[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fwDq8slg1BJ2OtbtHQHmFmg1RSpLqKq6aS01pWG6oYKM":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":22,"download_link":23,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":28,"crawl_stats":25,"alternatives":35,"analysis":134,"fingerprints":158},"do-not-iframe-me","Do Not Iframe Me","0.1","Jesse Lee","https:\u002F\u002Fprofiles.wordpress.org\u002Fwordpressplugindeveloper\u002F","\u003Cp>A simple plugin that is designed to avoid clickjacking attacks by ensuring your wordpress isn’t iframed in other websites.\u003C\u002Fp>\n","Do Not Iframe My Wordpress Site",10,1672,0,"2013-03-12T02:02:00.000Z","3.5.2","3.0","",[19,20,21],"clickjacking","iframe","security","http:\u002F\u002Fwww.wpactions.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fdo-not-iframe-me.0.1.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":29,"display_name":7,"profile_url":8,"plugin_count":30,"total_installs":31,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"wordpressplugindeveloper",2,20,30,84,"2026-04-04T05:26:41.754Z",[36,60,78,97,117],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":57,"download_link":58,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.2.5","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>All Free Features\u003C\u002Fstrong>\u003Cbr \u002F>\nThe \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> version includes all the free features.\u003C\u002Fp>\n\u003Cp>We have implemented \u003Cstrong>FLoC (Federated Learning of Cohorts)\u003C\u002Fstrong>, using best practices. First, using \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> prevents the browser from including your site in the “cohort calculation” on \u003Cstrong>FLoC (Federated Learning of Cohorts)\u003C\u002Fstrong>. This means that nothing can call document.interestCohort() to get the FLoC ID of the currently used client. Obviously, this does nothing outside of your currently visited site and does not “disable” FLoC on the client beyond that scope.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1308613,98,77,"2026-01-18T14:24:00.000Z","6.9.4","4.7","7.4",[19,53,54,55,56],"csp","headers","headers-security","hsts","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.2.5.zip",100,{"slug":61,"name":62,"version":63,"author":64,"author_profile":65,"description":66,"short_description":67,"active_installs":68,"downloaded":69,"rating":59,"num_ratings":70,"last_updated":71,"tested_up_to":49,"requires_at_least":72,"requires_php":17,"tags":73,"homepage":76,"download_link":77,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"wp-anti-clickjack","WP Anti-Clickjack","1.8.0","Andy Feliciotti","https:\u002F\u002Fprofiles.wordpress.org\u002Fsomeguy9\u002F","\u003Cp>WP Anti-Clickjack is a powerful security plugin that helps prevent your WordPress site from being vulnerable to clickjacking attacks. Clickjacking is a malicious technique where an attacker tricks users into clicking on a concealed link or button by overlaying it on your legitimate website.\u003C\u002Fp>\n\u003Cp>This plugin implements two key defense mechanisms:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\n\u003Cp>\u003Cstrong>X-Frame-Options Header\u003C\u002Fstrong>: The plugin adds the \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> HTTP header to your site’s responses. This header instructs web browsers to prevent other websites from embedding your site within an iframe, effectively blocking clickjacking attempts.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>\u003Cstrong>OWASP’s Legacy Browser Frame Breaking Script\u003C\u002Fstrong>: The plugin includes a modified version of OWASP’s legacy browser frame breaking script. This script prevents other sites from putting your site in an iframe, even in browsers that don’t support the X-Frame-Options header. The script is optimized to work seamlessly in browsers with and without JavaScript enabled.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>By combining these two security measures, WP Anti-Clickjack provides comprehensive protection against clickjacking attacks, ensuring the safety and integrity of your WordPress site.\u003C\u002Fp>\n\u003Cp>For more information about clickjacking defense techniques, refer to the \u003Ca href=\"https:\u002F\u002Fcheatsheetseries.owasp.org\u002Fcheatsheets\u002FClickjacking_Defense_Cheat_Sheet.html\" rel=\"nofollow ugc\">OWASP Clickjacking Defense Cheat Sheet\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Adds the \u003Ccode>X-Frame-Options: SAMEORIGIN\u003C\u002Fcode> HTTP header to prevent clickjacking\u003C\u002Fli>\n\u003Cli>Includes a modified version of OWASP’s legacy browser frame breaking script\u003C\u002Fli>\n\u003Cli>Compatible with popular page builders and editors like Elementor, Divi, WPBakery, Bricks, Breakdance, Oxygen, and more\u003C\u002Fli>\n\u003Cli>Provides filters to disable the anti-clickjacking measures when needed\u003C\u002Fli>\n\u003Cli>Easy to install and configure\u003C\u002Fli>\n\u003Cli>Regularly updated and tested with the latest WordPress versions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Additional Details\u003C\u002Fh4>\n\u003Cp>If you need to disable the clickjacking JavaScript on a specific page, you can use the following filter in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_anti_clickjack', '__return_false');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>To disable the clickjacking X-Frame-Options HTTP header, use this filter in your theme’s \u003Ccode>functions.php\u003C\u002Fcode> file:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter('wp_anti_clickjack_x_frame_options_header', '__return_false');\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Protect Your WordPress Site From Clickjacking Attacks by Adding the X-Frame-Options Header and Owasp's Legacy Browser Frame Breaking