[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fe1viE1DQ9IRl6I5DJsM1a9AWVlX7Q-pc9o4ZQSa0OEs":3,"$fCfkp43qB7xY0h0DoXDMwk1VPmRkvv3B0-cm6X60Sxsw":182,"$fFvICbdf-IKLOQraYcKgFn5YvzbvJfXyP95lbBjXqTao":187},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":11,"num_ratings":11,"last_updated":13,"tested_up_to":14,"requires_at_least":15,"requires_php":16,"tags":17,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"discovery_status":28,"vulnerabilities":29,"developer":30,"crawl_stats":26,"alternatives":36,"analysis":115,"fingerprints":160},"headershield","HeaderShield","1.0.14","Vishwa","https:\u002F\u002Fprofiles.wordpress.org\u002Fsbvi1122\u002F","\u003Cp>HeaderShield adds a conservative set of security headers that improve browser protection without breaking most sites. It also provides optional strict cross-origin protections for sites that are ready for them.\u003C\u002Fp>\n\u003Cp>Default headers include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-XSS-Protection (legacy)\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy (upgrade-insecure-requests)\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security (HTTPS only)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Strict Mode can additionally enable COEP, COOP, and CORP for stronger isolation, but may break third‑party scripts or embeds. Use with care and test on staging first.\u003C\u002Fp>\n\u003Ch4>Source code for third-party assets\u003C\u002Fh4>\n\u003Cp>The admin UI uses SlimSelect for the multi-select dropdown. Human-readable source is included in the plugin:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>JavaScript: \u003Ccode>assets\u002Fjs\u002Fslimselect.js\u003C\u002Fcode> (minified build: \u003Ccode>assets\u002Fjs\u002Fslimselect.min.js\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>CSS: \u003Ccode>assets\u002Fcss\u002Fslimselect.css\u003C\u002Fcode> (minified build: \u003Ccode>assets\u002Fcss\u002Fslimselect.min.css\u003C\u002Fcode>)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Upstream project: https:\u002F\u002Fgithub.com\u002Fbrianvoe\u002Fslim-select (MIT). This plugin does not use a custom build process; the included files are from the published release.\u003C\u002Fp>\n","Add safe, modern HTTP security headers with optional strict cross-origin protections and a simple admin UI.",0,84,"2026-03-20T10:25:00.000Z","6.9.4","5.0","7.4",[18,19,20,21,22],"csp","hardening","headers","hsts","security","","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheadershield.1.0.14.zip",100,null,"2026-04-06T09:54:40.288Z","no_bundle",[],{"slug":31,"display_name":7,"profile_url":8,"plugin_count":32,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":33,"trust_score":34,"computed_at":35},"sbvi1122",1,30,94,"2026-05-20T02:51:09.927Z",[37,57,73,88,101],{"slug":38,"name":39,"version":40,"author":41,"author_profile":42,"description":43,"short_description":44,"active_installs":45,"downloaded":46,"rating":47,"num_ratings":48,"last_updated":49,"tested_up_to":14,"requires_at_least":50,"requires_php":16,"tags":51,"homepage":54,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"headers-security-advanced-hsts-wp","Headers Security Advanced & HSTS WP","5.3.2","Andrea Ferro","https:\u002F\u002Fprofiles.wordpress.org\u002Funicorn03\u002F","\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don’t have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced & HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.\u003C\u002Fp>\n\u003Cp>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.\u003C\u002Fp>\n\u003Cp>Check out the best features of \u003Cstrong>Headers Security Advanced & HSTS WP:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>X-XSS-Protection (Deprecated)\u003C\u002Fli>\n\u003Cli>Pragma (Deprecated)\u003C\u002Fli>\n\u003Cli>Public-Key-Pins (Deprecated)\u003C\u002Fli>\n\u003Cli>Expect-CT (Deprecated)\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>X-Content-Security-Policy\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>HTTP Strict Transport Security \u002F HSTS\u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Strict-dynamic\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>FLoC (Federated Learning of Cohorts)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on \u003Cstrong>OWASP CSRF\u003C\u002Fstrong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>HTTP security headers are a critical part of your website’s security. After automatic implementation with Headers Security Advanced & HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.