[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fITb5PFTh5ES-5TR1qUvODZqY5OMjP0I4T85nfSNB2m8":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":22,"download_link":23,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":35,"analysis":138,"fingerprints":177},"firstpage-sg-security-headers","Security Headers","1.0.0","Joseph Mendez","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoshme21\u002F","\u003Cp>Security headers are directives used by web applications to configure security defenses.\u003C\u002Fp>\n\u003Ch3>Why security headers important?\u003C\u002Fh3>\n\u003Cp>When auditing websites, security headers are frequently forgotten.\u003C\u002Fp>\n\u003Cp>Although some may argue that website security is unrelated to SEO, it does become so when a site is compromised and search traffic completely disappears.\u003C\u002Fp>\n\u003Cp>Everyone who publishes content online should pay special attention to security headers.\u003C\u002Fp>\n\u003Cp>Getting hacked is not good. You lose traffic, customers and it’s a pain to resolve all the issues.\u003C\u002Fp>\n\u003Cp>But good thing you’re smart and have searched for this plugin :).\u003C\u002Fp>\n","Security headers are directives used by web applications to configure security defenses.",700,4275,60,2,"2022-09-24T01:34:00.000Z","6.0.11","5.0","7.0",[20,21],"security-headers","seo-security-headers","https:\u002F\u002Fwww.firstpagedigital.sg\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffirstpage-sg-security-headers.1.0.0.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":31,"total_installs":11,"avg_security_score":24,"avg_patch_time_days":32,"trust_score":33,"computed_at":34},"joshme21",1,30,84,"2026-04-04T02:14:06.683Z",[36,61,83,102,121],{"slug":37,"name":38,"version":39,"author":40,"author_profile":41,"description":42,"short_description":43,"active_installs":44,"downloaded":45,"rating":46,"num_ratings":47,"last_updated":48,"tested_up_to":49,"requires_at_least":50,"requires_php":51,"tags":52,"homepage":56,"download_link":57,"security_score":58,"vuln_count":59,"unpatched_count":25,"last_vuln_date":60,"fetched_at":27},"http-headers","HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,715994,86,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[53,54,55,37,20],"cors-headers","csp-header","custom-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",91,4,"2023-07-13 00:00:00",{"slug":62,"name":63,"version":64,"author":65,"author_profile":66,"description":67,"short_description":68,"active_installs":69,"downloaded":70,"rating":46,"num_ratings":71,"last_updated":72,"tested_up_to":73,"requires_at_least":74,"requires_php":75,"tags":76,"homepage":81,"download_link":82,"security_score":24,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"csp-manager","Content Security Policy Manager","1.2.1","Patrick Sletvold","https:\u002F\u002Fprofiles.wordpress.org\u002F16patsle\u002F","\u003Cp>\u003Cstrong>Content Security Policy Manager\u003C\u002Fstrong> is a WordPress plugin that allows you to easily configure \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fen-US\u002Fdocs\u002FWeb\u002FHTTP\u002FCSP\" rel=\"nofollow ugc\">Content Security Policy headers\u003C\u002Fa> for your site. You can have different CSP headers for the admin interface, the frontend for logged in users, and the frontend for regular visitors. The CSP directives can be individually enabled, and each policy can be set to enforce, report or be disabled.\u003C\u002Fp>\n\u003Cp>Please note that this plugin offers limited help in figuring out what the contents of the policy should be. It only lets you configure the CSP in a easy to use interface.\u003C\u002Fp>\n","Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors",2000,33739,6,"2022-08-09T17:33:00.000Z","6.1.10","4.6","7.2",[77,78,79,20,80],"content-security-policy","csp","security","xss","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-manager.1.2.1.zip",{"slug":84,"name":85,"version":86,"author":87,"author_profile":88,"description":89,"short_description":90,"active_installs":91,"downloaded":92,"rating":93,"num_ratings":94,"last_updated":95,"tested_up_to":96,"requires_at_least":17,"requires_php":18,"tags":97,"homepage":81,"download_link":101,"security_score":93,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,100,3,"2025-12-30T17:44:00.000Z","6.9.4",[98,77,99,20,100],"clickjacking","http-security-header","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"slug":103,"name":104,"version":105,"author":106,"author_profile":107,"description":108,"short_description":109,"active_installs":110,"downloaded":111,"rating":112,"num_ratings":71,"last_updated":113,"tested_up_to":18,"requires_at_least":114,"requires_php":115,"tags":116,"homepage":119,"download_link":120,"security_score":93,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"security-header-generator","Security Header Generator","5.4.77","Kevin Pirnie","https:\u002F\u002Fprofiles.wordpress.org\u002Fkevp75\u002F","\u003Cp>This plugin generates the proper security HTTP response headers, attempts to generate a valid Content Security Policy, and sets browser permissions if configured.