[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fa9RIgK6Z9ZtzaDMl1rVK_oO-HDcJwSXZgRxksTLwAvI":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":13,"last_updated":14,"tested_up_to":15,"requires_at_least":16,"requires_php":17,"tags":18,"homepage":24,"download_link":25,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28,"vulnerabilities":29,"developer":30,"crawl_stats":27,"alternatives":38,"analysis":137,"fingerprints":167},"eazy-http-headers","Eazy HTTP Headers","1.1.0","Rob Scott","https:\u002F\u002Fprofiles.wordpress.org\u002Fr0bsc0tt\u002F","\u003Cp>Eazy HTTP Headers provides three check boxes for settings on the general settings page.\u003Cbr \u002F>\nTwo of the check boxes, activate two functions built into WordPress, send_frame_options_header() & send_nosniff_header(), while the other sets a header for X-XSS Protection.\u003Cbr \u002F>\nThis allows you to control your sites HTTP Headers for X-Frame-Options & X-Content-Type-Options using functions built into WordPress functions.\u003C\u002Fp>\n","Provides settings to activate three HTTP header settings for X-Frame-Options, X-XSS Protection & X-Content-Type-Options.",30,2100,0,"2018-01-02T20:12:00.000Z","4..9.1","4.5","",[19,20,21,22,23],"http-headers","nosniff","security","x-content","x-frame","http:\u002F\u002Frobjscott.com\u002Fwordpress\u002Fplugins\u002Feazy-http-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feazy-http-headers.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":33,"avg_security_score":34,"avg_patch_time_days":35,"trust_score":36,"computed_at":37},"r0bsc0tt",8,1860,88,99,71,"2026-04-04T05:12:39.548Z",[39,64,82,98,119],{"slug":19,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":51,"requires_at_least":52,"requires_php":53,"tags":54,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":13,"last_vuln_date":63,"fetched_at":28},"HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,715994,86,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[55,56,57,19,58],"cors-headers","csp-header","custom-headers","security-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",91,4,"2023-07-13 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":72,"num_ratings":74,"last_updated":75,"tested_up_to":76,"requires_at_least":77,"requires_php":17,"tags":78,"homepage":17,"download_link":81,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"simple-iframe-buster","Simple Iframe Buster","1.1.1","Mikel King","https:\u002F\u002Fprofiles.wordpress.org\u002Fvizkr\u002F","\u003Cp>Provides a method of adding X-Frame-Options to the http headers for sites hosted in an environment that does not grant access to\u003Cbr \u002F>\nthe webserver config, .htaccess or lack mod_headers type facility.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sets X-Frame-Options to SAMEORIGIN\u003C\u002Fli>\n\u003Cli>Enqueue iframe blocking javascript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>This is my arbitrary section. There’s really nothing special to add because this is truly a simple plugin with no settings or configuration. Turn it on and block the iframe content thieves. Much of this can also be achieve by working with a good hosting provider. If you are board then head over to my content site \u003Ca href=\"https:\u002F\u002Fwww.jafdip.com\" rel=\"nofollow ugc\">JAFDIP\u003C\u002Fa>.\u003C\u002Fp>\n","Provides a method of setting the X-Frame-Options header to SAMEORIGIN. Also enqueues a javascript based iframe blocker.",100,6274,2,"2021-08-13T21:10:00.000Z","5.7.15","3.9",[19,79,80],"iframe","x-frame-options","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-iframe-buster.zip",{"slug":83,"name":84,"version":85,"author":86,"author_profile":87,"description":88,"short_description":89,"active_installs":90,"downloaded":91,"rating":13,"num_ratings":13,"last_updated":92,"tested_up_to":93,"requires_at_least":94,"requires_php":17,"tags":95,"homepage":96,"download_link":97,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"wp-secure-http-headers","WP Secure HTTP Headers","1.1","WP Academic","https:\u002F\u002Fprofiles.wordpress.org\u002Feastsidecode\u002F","\u003Cp>This WordPress Plugin add secure headers to you WordPress site.