I have developed a plugin WPDoctor WordPress Secure, a super lightweight and since there are no settings you will barely even notice that it's there, but you're protected!
It does it ALL automatically.
There are ZERO settings.
Simply install and activate the plugin.
Prevent The 4 Most Common Types Of Attacks On WordPress Sites In 1-Click...
XSS Attack Prevention - WPDOCTOR WordPress Secure protects against this type of injection attack, which occurs when malicious scripts can be injected into WordPress sites through a visitors browser. Flaws that allow these attacks to succeed are widespread. Our plugin automatically configures X-XSS-Protection.
Prevent Content Sniffing through X-Content-Type-Options - WPDoctor WordPress Secure sets X-Content-Type-Options which stops a browser from trying to MIME-sniff the content type and forces it to stick with the declared content-type which can lead to XXS attacks on your site.
WPDoctor WordPress Secure automatically sets X-Frame-Options which tells the browser whether you want to allow your site to be framed or not. By preventing a browser from framing your site you can defend against attacks like clickjacking.
Referrer-Policy - Referrer Policy is a new header that allows a site to control how much information the browser includes with navigations away from a document and should be set by all WordPress sites. WPDoctor WordPress Secure sets these automatically.
These types of attacks represent 85% of all WordPress attacks and you can stop them in 1-click!
If you are interested, submit a ticket and we shall install this plugin for FREE, on your WordPress Websites.