\u003C\u002Fp>\n","This plugin generates the proper security HTTP response headers to keep your site secured.",500,24333,96,"2026-02-03T14:10:00.000Z","6.0.9","8.2",[77,117,118,79,20],"permissions","permissions-policy","https:\u002F\u002Fkevinpirnie.com\u002Fblog\u002F2021\u002F10\u002F13\u002Fwordpress-plugin-security-header-generator\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header-generator.5.4.77.zip",{"slug":122,"name":123,"version":124,"author":125,"author_profile":126,"description":127,"short_description":128,"active_installs":93,"downloaded":129,"rating":47,"num_ratings":59,"last_updated":130,"tested_up_to":96,"requires_at_least":131,"requires_php":132,"tags":133,"homepage":136,"download_link":137,"security_score":93,"vuln_count":25,"unpatched_count":25,"last_vuln_date":26,"fetched_at":27},"csp-antsst","CSP Friendly Security","1.5.2","Pascal CESCATO","https:\u002F\u002Fprofiles.wordpress.org\u002Fpcescato\u002F","\u003Cp>Adds a CSP header compatible with most WP plugins without breaking styles.\u003C\u002Fp>\n","Adds a CSP header compatible with most WP plugins without breaking styles.",2755,"2026-01-01T13:42:00.000Z","5.9","7.3",[77,78,134,20,135],"nonces","sha256-hashes","https:\u002F\u002Ftsw.ovh\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcsp-antsst.1.5.2.zip",{"attackSurface":139,"codeSignals":160,"taintFlows":167,"riskAssessment":168,"analyzedAt":176},{"hooks":140,"ajaxHandlers":156,"restRoutes":157,"shortcodes":158,"cronEvents":159,"entryPointCount":25,"unprotectedCount":25},[141,147,152],{"type":142,"name":143,"callback":144,"file":145,"line":146},"filter","mod_rewrite_rules","add_fpd_security_headers","firstpage-sg-security-headers.php",31,{"type":148,"name":149,"callback":150,"file":145,"line":151},"action","send_headers","fpd_headers_send_header",38,{"type":142,"name":153,"callback":154,"file":145,"line":155},"wp_headers","fpd_headers_wp_headers",45,[],[],[],[],{"dangerousFunctions":161,"sqlUsage":162,"outputEscaping":164,"fileOperations":25,"externalRequests":25,"nonceChecks":25,"capabilityChecks":25,"bundledLibraries":166},[],{"prepared":25,"raw":25,"locations":163},[],{"escaped":25,"rawEcho":25,"locations":165},[],[],[],{"summary":169,"deductions":170},"The plugin 'firstpage-sg-security-headers' v1.0.0 demonstrates a strong security posture based on the provided static analysis. There are no identified AJAX handlers, REST API routes, shortcodes, or cron events, which significantly limits the attack surface. The code also shows a commendable adherence to secure coding practices, with all SQL queries utilizing prepared statements and all outputs being properly escaped. The absence of dangerous functions, file operations, external HTTP requests, and identifiable taint flows further contributes to its robust security profile.  The plugin's vulnerability history is also clean, with no recorded CVEs, indicating a well-maintained and secure codebase.\n\nWhile the current analysis shows no immediate risks, it's important to note that the absence of nonce checks and capability checks is a potential concern. Although the attack surface is currently zero, if any entry points were to be introduced in future versions without proper authorization mechanisms, this could lead to security vulnerabilities.  However, given the current state, the plugin is assessed as highly secure. The lack of identified vulnerabilities in its history suggests a proactive approach to security by the developers.  The plugin's strengths lie in its minimal attack surface and excellent adherence to fundamental secure coding principles. The primary area for cautious monitoring would be the introduction of new functionalities without a corresponding increase in security checks.",[171,174],{"reason":172,"points":173},"Missing Nonce Checks",5,{"reason":175,"points":173},"Missing Capability Checks","2026-03-16T19:23:53.601Z",{"wat":178,"direct":183},{"assetPaths":179,"generatorPatterns":180,"scriptPaths":181,"versionParams":182},[],[],[],[],{"cssClasses":184,"htmlComments":185,"htmlAttributes":187,"restEndpoints":188,"jsGlobals":189,"shortcodeOutput":190},[],[186],"#FPD - Custom Headers Security",[],[],[],[]]