[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwfEFuyNvMhhrWt7l0puizu65qMu_hly3tslMLty6N-0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":38,"analysis":143,"fingerprints":173},"csp-antsst","CSP Friendly Security","1.5.2","Pascal CESCATO","https:\u002F\u002Fprofiles.wordpress.org\u002Fpcescato\u002F","\u003Cp>Adds a CSP header compatible with most WP plugins without breaking styles.\u003C\u002Fp>\n","Adds a CSP header compatible with most WP plugins without breaking styles.",100,2755,70,4,"2026-01-01T13:42:00.000Z","6.9.4","5.9","7.3",[20,21,22,23,24],"content-security-policy","csp","nonces","security-headers","sha256-hashes","https:\u002F\u002Ftsw.ovh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-antsst.1.5.2.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":34,"avg_security_score":11,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"pcescato",3,6100,30,94,"2026-04-04T02:44:24.585Z",[39,61,83,106,124],{"slug":40,"name":41,"version":42,"author":43,"author_profile":44,"description":45,"short_description":46,"active_installs":47,"downloaded":48,"rating":49,"num_ratings":50,"last_updated":51,"tested_up_to":52,"requires_at_least":53,"requires_php":54,"tags":55,"homepage":58,"download_link":59,"security_score":60,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,33739,86,6,"2022-08-09T17:33:00.000Z","6.1.10","4.6","7.2",[20,21,56,23,57],"security","xss","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",85,{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":49,"num_ratings":13,"last_updated":71,"tested_up_to":72,"requires_at_least":73,"requires_php":74,"tags":75,"homepage":79,"download_link":80,"security_score":81,"vuln_count":14,"unpatched_count":27,"last_vuln_date":82,"fetched_at":29},"http-headers","HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,715994,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[76,77,78,62,23],"cors-headers","csp-header","custom-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",91,"2023-07-13 00:00:00",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":97,"requires_php":98,"tags":99,"homepage":102,"download_link":103,"security_score":81,"vuln_count":104,"unpatched_count":27,"last_vuln_date":105,"fetched_at":29},"gd-security-headers","GD Security Headers","1.8","Milan Petrovic","https:\u002F\u002Fprofiles.wordpress.org\u002Fgdragon\u002F","\u003Cp>Configure various security-related HTTP headers, including Content Security Policy, Feature Policy, Referrer Policy and more. For CSP and XSS plugin supports report logging with 2 additional database tables to store reports from browsers.\u003C\u002Fp>\n\u003Ch4>Supported security headers\u003C\u002Fh4>\n\u003Cp>The plugin has support for the following HTTP headers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Content Security Policy (CSP) – with reporting\u003C\u002Fli>\n\u003Cli>XSS Protection (XXP) – with reporting\u003C\u002Fli>\n\u003Cli>Feature Policy (Permissions Policy)\u003C\u002Fli>\n\u003Cli>Content Type – No Sniff Policy\u003C\u002Fli>\n\u003Cli>Strict Transport Security\u003C\u002Fli>\n\u003Cli>Referrer Policy\u003C\u002Fli>\n\u003Cli>Frame Options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For CSP, the plugin allows you to set rules for all currently supported directives, additional settings including setting the policy in Report or Live mode. The plugin also includes special extensions that can automatically fill CSP rules for popular Google services you might be using on your website (Fonts, Maps, Adsense, Analytics, TagManager and more) and other popular services (Gravatar, Instagram, PayPal Vimeo and more).\u003C\u002Fp>\n\u003Cp>And, for Feature Policy (or Permissions Policy), the plugin allows you to set rules for all currently supported rules (over 25 rules, supported by different browsers).\u003C\u002Fp>\n\u003Ch4>FLoC \u002F Browsing Topics\u003C\u002Fh4>\n\u003Cp>Permissions Policy rules list includes ‘browsing-topics’ rule that can be used to disable Google’s new tracking method ‘Browsing Topics API’ (which replaced ‘Federated Learning of Cohorts’ or ‘FLoC’).\u003C\u002Fp>\n\u003Ch4>Methods for adding headers\u003C\u002Fh4>\n\u003Cp>The plugin can add all the generated headers into HTACCESS file (for Apache web servers), and they will be applied to all files, not just WordPress generated content. If your website is not using Apache (or .HTACCESS), all rules are generated with each page request and will work with any server type.