\u003C\u002Fp>\n\u003Cp>We have put a lot of effort into making the most important services operational with \u003Cstrong>Content Security Policy (CSP)\u003C\u002Fstrong>, below are some examples that we have tested and used with \u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>CSP usage for \u003Cstrong>Google Tag Manager\u003C\u002Fstrong>\u003Cbr \u002F>\nworld’s most popular tag manager\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Gravatar\u003C\u002Fstrong>\u003Cbr \u002F>\nAvatar service for WordPress and Social sites\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WordPress Internal Media\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport WordPress media\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Youtube Embedded Video SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Youtube embedded frames and JS SDK\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>CookieLaw\u003C\u002Fstrong>\u003Cbr \u002F>\nprivacy technology to meet regulatory requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Mailchimp\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mailchimp automation, SDK and modules\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Google Fonts\u003C\u002Fstrong>\u003Cbr \u002F>\nyou’re not loading it on the page, chances are one of your SDKs is using it\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Facebook\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Facebook SDK functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Stripe\u003C\u002Fstrong>\u003Cbr \u002F>\nhighly secure online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>New Relic\u003C\u002Fstrong>\u003Cbr \u002F>\nit’s a registration and monitoring utility\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Linkedin Tags + SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Linkedin Insight, Linkedin Ads and SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>OneTrust\u003C\u002Fstrong>\u003Cbr \u002F>\nOneTrust support helps companies manage privacy requirements\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Moat\u003C\u002Fstrong>\u003Cbr \u002F>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>jQuery\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport of jQuery – JS library\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Widgets & SDKs\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Connect, Widgets and the Twitter client-side SDK\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google Maps\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport Google Maps as The ggpht used by streetview\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Quantcast Choice\u003C\u002Fstrong>\u003Cbr \u002F>\nQuantcast support for privacy such as GDPR and CCPA\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Twitter Ads & Analytics\u003C\u002Fstrong>\u003Cbr \u002F>\nTwitter support for advertising and Analytics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Paypal\u003C\u002Fstrong>\u003Cbr \u002F>\nPayPal support for online payment system\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Drift\u003C\u002Fstrong>\u003Cbr \u002F>\nDrift and Driftt support\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cookiebot\u003C\u002Fstrong>\u003Cbr \u002F>\ncookie and tracker support, GDPR\u002FePrivacy and CCPA compliance\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Vimeo Embedded Videos SDK\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport frames, JS SDK, Froogaloop integration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>AppNexus (now Xandr)\u003C\u002Fstrong>\u003Cbr \u002F>\nAppNexus support for custom retargeting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Mixpanel\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport analytics tool with SDK\u002FJS to collect client-side data\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Font Awesome\u003C\u002Fstrong>\u003Cbr \u002F>\ntoolkit support for fonts and icons over CSS and Less\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Google reCAPTCHA\u003C\u002Fstrong>\u003Cbr \u002F>\nreCAPTCHA support for fraud and bot protection\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Bootstrap\u003C\u002Fstrong> CDN\u003Cbr \u002F>\nBootstrap support for CSS frameworks\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>HubSpot\u003C\u002Fstrong>\u003Cbr \u002F>\nHubspot support with many features, used for monitoring and mkt functionality\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Hotjar\u003C\u002Fstrong>\u003Cbr \u002F>\nHotjar tracker support for analytics and metrics\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>WP.com\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for wp.com hosting\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Akamai mPulse\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Akamai mPulse, for origin and perimeter integrations\u003C\u002Fli>\n\u003Cli>CSP usage for \u003Cstrong>Cloudflare – Rocket-Loader & Mirage\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport for Mirage libraries for performance acceleration\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>Cloudflare – CDN.js\u003C\u002Fstrong>\u003Cbr \u002F>\nCloudflare’s open CDN support with multiple libraries\u003C\u002Fli>\n\u003Cli>Using CSP for \u003Cstrong>jsDelivr\u003C\u002Fstrong>\u003Cbr \u002F>\nsupport jsDelivr free CDN for Open Source\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Headers Security Advanced & HSTS WP\u003C\u002Fstrong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Integration with Sentry, Report URI, URIports and Datadog\u003C\u002Fstrong>\u003Cbr \u002F>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\u003Cbr \u002F>\n  * Receive detailed reports on content security policy (CSP) violations.\u003Cbr \u002F>\n  * Monitor and analyze JavaScript exceptions occurring on their site.\u003Cbr \u002F>\n  * Benefit from advanced tools for proactive troubleshooting.\u003C\u002Fp>\n\u003Cp>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.