\u003C\u002Fp>\n\u003Cp>The Following Headers are included:\u003Cbr \u002F>\n– Strict-Transport-Security: Enforces SSL if your website is using SSL (which it should be)\u003Cbr \u002F>\n– X-Frame-Options: Prevents Clickjacking\u003Cbr \u002F>\n– X-XSS-Protection: Prevents XSS attacks\u003Cbr \u002F>\n– X-Content-Type-Options: set to ‘nosniff to prevent MIME-type sniffing\u003Cbr \u002F>\n– Referrer-Policy: set to ‘no-referrer-when-downgrade’\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No setup required!\u003C\u002Fli>\n\u003C\u002Ful>\n","License: GPLv2 or later WordPress plugin to add secure headers to your website.",40,1195,"2019-06-17T12:37:00.000Z","5.2.24","4.3",[19,21],"https:\u002F\u002Feastsidecode.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-secure-http-headers.zip",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":108,"num_ratings":109,"last_updated":110,"tested_up_to":111,"requires_at_least":112,"requires_php":113,"tags":114,"homepage":117,"download_link":118,"security_score":26,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"sea-sp-community-edition","SeaSP Community Edition","1.8.3","bluetriangle","https:\u002F\u002Fprofiles.wordpress.org\u002Fbluetriangle\u002F","\u003Cp>SeaSP Community Edition is an automated \u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong>. SeaSP allows you to create, configure, manage, and deploy a Content Security Policy for your site.\u003C\u002Fp>\n\u003Cp>The WordPress SeaSP Community Edition plugin catalogs the domains that appear on your site. Categorize and filter out unwanted domains. Add a layer of WordPress security site from Magecart and other cross-site scripting attacks to keep your WordPress site safe.\u003C\u002Fp>\n\u003Cp>SeaSP installs a strict non-blocking CSP to collect violation data and provide a violation report. Violation data flows into the WordPress database as a PHP option within the plugin options schema. Violations can be approved by domains and categorized by directives (CSS, fonts, images, JS, etc.). You can also approve base domains and subdomains. The SeaSP UI helps users by explaining what each directive does, and how to use them to create a CSP.\u003C\u002Fp>\n\u003Cp>After configuring the domain and directive settings switch the CSP to blocking mode. Once the CSP goes into blocking mode, the site’s protected from any unrecognized code. SeaSP Community Edition helps secure your site.\u003C\u002Fp>\n\u003Ch3>Upgrade Notice for 1.4 only\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>When you install this version you will need to rebuild your CSP\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Usage\u003C\u002Fh3>\n\u003Cp>Once installed, a strict non-blocking report-only CSP is implemented on your site. Visit each page of your site to collect CSP violations.\u003Cbr \u002F>\nVisit the Current Violations page of the plugin to review domains that have violated a directive in the CSP.\u003Cbr \u002F>\nReview each of the domains carefully and check for misspellings of common domains like adobee.com instead of adobe.com as this is a common way hackers inject content into your site.\u003Cbr \u002F>\nIf you feel confident that the domain belongs on your site and it should be serving the file type stated, click the toggle to approve the domain to include it in the CSP.\u003Cbr \u002F>\nIf you want to allow subdomains of that domain to be able to serve that type of content, click the Manage subdomains button to view the subdomains.\u003Cbr \u002F>\nAfter this process, you might still see CSP violations regarding inline scripts, inline styles, blobs, or data.\u003Cbr \u002F>\nTo allow these this type of content in the community version you must navigate to the Directive Settings page, find the offending directive, then toggle the appropriate option.\u003Cbr \u002F>\nFor convenience, each option has a tooltip explaining what it allows in your CSP.\u003C\u002Fp>\n\u003Ch3>Walk Through\u003C\u002Fh3>\n\u003Cp>A walk through video can be found on YouTube \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FXdJNh6LEKJw\" rel=\"nofollow ugc\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FXdJNh6LEKJw?