[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fBciUeR8OH6-FVFDR3_QsR7mjD_EwcuGZHx7bPipl9qI":3,"$frxaQa9On6CuCaDlcejMRDnMsEAc6JffYJ-i9wlO0lJg":197,"$fNOQo9mVprw8_Nl5TlXz2EFN6TDLCi50UqyLmTnu31AY":202},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28,"discovery_status":29,"vulnerabilities":30,"developer":31,"crawl_stats":27,"alternatives":36,"analysis":135,"fingerprints":178},"boundaryguard-headers","BoundaryGuard Headers","1.0.0","Jay Suthar","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsjack74\u002F","\u003Cp>BoundaryGuard Headers enforces modern HTTP security headers to harden your WordPress site against XSS, clickjacking, mixed content, and cross-origin attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Essential Protection:\u003C\u002Fstrong> Adds X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy to reduce attack surface and prevent clickjacking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HSTS (Strict Transport Security):\u003C\u002Fstrong> Forces HTTPS connections to help prevent protocol downgrade and man-in-the-middle attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Isolation (COOP\u002FCOEP):\u003C\u002Fstrong> Enables Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy to improve cross-origin isolation and mitigate certain side-channel attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Security Policy (CSP):\u003C\u002Fstrong> One of the strongest defenses against XSS. Includes a dashboard-based CSP builder with preset options to whitelist trusted sources for scripts, styles, images, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Report-Only Mode:\u003C\u002Fstrong> Test your policy safely without blocking content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Header Hardening:\u003C\u002Fstrong> Removes or limits exposure of headers such as \u003Ccode>X-Powered-By\u003C\u002Fcode> and \u003Ccode>Server\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast:\u003C\u002Fstrong> Uses PHP headers for broad server compatibility and minimal performance impact.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No \u003Ccode>.htaccess\u003C\u002Fcode> Editing Required:\u003C\u002Fstrong> Works without modifying server configuration files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Designed for developers and site owners who want stronger security without unnecessary complexity.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin provides a Content Security Policy (CSP) builder. To assist users, it includes “Preset Buttons” that allow users to quickly add domain names to their own CSP whitelist.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin DOES NOT connect to, load data from, or send data to these services automatically.\u003C\u002Fstrong> The following third-party domains are referenced as presets within the admin dashboard for whitelisting purposes:\u003Cbr \u002F>\n* Google Analytics (www.google-analytics.com) – Used for tracking whitelisting. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Google Tag Manager (www.googletagmanager.com) – Used for tag management. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Stripe (js.stripe.com, api.stripe.com) – Used for payment processing. [Privacy: https:\u002F\u002Fstripe.com\u002Fprivacy]\u003Cbr \u002F>\n* Facebook (www.facebook.com, connect.facebook.net) – Used for social embeds. [Privacy: https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php]\u003Cbr \u002F>\n* YouTube (www.youtube.com, i.ytimg.com) – Used for video embeds. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Vimeo (player.vimeo.com) – Used for video embeds. [Privacy: https:\u002F\u002Fvimeo.com\u002Fprivacy]\u003Cbr \u002F>\n* Gravatar (secure.gravatar.com) – Used for user avatars. [Privacy: https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F]\u003C\u002Fp>\n","Automatically enforces essential HTTP security headers to protect your site from XSS, clickjacking, and protocol downgrade attacks.",0,178,100,1,"2026-01-05T08:19:00.000Z","6.9.4","6.0","7.4",[20,21,22,23,24],"csp","hsts","http-headers","security","xss","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fboundaryguard-headers.1.0.0.zip",null,"2026-04-16T10:56:18.058Z","no_bundle",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"jsjack74",30,94,"2026-05-20T02:05:02.648Z",[37,57,84,103,118],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":16,"requires_at_least":50,"requires_php":18,"tags":51,"homepage":55,"download_link":56,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.3.2","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Ch4>Free Forever\u003C\u002Fh4>\n\u003Cp>Every security header, every configuration option, and every protection this plugin offers today will remain completely free. No features will ever be moved behind a paywall. Shield is a separate set of brand-new monitoring tools built on top. The free plugin gets better because Shield exists, not worse.