Title: Security Headers Audit
Author: Chowdhari Chetan
Published: <strong>2026 年 6 月 19 日</strong>
Last modified: 2026 年 6 月 28 日

---

搜尋外掛

![](https://ps.w.org/chetan-security-headers-audit/assets/banner-772x250.png?rev
=3579095)

![](https://ps.w.org/chetan-security-headers-audit/assets/icon-256x256.jpg?rev=3579095)

# Security Headers Audit

 由 [Chowdhari Chetan](https://profiles.wordpress.org/chetan2721/) 開發

[下載](https://downloads.wordpress.org/plugin/chetan-security-headers-audit.1.0.1.zip)

 * [詳細資料](https://tw.wordpress.org/plugins/chetan-security-headers-audit/#description)
 * [使用者評論](https://tw.wordpress.org/plugins/chetan-security-headers-audit/#reviews)
 *  [安裝方式](https://tw.wordpress.org/plugins/chetan-security-headers-audit/#installation)
 * [開發資訊](https://tw.wordpress.org/plugins/chetan-security-headers-audit/#developers)

 [技術支援](https://wordpress.org/support/plugin/chetan-security-headers-audit/)

## 外掛說明

Security Headers Audit empowers WordPress site owners to fortify their browser-side
security through modern HTTP security headers and robust, comprehensive auditing
tools.

The plugin provides a professional, easy-to-use interface for configuring recommended
security headers, seamlessly monitoring Content Security Policy (CSP) violations,
recording browser console errors, and tracking security-related configuration changes
within WordPress.

By proactively implementing industry-standard browser security protections, Security
Headers Audit helps drastically reduce exposure to common web vulnerabilities such
as Cross-Site Scripting (XSS), clickjacking, MIME-type sniffing attacks, and unsafe
cross-origin interactions.

### Key Features

 * **Centralized Dashboard**: Configure HTTP Security Headers effortlessly.
 * **CSP Management**: Complete Content Security Policy builder and manager.
 * **HSTS Support**: Enforce Strict-Transport-Security (HSTS) for SSL protection.
 * **Clickjacking Protection**: X-Frame-Options to prevent unauthorized iframe embedding.
 * **MIME Sniffing Prevention**: X-Content-Type-Options support.
 * **Privacy Controls**: Comprehensive Referrer-Policy management.
 * **Feature Policies**: Permissions-Policy configuration for browser hardware and
   feature control.
 * **Cross-Origin Protections**: Full support for COOP, COEP, and CORP policies.
 * **Violation Monitoring**: Detailed CSP violation logging and reporting.
 * **Frontend Error Collection**: Log JavaScript browser console errors experienced
   by real users.
 * **Audit Trail**: Track all security configuration changes made by administrators.
 * **Portability**: Import and export settings securely.
 * **Clean Uninstall**: Complete database cleanup support upon uninstallation.

### Supported Security Headers

 * Content-Security-Policy (CSP)
 * Strict-Transport-Security (HSTS)
 * X-Frame-Options
 * X-Content-Type-Options
 * Referrer-Policy
 * Permissions-Policy
 * Cross-Origin-Opener-Policy (COOP)
 * Cross-Origin-Embedder-Policy (COEP)
 * Cross-Origin-Resource-Policy (CORP)

## 螢幕擷圖

[⌊Dashboard Overview - Manage all HTTP security headers and CSP settings from a 
single, intuitive interface.⌉⌊Dashboard Overview - Manage all HTTP security headers
and CSP settings from a single, intuitive interface.⌉[

**Dashboard Overview** – Manage all HTTP security headers and CSP settings from 
a single, intuitive interface.

[⌊CSP Audit Log - Easily monitor Content Security Policy violations and fix them
with the click of a button.⌉⌊CSP Audit Log - Easily monitor Content Security Policy
violations and fix them with the click of a button.⌉[

**CSP Audit Log** – Easily monitor Content Security Policy violations and fix them
with the click of a button.

[⌊Browser Console Log - Capture and review JavaScript console errors experienced
by your visitors.⌉⌊Browser Console Log - Capture and review JavaScript console errors
experienced by your visitors.⌉[

**Browser Console Log** – Capture and review JavaScript console errors experienced
by your visitors.

[⌊Header Checker - Instantly test your website's security header grade within the
WordPress dashboard.⌉⌊Header Checker - Instantly test your website's security header
grade within the WordPress dashboard.⌉[

**Header Checker** – Instantly test your website’s security header grade within 
the WordPress dashboard.

## 安裝方式

 1. Upload the plugin folder to the `/wp-content/plugins/` directory, or install the
    plugin directly through the WordPress Plugins screen.
 2. Activate the plugin through the “Plugins” screen in WordPress.
 3. Locate the new “Security Headers Audit” menu within your WordPress admin dashboard.
 4. Navigate to the Settings tab to configure your preferred security headers and auditing
    options.
 5. Save your settings and run the built-in Header Checker to verify your new security
    grade!

