I’ve updated the WordPress Security headers plugin.
Added support for Referrer-Policy headers.
Some contributions from third parties including one that renamed the plugin “Security Headers” in the plugins list as there were two plug-ins listed as “HTTP Headers”.
There is a request to add Content Security Policies, any ideas on the best approach to making this vaguely useable to normal people, or people with lots of plugins, welcome on that support request.
Please report bugs or place feature requests on the support page.