[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fu68ap0P1cMhB3XhTIQiK7WP8q_XsQz5vydypHA9p5-g":3},{"slug":4,"display_name":5,"profile_url":6,"plugin_count":7,"total_installs":8,"avg_security_score":9,"avg_patch_time_days":10,"trust_score":11,"computed_at":12,"plugins":13},"jsjack74","Jay Suthar","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsjack74\u002F",1,0,100,30,94,"2026-05-20T00:14:21.436Z",[14],{"slug":15,"name":16,"version":17,"author":5,"author_profile":6,"description":18,"short_description":19,"active_installs":8,"downloaded":20,"rating":9,"num_ratings":7,"last_updated":21,"tested_up_to":22,"requires_at_least":23,"requires_php":24,"tags":25,"homepage":31,"download_link":32,"security_score":9,"vuln_count":8,"unpatched_count":8,"last_vuln_date":33,"fetched_at":34},"boundaryguard-headers","BoundaryGuard Headers","1.0.0","\u003Cp>BoundaryGuard Headers enforces modern HTTP security headers to harden your WordPress site against XSS, clickjacking, mixed content, and cross-origin attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Essential Protection:\u003C\u002Fstrong> Adds X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy to reduce attack surface and prevent clickjacking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HSTS (Strict Transport Security):\u003C\u002Fstrong> Forces HTTPS connections to help prevent protocol downgrade and man-in-the-middle attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Isolation (COOP\u002FCOEP):\u003C\u002Fstrong> Enables Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy to improve cross-origin isolation and mitigate certain side-channel attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Security Policy (CSP):\u003C\u002Fstrong> One of the strongest defenses against XSS. Includes a dashboard-based CSP builder with preset options to whitelist trusted sources for scripts, styles, images, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Report-Only Mode:\u003C\u002Fstrong> Test your policy safely without blocking content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Header Hardening:\u003C\u002Fstrong> Removes or limits exposure of headers such as \u003Ccode>X-Powered-By\u003C\u002Fcode> and \u003Ccode>Server\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast:\u003C\u002Fstrong> Uses PHP headers for broad server compatibility and minimal performance impact.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No \u003Ccode>.htaccess\u003C\u002Fcode> Editing Required:\u003C\u002Fstrong> Works without modifying server configuration files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Designed for developers and site owners who want stronger security without unnecessary complexity.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin provides a Content Security Policy (CSP) builder. To assist users, it includes “Preset Buttons” that allow users to quickly add domain names to their own CSP whitelist.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin DOES NOT connect to, load data from, or send data to these services automatically.\u003C\u002Fstrong> The following third-party domains are referenced as presets within the admin dashboard for whitelisting purposes:\u003Cbr \u002F>\n* Google Analytics (www.google-analytics.com) – Used for tracking whitelisting. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Google Tag Manager (www.googletagmanager.com) – Used for tag management. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Stripe (js.stripe.com, api.stripe.com) – Used for payment processing. [Privacy: https:\u002F\u002Fstripe.com\u002Fprivacy]\u003Cbr \u002F>\n* Facebook (www.facebook.com, connect.facebook.net) – Used for social embeds. [Privacy: https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php]\u003Cbr \u002F>\n* YouTube (www.youtube.com, i.ytimg.com) – Used for video embeds. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Vimeo (player.vimeo.com) – Used for video embeds. [Privacy: https:\u002F\u002Fvimeo.com\u002Fprivacy]\u003Cbr \u002F>\n* Gravatar (secure.gravatar.com) – Used for user avatars. [Privacy: https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F]\u003C\u002Fp>\n","Automatically enforces essential HTTP security headers to protect your site from XSS, clickjacking, and protocol downgrade attacks.",178,"2026-01-05T08:19:00.000Z","6.9.4","6.0","7.4",[26,27,28,29,30],"csp","hsts","http-headers","security","xss","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fboundaryguard-headers.1.0.0.zip",null,"2026-04-16T10:56:18.058Z"]