It was throw away comment in announcement for this plugin.
https://waters.me/wordpress/wordpress-plugin-security-headers/
It does depend what you are doing but out of the box WordPress serves most pages from PHP, and renders the whole lot from scratch, this can result in a substantial effort per page, and typically a small server can only serve a few 10’s of requests a second without tuning.
If the sites traffic is mostly static content, then you can serve it via a CDN, and put a short cache time in for all (public) pages. This primarily addresses the “thundering herd” problem. e.g. Too many people reading one blog post, or page, crushes your server.
If you have more complex site, with lots of interactivity, then you may need to think about other optimisations.
Deploying high profile site in the UK we used CloudFlare. They were excellent, and offer a free service, but you pay a lot for branded errors, and other fancy bits. But the host we used has a Varnish cache in front of their web servers already (Varnish is awesome, but not easy to deploy especially with HTTPS), so CloudFlare was more about stopping abuse than speed, although CDNs will cache static content close to the user and you can’t fool the speed of light when serving content internationally.
Also one can look at other server level optimisations (APC is mentioned, but also PHP7) before jumping to plugins that try and poke deeply at the innards of WordPress, and add complexity in the application layer.
https://codex.www.ads-software.com/WordPress_Optimization
I guess what I’m saying is look at the sections “Server-Side caching” and “Off loading”, server optimisations, browser caching etc before leaping straight to the plugins. They seem quick and easy to deploy, but they achieve it by poking .htaccess, and sticking half rendered content into the file system, and other messy tricks.
Good Apache config can get Apache to do the caching Varnish would do, and get you from 10’s of pages a second to 100’s of pages a second, for most folk that is sufficient.
Always measure every change when considering performance, I used to use Apache Benchmark (ab) for this.
I’ll follow up with the cache plugins when I get some time, see if we can work with them better. I deliberately avoided “.htaccess” tweaks and the likes with the plugin as I wanted to stay “Web server” neutral, as the target market of people using hosted WordPress often means they have weird web servers (e.g. not Apache or NGINX), or weird configurations.