Script.",4000,47033,3,"2026-01-12T15:11:00.000Z","5.0.0",[74,75,19,21],"anti-click-jacking","browser-frame-breaking-script","https:\u002F\u002Fdrawne.com\u002Fwordpress-anti-clickjack-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-anti-clickjack.1.8.0.zip",{"slug":79,"name":80,"version":81,"author":82,"author_profile":83,"description":84,"short_description":85,"active_installs":86,"downloaded":87,"rating":59,"num_ratings":70,"last_updated":88,"tested_up_to":49,"requires_at_least":89,"requires_php":90,"tags":91,"homepage":17,"download_link":96,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,"2025-12-30T17:44:00.000Z","5.0","7.0",[19,92,93,94,95],"content-security-policy","http-security-header","security-headers","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"slug":98,"name":99,"version":100,"author":101,"author_profile":102,"description":103,"short_description":104,"active_installs":11,"downloaded":105,"rating":59,"num_ratings":106,"last_updated":107,"tested_up_to":108,"requires_at_least":89,"requires_php":17,"tags":109,"homepage":115,"download_link":116,"security_score":59,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"automatic-break-iframes","SpamShieldX","1.2","Alireza Nejati","https:\u002F\u002Fprofiles.wordpress.org\u002Falireza-nejati\u002F","\u003Cp>SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevents unwanted spam sources, keeping your site secure and optimized.\u003C\u002Fp>\n\u003Cp>Whether you’re a blogger, website owner, or developer, SpamShieldX is the perfect tool to enhance your site’s security and performance. Our plugin is lightweight, easy to configure, and seamlessly integrates into your WordPress site.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Block iframe abuse\u003C\u002Fli>\n\u003Cli>Prevent spam from harmful sources\u003C\u002Fli>\n\u003Cli>Protect your content and improve security\u003C\u002Fli>\n\u003Cli>Easy to use and setup\u003C\u002Fli>\n\u003Cli>Regular updates for maximum security\u003C\u002Fli>\n\u003C\u002Ful>\n","SpamShieldX is the ultimate solution for protecting your WordPress website from spam and iframe abuse. Our plugin blocks malicious iframes and prevent &hellip;",2276,1,"2025-04-28T07:01:00.000Z","6.8.5",[110,111,112,113,114],"anti-spam","iframe-blocker","spam-protection","website-security","wordpress-firewall","http:\u002F\u002Fazarsys.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fautomatic-break-iframes.1.2.zip",{"slug":118,"name":119,"version":120,"author":121,"author_profile":122,"description":123,"short_description":124,"active_installs":13,"downloaded":125,"rating":13,"num_ratings":13,"last_updated":126,"tested_up_to":127,"requires_at_least":128,"requires_php":129,"tags":130,"homepage":132,"download_link":133,"security_score":24,"vuln_count":13,"unpatched_count":13,"last_vuln_date":25,"fetched_at":26},"simons-framekiller","Simons FrameKiller","0.1.0","Simon Scherieble","https:\u002F\u002Fprofiles.wordpress.org\u002Fscherieble\u002F","\u003Cp>Simons FrameKiller is a small WordPress plugin that does nothing more than adding the frame killer code to the header of the page.\u003Cbr \u002F>\nI created this plugin for a project but thought that perhaps others might want to use it too. The plugin is provided “as is” without warranty.\u003Cbr \u002F>\nI am a development worker in South Sudan where I try to help a small NGO with IT. You can read more about me on https:\u002F\u002Fsimonspage.de\u003C\u002Fp>\n","Simons FrameKiller adds the framekiller code to a Wordpress page",816,"2021-08-17T15:52:00.000Z","5.6.17","5.2","7.2",[131,20,21],"frame","https:\u002F\u002Fsimonspage.de\u002Fsimons-framekiller","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimons-framekiller.0.1.0.zip",{"attackSurface":135,"codeSignals":146,"taintFlows":153,"riskAssessment":154,"analyzedAt":157},{"hooks":136,"ajaxHandlers":142,"restRoutes":143,"shortcodes":144,"cronEvents":145,"entryPointCount":13,"unprotectedCount":13},[137],{"type":138,"name":139,"callback":140,"file":141,"line":11},"action","template_redirect","do_not_iframe_me","do-not-iframe-me.php",[],[],[],[],{"dangerousFunctions":147,"sqlUsage":148,"outputEscaping":150,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":152},[],{"prepared":13,"raw":13,"locations":149},[],{"escaped":13,"rawEcho":13,"locations":151},[],[],[],{"summary":155,"deductions":156},"The static analysis of the \"do-not-iframe-me\" plugin v0.1 reveals a remarkably clean codebase with no identified attack surface through common entry points like AJAX, REST API, shortcodes, or cron events. Furthermore, the code demonstrates good security practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and ensuring all outputs are properly escaped. There are also no file operations or external HTTP requests, and no indications of missing nonce or capability checks, which further strengthens its security posture.\n\nThe taint analysis shows zero flows with unsanitized paths, indicating that data handling within the plugin is likely secure. The vulnerability history is also completely clean, with no known CVEs recorded for this plugin at any severity level. This suggests a well-maintained and secure plugin, or at least one that has not yet been a target for exploitation or discovered vulnerabilities.\n\nOverall, the \"do-not-iframe-me\" plugin v0.1 presents a very strong security posture. The absence of any identified vulnerabilities or potential attack vectors in the static analysis, coupled with a clean vulnerability history, is highly commendable. While the plugin's functionality might be limited, its implementation appears to prioritize security effectively, making it a low-risk addition to a WordPress site.",[],"2026-03-17T01:24:31.072Z",{"wat":159,"direct":164},{"assetPaths":160,"generatorPatterns":161,"scriptPaths":162,"versionParams":163},[],[],[],[],{"cssClasses":165,"htmlComments":166,"htmlAttributes":167,"restEndpoints":168,"jsGlobals":169,"shortcodeOutput":170},[],[],[],[],[],[]]