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n\u003Ch4>Shield — Advanced Features (Optional)\u003C\u002Fh4>\n\u003Cp>Every feature this plugin offers today is and will remain completely free, forever. \u003Cstrong>Shield\u003C\u002Fstrong> is a separate set of brand-new advanced tools for professionals who need deeper monitoring and automation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Advisor\u003C\u002Fstrong> — Analyzes your configuration and gives personalized recommendations in plain language\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Guide\u003C\u002Fstrong> — Recommended tools, safe workflow, WordPress-specific CSP snippets, and CSP FAQ\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Score Dashboard\u003C\u002Fstrong> — Real-time A+ to F grade with header status for all 10 security headers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email & Webhook Alerts\u003C\u002Fstrong> — Get notified via email, Slack, Discord, Microsoft Teams, or custom webhook when something changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Violation Analytics\u003C\u002Fstrong> — See which resources browsers are blocking and why\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weekly Automated Scans\u003C\u002Fstrong> — Automatic security audit with scan history and trend tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Nothing existing moves behind a paywall. Revenue from Shield directly funds free updates and maintenance for all 100,000+ users. Learn more at \u003Ca href=\"https:\u002F\u002Fopenheaders.org\u002Fpro\" rel=\"nofollow ugc\">openheaders.org\u002Fpro\u003C\u002Fa>.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1376883,98,78,"2026-03-16T14:46:00.000Z","4.7",[52,20,53,54,21],"clickjacking","headers","headers-security","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.3.2.zip",{"slug":22,"name":58,"version":59,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":64,"downloaded":65,"rating":66,"num_ratings":67,"last_updated":68,"tested_up_to":69,"requires_at_least":70,"requires_php":71,"tags":72,"homepage":77,"download_link":78,"security_score":79,"vuln_count":80,"unpatched_count":81,"last_vuln_date":82,"fetched_at":83},"HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,718486,86,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[73,74,75,22,76],"cors-headers","csp-header","custom-headers","security-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",29,7,3,"2026-04-21 19:13:19","2026-04-06T09:54:40.288Z",{"slug":85,"name":86,"version":87,"author":88,"author_profile":89,"description":90,"short_description":91,"active_installs":92,"downloaded":93,"rating":66,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":25,"download_link":101,"security_score":102,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,34086,6,"2022-08-09T17:33:00.000Z","6.1.10","4.6","7.2",[100,20,23,76,24],"content-security-policy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",85,{"slug":104,"name":105,"version":18,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":33,"downloaded":110,"rating":11,"num_ratings":11,"last_updated":111,"tested_up_to":112,"requires_at_least":113,"requires_php":98,"tags":114,"homepage":116,"download_link":117,"security_score":13,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":83},"security-headers-caching","Security Headers & Caching","Studio Be4","https:\u002F\u002Fprofiles.wordpress.org\u002Fstudiobe4\u002F","\u003Cp>Security Headers & Caching is a comprehensive WordPress plugin that helps protect your website by implementing essential HTTP security headers and optimizing performance through intelligent caching mechanisms. Compatible with all hosting providers including Aruba, SiteGround, Bluehost, and more.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong> – Simple admin interface to enable\u002Fdisable security headers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Security Headers\u003C\u002Fstrong> – Comprehensive security header support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Caching\u003C\u002Fstrong> – Configurable cache duration for better performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong> – Works with all hosting providers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – Compatible with popular security and caching plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong> – Full internationalization support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>X-Powered-By\u003C\u002Fstrong> – Removes