For these servers it's handy to be able to set desired HTTP headers without access to the web servers configuration or using.htaccess file..
HSTS is used to ensure that future connections to website always use TLS, and disallowing bypass of certificate warnings for the site..
HPKP is used if you don't want to rely solely on Certificate Authority trust model for certificate issuance..
Disabling content sniffing is of interest for sites that allow users to upload files of specific types, but that browsers might be enough to interpret of some other type, thus allowing unexpected attacks..
XSS re-enables XSS for the site, if the user has disabled it previously, and sets the block option so that attacks are not silently ignored..
For the future releases it would be good to include Content-Security-Policy and Expect-CT options...
Excellent plugin, easy to use. tjdurden.
Browse the code, check out SVN repository, or subscribe to the development log by RSS...
Added option to set X-Frame-Options headers to main site.
Check for TLS before emitting HSTS or HPKP headers 0.5.
Read more
Related items:
