HTTP Headers WordPress Plugin – Feature Policy

The HTTP Headers plugin can set Feature-Policy to block web browser features (e.g. video autoplay, camera, and microphone) for improved WordPress security. Below we cover how to configure Feature Policy in WordPress.

Get more performance and security features with our NGINX-powered WordPress Hosting.

Feature Policy

  1. Install, and activate, the HTTP Headers plugin using your WordPress dashboard or WP-CLI.
  2. Log in to your WordPress dashboard.
  3. On the left, hover over Settings and click HTTP Headers.
  4. Click the Security (0/15) button.
  5. Click Edit beside Feature-Policy.
  6. Click On.
  7. Check the box for each feature you’ll include in the policy, the access list, and external domains as needed. Access list options:
    * – allowed
    'self' – allowed only from same domain
    origin(s) allowed only from specified domains (separated by a comma)
    'none' – disabled
  8. Click Save Changes.
Check the box beside a browser feature to enable its settings

Test your results at SecurityHeaders.com. Learn more about Feature-Policy at Mozilla.org.

Thoughts on “HTTP Headers WordPress Plugin – Feature Policy

Was this article helpful? Let us know!