server technology information to prevent targeted attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content-Security-Policy (CSP)\u003C\u002Fstrong> – Controls which resources can be loaded to prevent XSS attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strict-Transport-Security (HSTS)\u003C\u002Fstrong> – Forces HTTPS connections for enhanced security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-XSS-Protection\u003C\u002Fstrong> – Enables XSS filtering in older browsers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-Frame-Options\u003C\u002Fstrong> – Prevents clickjacking attacks by controlling iframe embedding\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-Content-Type-Options\u003C\u002Fstrong> – Prevents MIME type sniffing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer-Policy\u003C\u002Fstrong> – Controls how much referrer information is shared\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Permissions-Policy\u003C\u002Fstrong> – Controls browser features and APIs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Caching Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configurable cache duration (seconds)\u003C\u002Fli>\n\u003Cli>Automatic cache headers management\u003C\u002Fli>\n\u003Cli>Compatible with CDN services\u003C\u002Fli>\n\u003Cli>No conflict with existing cache plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Security Headers Matter\u003C\u002Fh4>\n\u003Cp>Security headers are HTTP response headers that tell your browser how to behave when handling your website’s content. They help protect against:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cross-Site Scripting (XSS) attacks\u003C\u002Fli>\n\u003Cli>Clickjacking attempts\u003C\u002Fli>\n\u003Cli>Code injection attacks\u003C\u002Fli>\n\u003Cli>MIME type sniffing\u003C\u002Fli>\n\u003Cli>Protocol downgrade attacks\u003C\u002Fli>\n\u003Cli>And much more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cp>The plugin provides filters for developers to customize headers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>shc_security_headers\u003C\u002Fcode> – Filter to modify security headers array\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Test Your Security\u003C\u002Fh4>\n\u003Cp>After installing and configuring the plugin, test your site’s security at:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">Security Headers\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fobservatory.mozilla.org\u002F\" rel=\"nofollow ugc\">Mozilla Observatory\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect, store, or transmit any user data. It only modifies HTTP response headers sent by your server.\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>shc_security_headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Modify the security headers before they are sent.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'shc_security_headers', function( $headers ) {\n    \u002F\u002F Add custom header\n    $headers['X-Custom-Header'] = 'custom-value';\n\n    \u002F\u002F Modify existing header\n    $headers['X-Frame-Options'] = 'DENY';\n\n    return $headers;\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Constants\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>SHC_VERSION\u003C\u002Fcode> – Plugin version number\u003C\u002Fli>\n\u003Cli>\u003Ccode>SHC_PLUGIN_DIR\u003C\u002Fcode> – Plugin directory path\u003C\u002Fli>\n\u003Cli>\u003Ccode>SHC_PLUGIN_URL\u003C\u002Fcode> – Plugin directory URL\u003C\u002Fli>\n\u003Cli>\u003Ccode>SHC_PLUGIN_BASENAME\u003C\u002Fcode> – Plugin basename\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports, please visit:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.studiobe4.it\" rel=\"nofollow ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fwww.studiobe4.it\" rel=\"nofollow ugc\">Studio Be4\u003C\u002Fa> – Web Design & Development Agency\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Enhance your WordPress site security with HTTP security headers and improve performance with smart caching. Works with all hosting providers.",879,"2025-10-08T11:04:00.000Z","6.8.5","5.9",[115,20,53,21,23],"cache","https:\u002F\u002Fwww.studiobe4.it\u002Fsecurity-headers-caching","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-headers-caching.7.4.zip",{"slug":119,"name":120,"version":121,"author":122,"author_profile":123,"description":124,"short_description":125,"active_installs":126,"downloaded":127,"rating":34,"num_ratings":81,"last_updated":128,"tested_up_to":129,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":133,"download_link":134,"security_score":102,"vuln_count":11,"unpatched_count":11,"last_vuln_date":27,"fetched_at":28},"sea-sp-community-edition","SeaSP Community Edition","1.8.3","bluetriangle","https:\u002F\u002Fprofiles.wordpress.org\u002Fbluetriangle\u002F","\u003Cp>SeaSP Community Edition is an automated \u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong>. SeaSP allows you to create, configure, manage, and deploy a Content Security Policy for your site.