## 常見問題集

### What is Content Security Policy (CSP)?

Content Security Policy (CSP) is an added layer of security that helps detect and
mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data
injection attacks. This plugin allows you to seamlessly build your CSP rules to 
restrict which external resources (such as scripts, stylesheets, and images) can
be loaded, actively preventing malicious scripts from executing on your site.

### Can I safely use Security Headers Audit on existing live websites?

Yes. Security Headers Audit is designed to be installed safely on both new and existing
WordPress websites. However, because strict security headers (like HSTS and rigid
CSP rules) can inadvertently block legitimate resources or break site functionality
if misconfigured, we strongly recommend testing all security header changes in a
staging environment or utilizing report-only modes before enforcing them on a live
production site.

### Will this plugin slow down my website performance?

No. Security Headers Audit is incredibly lightweight and built with maximum performance
in mind. The security headers are injected rapidly at the server response level,
causing zero measurable impact on your frontend loading speeds. All audit logs are
asynchronously collected and efficiently stored in optimized database tables within
WordPress.

### Does Security Headers Audit clean up its data upon uninstall?

Yes. The plugin respects your database hygiene. It includes a built-in uninstall
routine that ensures all custom database tables, audit logs, and settings configurations
are completely removed when you explicitly delete the plugin, leaving no orphaned
data behind.

### What happens if I lock myself out with HSTS or a strict CSP?

If you accidentally misconfigure Strict-Transport-Security (HSTS) or your Content
Security Policy (CSP) causing your site to break, you can safely deactivate the 
plugin via FTP or a File Manager by renaming the `/wp-content/plugins/chetan-security-
headers-audit/` folder. This will instantly disable the headers and restore normal
access so you can readjust your settings.

## 使用者評論

這個外掛目前沒有任何使用者評論。

## 參與者及開發者

以下人員參與了開源軟體〈Security Headers Audit〉的開發相關工作。

參與者

 *   [ Chowdhari Chetan ](https://profiles.wordpress.org/chetan2721/)

[將〈Security Headers Audit〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/chetan-security-headers-audit)

### 對開發相關資訊感興趣？

任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/chetan-security-headers-audit/)、
查看 [SVN 存放庫](https://plugins.svn.wordpress.org/chetan-security-headers-audit/)，
或透過 [RSS](https://plugins.trac.wordpress.org/log/chetan-security-headers-audit/?limit=100&mode=stop_on_copy&format=rss)
訂閱[開發記錄](https://plugins.trac.wordpress.org/log/chetan-security-headers-audit/)。

## 變更記錄

#### 1.0.1

 * Major Refactor: Cleaned up plugin architecture and removed unused legacy code
   strings.
 * Enhancement: Renamed dashboard menu slugs to conform to standard WordPress naming
   conventions (`security-headers-audit`).
 * Enhancement: Improved general backend UI labels, descriptions, and dashboard 
   messaging.
 * Fix: Addressed character encoding issues preventing `strict_types` from executing
   correctly on specific Windows/PowerShell environments.
 * Update: Improved documentation, added precise FAQs, and updated the readme structure.

#### 1.0.0

 * Initial public release.
 * Added HTTP Security Headers management.
 * Added Content Security Policy (CSP) support.
 * Added Strict-Transport-Security (HSTS) support.
 * Added X-Frame-Options configuration.
 * Added X-Content-Type-Options configuration.
 * Added Referrer-Policy configuration.
 * Added Permissions-Policy configuration.
 * Added Cross-Origin policies (COOP, COEP, CORP).
 * Added CSP violation logging.
 * Added browser console error logging.
 * Added security audit trail.
 * Added settings management dashboard.
 * Added import and export functionality.
 * Added uninstall cleanup support.

## 中繼資料

 *  版本 **1.0.1**
 *  最後更新 **1 週前**
 *  啟用安裝數 **少於 10 次**
 *  WordPress 版本需求 ** 6.0 或更新版本 **
 *  已測試相容的 WordPress 版本 **7.0**
 *  PHP 版本需求 ** 8.0 或更新版本 **
 *  語言
 * [English (US)](https://wordpress.org/plugins/chetan-security-headers-audit/)
 * 標籤:
 * [audit log](https://tw.wordpress.org/plugins/tags/audit-log/)[csp](https://tw.wordpress.org/plugins/tags/csp/)
   [security](https://tw.wordpress.org/plugins/tags/security/)[Security Headers](https://tw.wordpress.org/plugins/tags/security-headers/)
   [xss](https://tw.wordpress.org/plugins/tags/xss/)
 *  [進階檢視](https://tw.wordpress.org/plugins/chetan-security-headers-audit/advanced/)

## 評分

這個項目尚無任何評論記錄。

[Your review](https://wordpress.org/support/plugin/chetan-security-headers-audit/reviews/#new-post)

[查看全部使用者評論](https://wordpress.org/support/plugin/chetan-security-headers-audit/reviews/)

## 參與者

 *   [ Chowdhari Chetan ](https://profiles.wordpress.org/chetan2721/)

## 技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

 [檢視技術支援論壇](https://wordpress.org/support/plugin/chetan-security-headers-audit/)