\u003C\u002Fp>\n\u003Ch4>Free Forever\u003C\u002Fh4>\n\u003Cp>Every security header, every configuration option, and every protection this plugin offers today will remain completely free. No features will ever be moved behind a paywall. Shield is a separate set of brand-new monitoring tools built on top. The free plugin gets better because Shield exists, not worse.\u003C\u002Fp>\n\u003Cp>Even though \u003Cstrong>FLoC\u003C\u002Fstrong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We’ve created a special \u003Cstrong>“automatic blocking of FLoC”\u003C\u002Fstrong> feature, trying to always \u003Cstrong>offer the best tool with privacy protection and cyber security\u003C\u002Fstrong> as main targets and focus.\u003C\u002Fp>\n\u003Cp>Analyze your site before and after using \u003Cem>Headers Security Advanced & HSTS WP\u003C\u002Fem> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \u002F HSTS best practices.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Check HTTP Security Headers on \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">securityheaders.com\u003C\u002Fa> \u003C\u002Fli>\n\u003Cli>Check HTTP Strict Transport Security \u002F HSTS at \u003Ca href=\"https:\u002F\u002Fhstspreload.org\u002F\" rel=\"nofollow ugc\">hstspreload.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check WebPageTest at \u003Ca href=\"https:\u002F\u002Fwww.webpagetest.org\u002F\" rel=\"nofollow ugc\">webpagetest.org\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check HSTS test website \u003Ca href=\"https:\u002F\u002Fgf.dev\u002Fhsts-test\u002F\" rel=\"nofollow ugc\">gf.dev\u002Fhsts-test\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP test website \u003Ca href=\"https:\u002F\u002Fcsper.io\u002Fevaluator\" rel=\"nofollow ugc\">csper.io\u002Fevaluator\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Check CSP Evaluator \u003Ca href=\"https:\u002F\u002Fcsp-evaluator.withgoogle.com\u002F\" rel=\"nofollow ugc\">csp-evaluator.withgoogle.com\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>CSP Content Security Policy Generator \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fcontent-security-policy-gen\u002F\" rel=\"nofollow ugc\">addons.mozilla.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.\u003C\u002Fp>\n\u003Ch4>Shield — Advanced Features (Optional)\u003C\u002Fh4>\n\u003Cp>Every feature this plugin offers today is and will remain completely free, forever. \u003Cstrong>Shield\u003C\u002Fstrong> is a separate set of brand-new advanced tools for professionals who need deeper monitoring and automation:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Security Advisor\u003C\u002Fstrong> — Analyzes your configuration and gives personalized recommendations in plain language\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Guide\u003C\u002Fstrong> — Recommended tools, safe workflow, WordPress-specific CSP snippets, and CSP FAQ\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Security Score Dashboard\u003C\u002Fstrong> — Real-time A+ to F grade with header status for all 10 security headers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Email & Webhook Alerts\u003C\u002Fstrong> — Get notified via email, Slack, Discord, Microsoft Teams, or custom webhook when something changes\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Violation Analytics\u003C\u002Fstrong> — See which resources browsers are blocking and why\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Weekly Automated Scans\u003C\u002Fstrong> — Automatic security audit with scan history and trend tracking\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Nothing existing moves behind a paywall. Revenue from Shield directly funds free updates and maintenance for all 100,000+ users. Learn more at \u003Ca href=\"https:\u002F\u002Fopenheaders.org\u002Fpro\" rel=\"nofollow ugc\">openheaders.org\u002Fpro\u003C\u002Fa>.\u003C\u002Fp>\n","Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\u002FHTTPS.",90000,1376883,98,78,"2026-03-16T14:46:00.000Z","4.7",[52,18,20,53,21],"clickjacking","headers-security","https:\u002F\u002Fopenheaders.org","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheaders-security-advanced-hsts-wp.5.3.2.zip","2026-04-16T10:56:18.058Z",{"slug":58,"name":59,"version":16,"author":60,"author_profile":61,"description":62,"short_description":63,"active_installs":33,"downloaded":64,"rating":11,"num_ratings":11,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":71,"download_link":72,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"security-headers-caching","Security Headers & Caching","Studio Be4","https:\u002F\u002Fprofiles.wordpress.org\u002Fstudiobe4\u002F","\u003Cp>Security Headers & Caching is a comprehensive WordPress plugin that helps protect your website by implementing essential HTTP security headers and optimizing performance through intelligent caching mechanisms. Compatible with all hosting providers including Aruba, SiteGround, Bluehost, and more.