\u003C\u002Fp>\n\u003Cp>The WordPress SeaSP Community Edition plugin catalogs the domains that appear on your site. Categorize and filter out unwanted domains. Add a layer of WordPress security site from Magecart and other cross-site scripting attacks to keep your WordPress site safe.\u003C\u002Fp>\n\u003Cp>SeaSP installs a strict non-blocking CSP to collect violation data and provide a violation report. Violation data flows into the WordPress database as a PHP option within the plugin options schema. Violations can be approved by domains and categorized by directives (CSS, fonts, images, JS, etc.). You can also approve base domains and subdomains. The SeaSP UI helps users by explaining what each directive does, and how to use them to create a CSP.\u003C\u002Fp>\n\u003Cp>After configuring the domain and directive settings switch the CSP to blocking mode. Once the CSP goes into blocking mode, the site’s protected from any unrecognized code. SeaSP Community Edition helps secure your site.\u003C\u002Fp>\n\u003Ch3>Upgrade Notice for 1.4 only\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>When you install this version you will need to rebuild your CSP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once installed, a strict non-blocking report-only CSP is implemented on your site. Visit each page of your site to collect CSP violations.\u003Cbr \u002F>\nVisit the Current Violations page of the plugin to review domains that have violated a directive in the CSP.\u003Cbr \u002F>\nReview each of the domains carefully and check for misspellings of common domains like adobee.com instead of adobe.com as this is a common way hackers inject content into your site.\u003Cbr \u002F>\nIf you feel confident that the domain belongs on your site and it should be serving the file type stated, click the toggle to approve the domain to include it in the CSP.\u003Cbr \u002F>\nIf you want to allow subdomains of that domain to be able to serve that type of content, click the Manage subdomains button to view the subdomains.\u003Cbr \u002F>\nAfter this process, you might still see CSP violations regarding inline scripts, inline styles, blobs, or data.\u003Cbr \u002F>\nTo allow these this type of content in the community version you must navigate to the Directive Settings page, find the offending directive, then toggle the appropriate option.\u003Cbr \u002F>\nFor convenience, each option has a tooltip explaining what it allows in your CSP.\u003C\u002Fp>\n\u003Ch3>Walk Through\u003C\u002Fh3>\n\u003Cp>A walk through video can be found on YouTube \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FXdJNh6LEKJw\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FXdJNh6LEKJw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\u003Cbr \u002F>\nThis project has been tested on WordPress up to version 5.8 on both single and multi-site instances.\u003Cbr \u002F>\nThe project can be found on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fblue-triangle-tech\u002Fsea-sp-community-edition\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003Cbr \u002F>\nThis project is sponsored by \u003Ca href=\"www.bluetriangle.com\" rel=\"nofollow ugc\">Blue Triangle\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Third Party Libraries\u003C\u002Fh3>\n\u003Cp>We use \u003Ca href=\"https:\u002F\u002Fgetbootstrap.com\u002F\" rel=\"nofollow ugc\">Bootstrap\u003C\u002Fa> for the UI of our plugin to make the interface clean and simple.\u003Cbr \u002F>\nBootstraps license can be found \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwbs\u002Fbootstrap\u002Fblob\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We use \u003Ca href=\"https:\u002F\u002Fwww.bootstraptoggle.com\u002F\" rel=\"nofollow ugc\">bootstrap toggle\u003C\u002Fa> because simple check boxes can be confusing and we wanted our CSP mangers UI to feel easy. This code was developed for The New York Times by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fminhur\" rel=\"nofollow ugc\">Min Hur\u003C\u002Fa> and is licensed under \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT\" rel=\"nofollow ugc\">MIT\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fchoosealicense.com\u002Flicenses\u002Fgpl-3.0\u002F\" rel=\"nofollow ugc\">GNU\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Opt In usage data collection\u003C\u002Fh3>\n\u003Cp>As of version 1.5 users will be able to opt-in for data collection to help us determine how many people are using our plugin and what features we should be working on in future version. This can be managed in the Usage Data Settings page. We collect and send the following data:\u003Cbr \u002F>\n1. wordpress version\u003Cbr \u002F>\n2. wordpress debug mode\u003Cbr \u002F>\n3. wordpress multisite\u003Cbr \u002F>\n4. the base url that the plugin is on ex; www.bluetriangle.com\u003Cbr \u002F>\nThis data is only accessible to the Blue Triangle organization and will be used to determine our user base and feature planning.