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Contributing\u003C\u002Fh3>\n\u003Cp>Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\u003Cbr \u002F>\nThis project has been tested on WordPress up to version 5.8 on both single and multi-site instances.\u003Cbr \u002F>\nThe project can be found on \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fblue-triangle-tech\u002Fsea-sp-community-edition\" rel=\"nofollow ugc\">github\u003C\u002Fa>.\u003Cbr \u002F>\nThis project is sponsored by \u003Ca href=\"www.bluetriangle.com\" rel=\"nofollow ugc\">Blue Triangle\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Third Party Libraries\u003C\u002Fh3>\n\u003Cp>We use \u003Ca href=\"https:\u002F\u002Fgetbootstrap.com\u002F\" rel=\"nofollow ugc\">Bootstrap\u003C\u002Fa> for the UI of our plugin to make the interface clean and simple.\u003Cbr \u002F>\nBootstraps license can be found \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ftwbs\u002Fbootstrap\u002Fblob\u002Fmain\u002FLICENSE\" rel=\"nofollow ugc\">here\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We use \u003Ca href=\"https:\u002F\u002Fwww.bootstraptoggle.com\u002F\" rel=\"nofollow ugc\">bootstrap toggle\u003C\u002Fa> because simple check boxes can be confusing and we wanted our CSP mangers UI to feel easy. This code was developed for The New York Times by \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fminhur\" rel=\"nofollow ugc\">Min Hur\u003C\u002Fa> and is licensed under \u003Ca href=\"https:\u002F\u002Fopensource.org\u002Flicenses\u002FMIT\" rel=\"nofollow ugc\">MIT\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fchoosealicense.com\u002Flicenses\u002Fgpl-3.0\u002F\" rel=\"nofollow ugc\">GNU\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Opt In usage data collection\u003C\u002Fh3>\n\u003Cp>As of version 1.5 users will be able to opt-in for data collection to help us determine how many people are using our plugin and what features we should be working on in future version. This can be managed in the Usage Data Settings page. We collect and send the following data:\u003Cbr \u002F>\n1. wordpress version\u003Cbr \u002F>\n2. wordpress debug mode\u003Cbr \u002F>\n3. wordpress multisite\u003Cbr \u002F>\n4. the base url that the plugin is on ex; www.bluetriangle.com\u003Cbr \u002F>\nThis data is only accessible to the Blue Triangle organization and will be used to determine our user base and feature planning.\u003C\u002Fp>\n","SeaSP Community Edition is an automated Content Security Policy Manager. SeaSP allows you to create, configure, manage, and deploy a Content Security  &hellip;",20,4225,94,3,"2021-07-19T19:09:00.000Z","5.8.13","5.1","7.0",[115,116,19,21],"content-security-policy","csp","https:\u002F\u002Fbluetrianglemarketing.github.io\u002FSeaSP-Community-Edition\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsea-sp-community-edition.1.8.3.zip",{"slug":120,"name":121,"version":122,"author":123,"author_profile":124,"description":125,"short_description":126,"active_installs":127,"downloaded":128,"rating":72,"num_ratings":74,"last_updated":129,"tested_up_to":51,"requires_at_least":130,"requires_php":131,"tags":132,"homepage":134,"download_link":135,"security_score":136,"vuln_count":13,"unpatched_count":13,"last_vuln_date":27,"fetched_at":28},"abdal-security-headers","Abdal Security Headers","5.1.3","Ebrahim Shafiei (EbraSha)","https:\u002F\u002Fprofiles.wordpress.org\u002Fprofshafiei\u002F","\u003Cp>Abdal Security Headers is a powerful WordPress plugin that enhances your website’s security through HTTP security headers. It provides an easy-to-use interface for managing security policies and protecting against common web vulnerabilities.