閱讀全部 3 則使用者評論 ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/) ## 參與者及開發者 以下人員參與了開源軟體〈BoundaryGuard Headers〉的開發相關工作。 參與者 * [ Jay Suthar ](https://profiles.wordpress.org/jsjack74/) [將〈BoundaryGuard Headers〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/boundaryguard-headers) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/boundaryguard-headers/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/boundaryguard-headers/),或透過 [RSS](https://plugins.trac.wordpress.org/log/boundaryguard-headers/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/boundaryguard-headers/)。 ## 變更記錄 #### 1.0.0 * Initial release * Added essential HTTP security headers * Implemented HSTS support * Added CSP builder with report-only mode ## 中繼資料 * 版本 **1.0.0** * 最後更新 **6 個月前** * 啟用安裝數 **10+** * WordPress 版本需求 ** 6.0 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 7.4 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/boundaryguard-headers/) * 標籤: * [csp](https://tw.wordpress.org/plugins/tags/csp/)[hsts](https://tw.wordpress.org/plugins/tags/hsts/) [http-headers](https://tw.wordpress.org/plugins/tags/http-headers/)[security](https://tw.wordpress.org/plugins/tags/security/) [xss](https://tw.wordpress.org/plugins/tags/xss/) * [進階檢視](https://tw.wordpress.org/plugins/boundaryguard-headers/advanced/) ## 評分 5 星,滿分為 5 星 * [ 1 個 5 星使用者評論 ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=5) * [ 0 個 4 星使用者評論 ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=4) * [ 0 個 3 星使用者評論 ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=3) * [ 0 個 2 星使用者評論 ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=2) * [ 0 個 1 星使用者評論 ](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/boundaryguard-headers/reviews/) ## 參與者 * [ Jay Suthar ](https://profiles.wordpress.org/jsjack74/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/boundaryguard-headers/)