\u003C\u002Fp>\n\u003Ch4>Key Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Easy Configuration\u003C\u002Fstrong> – Simple admin interface to enable\u002Fdisable security headers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Security Headers\u003C\u002Fstrong> – Comprehensive security header support\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Smart Caching\u003C\u002Fstrong> – Configurable cache duration for better performance\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Universal Compatibility\u003C\u002Fstrong> – Works with all hosting providers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No Conflicts\u003C\u002Fstrong> – Compatible with popular security and caching plugins\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Translation Ready\u003C\u002Fstrong> – Full internationalization support\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Security Headers Included\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>X-Powered-By\u003C\u002Fstrong> – Removes server technology information to prevent targeted attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content-Security-Policy (CSP)\u003C\u002Fstrong> – Controls which resources can be loaded to prevent XSS attacks\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Strict-Transport-Security (HSTS)\u003C\u002Fstrong> – Forces HTTPS connections for enhanced security\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-XSS-Protection\u003C\u002Fstrong> – Enables XSS filtering in older browsers\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-Frame-Options\u003C\u002Fstrong> – Prevents clickjacking attacks by controlling iframe embedding\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-Content-Type-Options\u003C\u002Fstrong> – Prevents MIME type sniffing\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer-Policy\u003C\u002Fstrong> – Controls how much referrer information is shared\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Permissions-Policy\u003C\u002Fstrong> – Controls browser features and APIs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Caching Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Configurable cache duration (seconds)\u003C\u002Fli>\n\u003Cli>Automatic cache headers management\u003C\u002Fli>\n\u003Cli>Compatible with CDN services\u003C\u002Fli>\n\u003Cli>No conflict with existing cache plugins\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Why Security Headers Matter\u003C\u002Fh4>\n\u003Cp>Security headers are HTTP response headers that tell your browser how to behave when handling your website’s content. They help protect against:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Cross-Site Scripting (XSS) attacks\u003C\u002Fli>\n\u003Cli>Clickjacking attempts\u003C\u002Fli>\n\u003Cli>Code injection attacks\u003C\u002Fli>\n\u003Cli>MIME type sniffing\u003C\u002Fli>\n\u003Cli>Protocol downgrade attacks\u003C\u002Fli>\n\u003Cli>And much more…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Developer Friendly\u003C\u002Fh4>\n\u003Cp>The plugin provides filters for developers to customize headers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ccode>shc_security_headers\u003C\u002Fcode> – Filter to modify security headers array\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Test Your Security\u003C\u002Fh4>\n\u003Cp>After installing and configuring the plugin, test your site’s security at:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\u002F\" rel=\"nofollow ugc\">Security Headers\u003C\u002Fa>\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fobservatory.mozilla.org\u002F\" rel=\"nofollow ugc\">Mozilla Observatory\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Privacy\u003C\u002Fh4>\n\u003Cp>This plugin does not collect, store, or transmit any user data. It only modifies HTTP response headers sent by your server.\u003C\u002Fp>\n\u003Ch3>Developer Documentation\u003C\u002Fh3>\n\u003Ch4>Filters\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>shc_security_headers\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Modify the security headers before they are sent.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>add_filter( 'shc_security_headers', function( $headers ) {\n    \u002F\u002F Add custom header\n    $headers['X-Custom-Header'] = 'custom-value';\n\n    \u002F\u002F Modify existing header\n    $headers['X-Frame-Options'] = 'DENY';\n\n    return $headers;\n} );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>Constants\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Ccode>SHC_VERSION\u003C\u002Fcode> – Plugin version number\u003C\u002Fli>\n\u003Cli>\u003Ccode>SHC_PLUGIN_DIR\u003C\u002Fcode> – Plugin directory path\u003C\u002Fli>\n\u003Cli>\u003Ccode>SHC_PLUGIN_URL\u003C\u002Fcode> – Plugin directory URL\u003C\u002Fli>\n\u003Cli>\u003Ccode>SHC_PLUGIN_BASENAME\u003C\u002Fcode> – Plugin basename\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cp>For support, feature requests, or bug reports, please visit:\u003Cbr \u002F>\n* \u003Ca href=\"https:\u002F\u002Fwww.studiobe4.it\" rel=\"nofollow ugc\">Plugin Website\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>Credits\u003C\u002Fh3>\n\u003Cp>Developed by \u003Ca href=\"https:\u002F\u002Fwww.studiobe4.it\" rel=\"nofollow ugc\">Studio Be4\u003C\u002Fa> – Web Design & Development Agency\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003C\u002Fp>\n","Enhance your WordPress site security with HTTP security headers and improve performance with smart caching. Works with all hosting providers.",879,"2025-10-08T11:04:00.000Z","6.8.5","5.9","7.2",[70,18,20,21,22],"cache","https:\u002F\u002Fwww.studiobe4.it\u002Fsecurity-headers-caching","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-headers-caching.7.4.zip",{"slug":74,"name":75,"version":76,"author":77,"author_profile":78,"description":79,"short_description":80,"active_installs":81,"downloaded":82,"rating":11,"num_ratings":11,"last_updated":83,"tested_up_to":66,"requires_at_least":84,"requires_php":16,"tags":85,"homepage":23,"download_link":87,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"basecloud-security-manager","BaseCloud Security Manager","1.0.26","BaseCloud","https:\u002F\u002Fprofiles.wordpress.org\u002Fbasecloud\u002F","\u003Cp>\u003Cstrong>Transform your WordPress site into a security fortress in under 2 minutes.