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Modern UI with iOS-style switches\u003C\u002Fli>\n\u003Cli>Real-time CSP Header Preview\u003C\u002Fli>\n\u003Cli>Automatic security header configuration\u003C\u002Fli>\n\u003Cli>Protection against XSS attacks\u003C\u002Fli>\n\u003Cli>Prevention of clickjacking attempts\u003C\u002Fli>\n\u003Cli>MIME-type sniffing protection\u003C\u002Fli>\n\u003Cli>Strict HTTPS enforcement\u003C\u002Fli>\n\u003Cli>Full RTL support\u003C\u002Fli>\n\u003Cli>Mobile-responsive interface\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Security Headers Managed:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security (HSTS)\u003C\u002Fli>\n\u003Cli>Content-Security-Policy (CSP)\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Languages\u003C\u002Fh3>\n\u003Cp>This plugin is available in the following languages:\u003Cbr \u002F>\n– English (en_US)\u003Cbr \u002F>\n– Persian (fa_IR)\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is released under the \u003Cstrong>GPLv2 or later\u003C\u002Fstrong> License.\u003Cbr \u002F>\nLicense details: \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fa>\u003C\u002Fp>\n","Enhance WordPress security with essential HTTP security headers, protecting against XSS, clickjacking, and other common web vulnerabilities.",10,2827,"2025-03-13T14:27:00.000Z","5.0","7.2",[115,133,21,58,80],"hsts","https:\u002F\u002Fgithub.com\u002Febrasha\u002Fabdal-security-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fabdal-security-headers.5.1.3.zip",92,{"attackSurface":138,"codeSignals":155,"taintFlows":162,"riskAssessment":163,"analyzedAt":166},{"hooks":139,"ajaxHandlers":151,"restRoutes":152,"shortcodes":153,"cronEvents":154,"entryPointCount":13,"unprotectedCount":13},[140,147],{"type":141,"name":142,"callback":143,"priority":144,"file":145,"line":146},"action","send_headers","eazyHTTPHeader",1,"eazy-http-headers-action.php",9,{"type":141,"name":148,"callback":149,"file":150,"line":146},"admin_init","eazyHTTPhead_settings_init","eazy-http-headers-settings.php",[],[],[],[],{"dangerousFunctions":156,"sqlUsage":157,"outputEscaping":159,"fileOperations":13,"externalRequests":13,"nonceChecks":13,"capabilityChecks":13,"bundledLibraries":161},[],{"prepared":13,"raw":13,"locations":158},[],{"escaped":13,"rawEcho":13,"locations":160},[],[],[],{"summary":164,"deductions":165},"The eazy-http-headers plugin v1.1.0 exhibits an exceptionally strong security posture based on the provided static analysis. The complete absence of any detected attack surface entry points, coupled with the lack of dangerous function usage, raw SQL queries, file operations, external HTTP requests, or unescaped output, indicates a highly secure codebase. This suggests that the plugin developers have adhered to best practices for secure WordPress development, meticulously sanitizing and validating any potential inputs and outputs, and ensuring all interactions are handled safely. The lack of any recorded vulnerabilities, past or present, further reinforces this positive assessment, pointing towards a well-maintained and robust plugin.\n\nHowever, the complete lack of any detected flows in the taint analysis, while seemingly positive, could also indicate that the analysis itself was limited or that the plugin's functionality is extremely basic and does not involve complex data handling that would trigger taint flow detection. While the current state is excellent, it's important to consider if the plugin's intended functionality is fully covered by the analysis. In conclusion, eazy-http-headers v1.1.0 appears to be a remarkably secure plugin, with no immediate security concerns identified from the provided data. Its strengths lie in its minimal attack surface and adherence to secure coding principles. The only minor consideration is the possibility that the analysis might not have uncovered latent issues due to an extremely simple code structure.",[],"2026-03-16T22:28:14.844Z",{"wat":168,"direct":177},{"assetPaths":169,"generatorPatterns":172,"scriptPaths":173,"versionParams":174},[170,171],"\u002Fwp-content\u002Fplugins\u002Feazy-http-headers\u002Fassets\u002Fcss\u002Feazy-http-headers.css","\u002Fwp-content\u002Fplugins\u002Feazy-http-headers\u002Fassets\u002Fjs\u002Feazy-http-headers.js",[],[171],[175,176],"eazy-http-headers\u002Fassets\u002Fcss\u002Feazy-http-headers.css?ver=","eazy-http-headers\u002Fassets\u002Fjs\u002Feazy-http-headers.js?ver=",{"cssClasses":178,"htmlComments":179,"htmlAttributes":180,"restEndpoints":181,"jsGlobals":182,"shortcodeOutput":183},[],[],[],[],[],[]]