\u003C\u002Fp>\n\u003Cp>And, if you don’t use Apache web server, the plugin has a panel where it displays generated headers for most popular servers: Apache, Nginx and IIS, and you can copy generated headers to add to server configuration files.\u003C\u002Fp>\n\u003Ch4>About the plugin\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>More information about \u003Ca href=\"https:\u002F\u002Fplugins.dev4press.com\u002Fgd-security-headers\u002F\" rel=\"nofollow ugc\">GD Security Headers\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Support and Knowledge Base for \u003Ca href=\"https:\u002F\u002Fsupport.dev4press.com\u002Fkb\u002Fproduct\u002Fgd-security-headers\u002F\" rel=\"nofollow ugc\">GD Security Headers\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","Configure various security-related HTTP headers, including CSP, XSS, Referrer Policy and more.",1000,30187,80,8,"2024-06-07T08:16:00.000Z","6.6.5","5.5","7.4",[20,21,100,101,56],"dev4press","permission-policy","https:\u002F\u002Fplugins.dev4press.com\u002Fgd-security-headers\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgd-security-headers.zip",2,"2023-10-29 00:00:00",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":114,"downloaded":115,"rating":11,"num_ratings":33,"last_updated":116,"tested_up_to":16,"requires_at_least":117,"requires_php":118,"tags":119,"homepage":58,"download_link":123,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,"2025-12-30T17:44:00.000Z","5.0","7.0",[120,20,121,23,122],"clickjacking","http-security-header","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":134,"num_ratings":50,"last_updated":135,"tested_up_to":118,"requires_at_least":136,"requires_php":137,"tags":138,"homepage":141,"download_link":142,"security_score":11,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"security-header-generator","Security Header Generator","5.4.77","Kevin Pirnie","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevp75\u002F","\u003Cp>This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.\u003C\u002Fp>\n","This plugin generates the proper security HTTP response headers to keep your site secured.",500,24333,96,"2026-02-03T14:10:00.000Z","6.0.9","8.2",[20,139,140,56,23],"permissions","permissions-policy","https:\u002F\u002Fkevinpirnie.com\u002Fblog\u002F2021\u002F10\u002F13\u002Fwordpress-plugin-security-header-generator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header-generator.5.4.77.zip",{"attackSurface":144,"codeSignals":161,"taintFlows":168,"riskAssessment":169,"analyzedAt":172},{"hooks":145,"ajaxHandlers":157,"restRoutes":158,"shortcodes":159,"cronEvents":160,"entryPointCount":27,"unprotectedCount":27},[146,152],{"type":147,"name":148,"callback":149,"priority":27,"file":150,"line":151},"filter","litespeed_buffer_after","cspantsst_lscwp_check","csp-add-nonces-to-script-and-style-tags.php",52,{"type":153,"name":154,"callback":155,"file":150,"line":156},"action","template_redirect","closure",57,[],[],[],[],{"dangerousFunctions":162,"sqlUsage":163,"outputEscaping":165,"fileOperations":27,"externalRequests":27,"nonceChecks":27,"capabilityChecks":27,"bundledLibraries":167},[],{"prepared":27,"raw":27,"locations":164},[],{"escaped":27,"rawEcho":27,"locations":166},[],[],[],{"summary":170,"deductions":171},"The \"csp-antsst\" plugin version 1.5.2 exhibits an exceptionally strong security posture based on the provided static analysis and vulnerability history.  The plugin demonstrates excellent adherence to secure coding practices by not exposing any AJAX handlers, REST API routes, shortcodes, or cron events, thereby minimizing its attack surface to zero entry points.  Furthermore, the code signals indicate a complete absence of dangerous functions, file operations, and external HTTP requests.  All SQL queries are 100% prepared, and all outputs are properly escaped, suggesting a robust defense against common injection and cross-site scripting vulnerabilities. The lack of any recorded vulnerabilities, CVEs, or taint flows further reinforces this positive assessment.",[],"2026-03-16T20:38:57.424Z",{"wat":174,"direct":180},{"assetPaths":175,"generatorPatterns":177,"scriptPaths":178,"versionParams":179},[176],"\u002Fwp-content\u002Fplugins\u002Fcsp-antsst\u002F",[],[],[],{"cssClasses":181,"htmlComments":182,"htmlAttributes":183,"restEndpoints":185,"jsGlobals":186,"shortcodeOutput":187},[],[],[184],"nonce",[],[],[]]