HTTP Headers gives your control over the http headers returned by your blog or website. Headers supported by HTTP Headers includes: Access-Control-Allow-Origin Access-Control-Allow-Credentials Access-Control-Max-Age Access-Control-Allow-Methods Access-Control-Allow-Headers Access-Control-Expose-Headers Age Content-Security-Policy Content-Security-Policy-Report-Only Cache-Control Clear-Site-Data Connection Content-Encoding Content-Type Cross-Origin-Embedder-Policy Cross-Origin-Opener-Policy Cross-Origin-Resource-Policy Expect-CT Expires Feature-Policy NEL Permissions-Policy Pragma ~~Public-Key-Pins~~ ~~Public-Key-Pins-Report-Only~~ P3P Referrer-Policy Report-To Strict-Transport-Security Timing-Allow-Origin Vary WWW-Authenticate X-Content-Type-Options X-DNS-Prefetch-Control X-Download-Options X-Frame-Options X-Permitted-Cross-Domain-Policies X-Powered-By X-UA-Compatible X-XSS-Protection The getting started tutorial describes a typical configuration of this plugin.