WordPress plugin that uses Fetch Metadata Request Headers to protect your site from clickjacking, reflected XSS, cross-origin attacks like cross-site request forgery (CSRF), cross-site script inclusion (XSSI), timing attacks, cross-origin information leaks or speculative execution side-channel (Spectre) attacks. The plugin includes a resource isolation policy and a navigation isolation policy by default.
Read more about Fetch Metadata on web.dev.
- WordPress >= 5.0
- PHP >= 5.6
Any kind of contributions to Fetch Metadata are welcome. Please read the contributing guidelines to get started.