\u003C\u002Fp>\n","SeaSP Community Edition is an automated Content Security Policy Manager. SeaSP allows you to create, configure, manage, and deploy a Content Security  &hellip;",20,4291,"2021-07-19T19:09:00.000Z","5.8.13","5.1","7.0",[100,20,22,23],"https:\u002F\u002Fbluetrianglemarketing.github.io\u002FSeaSP-Community-Edition\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsea-sp-community-edition.1.8.3.zip",{"attackSurface":136,"codeSignals":165,"taintFlows":173,"riskAssessment":174,"analyzedAt":177},{"hooks":137,"ajaxHandlers":161,"restRoutes":162,"shortcodes":163,"cronEvents":164,"entryPointCount":11,"unprotectedCount":11},[138,144,148,152,155,158],{"type":139,"name":140,"callback":141,"file":142,"line":143},"action","admin_menu","menu","includes\u002Fadmin\u002Fclass-boundaryguard-headers-admin.php",13,{"type":139,"name":145,"callback":146,"file":142,"line":147},"admin_enqueue_scripts","assets",14,{"type":139,"name":149,"callback":150,"file":142,"line":151},"admin_init","register_settings",15,{"type":139,"name":149,"callback":153,"file":142,"line":154},"handle_toggle",16,{"type":139,"name":156,"callback":156,"priority":14,"file":157,"line":154},"send_headers","includes\u002Fclass-boundaryguard-headers.php",{"type":139,"name":145,"callback":159,"file":157,"line":160},"enqueue_deactivation_script",19,[],[],[],[],{"dangerousFunctions":166,"sqlUsage":167,"outputEscaping":169,"fileOperations":11,"externalRequests":11,"nonceChecks":81,"capabilityChecks":14,"bundledLibraries":172},[],{"prepared":11,"raw":11,"locations":168},[],{"escaped":170,"rawEcho":11,"locations":171},125,[],[],[],{"summary":175,"deductions":176},"The boundaryguard-headers v1.0.0 plugin demonstrates a strong security posture based on the provided static analysis. There are no identified attack surface points such as AJAX handlers, REST API routes, shortcodes, or cron events that could be exploited. The code also exhibits excellent security practices with 100% of SQL queries using prepared statements and all output being properly escaped. The absence of file operations and external HTTP requests further minimizes potential risks.  The plugin correctly implements nonce checks and capability checks, indicating developers are aware of standard WordPress security mechanisms.\n\nThe vulnerability history is entirely clean, with no recorded CVEs or past security incidents. This lack of historical vulnerabilities, combined with the robust static analysis findings, suggests a well-developed and secure plugin. The plugin's focus appears to be on header management, which inherently limits its attack surface.  However, it's worth noting that the very limited attack surface might also mean the plugin's functionality is not extensive.  Overall, this plugin appears to be very secure, with no immediate red flags or concerns based on the data provided. The strengths significantly outweigh any potential, albeit unevidenced, weaknesses.",[],"2026-04-16T14:25:53.294Z",{"wat":179,"direct":188},{"assetPaths":180,"generatorPatterns":183,"scriptPaths":184,"versionParams":185},[181,182],"\u002Fwp-content\u002Fplugins\u002Fboundaryguard-headers\u002Fassets\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fboundaryguard-headers\u002Fassets\u002Fjs\u002Fadmin-script.js",[],[182],[186,187],"boundaryguard-headers\u002Fassets\u002Fcss\u002Fadmin-style.css?ver=","boundaryguard-headers\u002Fassets\u002Fjs\u002Fadmin-script.js?ver=",{"cssClasses":189,"htmlComments":190,"htmlAttributes":191,"restEndpoints":193,"jsGlobals":194,"shortcodeOutput":196},[],[],[192],"data-nonce-value",[],[195],"boundaryguard_headers_localize",[],{"error":198,"url":199,"statusCode":200,"statusMessage":201,"message":201},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fboundaryguard-headers\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":14,"versions":203},[204],{"version":6,"download_url":26,"svn_tag_url":205,"released_at":27,"has_diff":206,"diff_files_changed":207,"diff_lines":27,"trac_diff_url":27,"vulnerabilities":208,"is_current":198},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fboundaryguard-headers\u002Ftags\u002F1.0.0\u002F",false,[],[]]