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>BaseCloud Security Manager delivers enterprise-level security protection through advanced HTTP security headers – the same technology used by Fortune 500 companies to protect their websites. No technical expertise required.\u003C\u002Fp>\n\u003Cp>🎯 \u003Cstrong>Why Security Headers Matter:\u003C\u002Fstrong>\u003Cbr \u002F>\nSecurity headers are your website’s first line of defense, instructing browsers on how to handle your content safely. Without them, your site is vulnerable to:\u003Cbr \u002F>\n• Cross-Site Scripting (XSS) attacks – \u003Cstrong>87% of websites are vulnerable\u003C\u002Fstrong>\u003Cbr \u002F>\n• Clickjacking attacks that steal user credentials\u003Cbr \u002F>\n• Data theft through insecure connections\u003Cbr \u002F>\n• Privacy violations through referrer leaks\u003Cbr \u002F>\n• Malicious code injection\u003C\u002Fp>\n\u003Cp>✨ \u003Cstrong>What Makes BaseCloud Different:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>🚀 \u003Cstrong>One-Click Protection\u003C\u002Fstrong> – Enable military-grade security with a single click\u003Cbr \u002F>\n🔒 \u003Cstrong>Zero Configuration Required\u003C\u002Fstrong> – Smart defaults protect you instantly\u003Cbr \u002F>\n⚡ \u003Cstrong>Lightning Fast\u003C\u002Fstrong> – No performance impact on your site\u003Cbr \u002F>\n🎛️ \u003Cstrong>Full Control\u003C\u002Fstrong> – Advanced users can customize every setting\u003Cbr \u002F>\n🛠️ \u003Cstrong>Developer Friendly\u003C\u002Fstrong> – Clean, well-documented code\u003Cbr \u002F>\n🔧 \u003Cstrong>No Server Changes\u003C\u002Fstrong> – Works on any hosting provider\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Complete Security Arsenal:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎯 Master Security Switch\u003C\u002Fstrong>\u003Cbr \u002F>\nEnable all protections instantly – perfect for non-technical users who want maximum security without complexity.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔐 Force SSL\u002FHTTPS Everywhere\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically redirect all HTTP traffic to HTTPS, ensuring all data transmission is encrypted. Protects against man-in-the-middle attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🛡️ Content Security Policy (CSP)\u003C\u002Fstrong>\u003Cbr \u002F>\nThe gold standard of XSS protection. Controls exactly which scripts, styles, and resources can run on your site. Includes smart defaults that work with 99% of WordPress themes and plugins.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔒 HTTP Strict Transport Security (HSTS)\u003C\u002Fstrong>\u003Cbr \u002F>\nForces browsers to communicate exclusively over HTTPS, preventing SSL stripping attacks. Includes preload support for maximum protection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🕵️ Advanced Referrer Policy\u003C\u002Fstrong>\u003Cbr \u002F>\nProtects user privacy by controlling what information is shared when visitors click links, preventing data leaks to third parties.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎤 Permissions Policy (Feature Policy)\u003C\u002Fstrong>\u003Cbr \u002F>\nBlock unauthorized access to sensitive browser features like camera, microphone, geolocation, and payment APIs – preventing malicious sites from accessing these features.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🍪 Secure Cookie Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nAutomatically applies HttpOnly and Secure flags to session cookies, preventing JavaScript access and ensuring cookies are only sent over HTTPS.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>👻 Server Fingerprinting Protection\u003C\u002Fstrong>\u003Cbr \u002F>\nRemoves server signatures and version information that hackers use to identify vulnerabilities in your hosting setup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⚡ Essential Security Headers Included:\u003C\u002Fstrong>\u003Cbr \u002F>\n• X-Frame-Options: SAMEORIGIN (prevents clickjacking)\u003Cbr \u002F>\n• X-Content-Type-Options: nosniff (prevents MIME-type confusion attacks)\u003Cbr \u002F>\n• X-XSS-Protection: 1; mode=block (legacy XSS protection for older browsers)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>💼 Perfect For:\u003C\u002Fstrong>\u003Cbr \u002F>\n• Business owners who want enterprise security without technical complexity\u003Cbr \u002F>\n• Developers building secure WordPress applications\u003Cbr \u002F>\n• Agencies managing multiple client sites\u003Cbr \u002F>\n• Anyone serious about website security\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🎯 Use Cases:\u003C\u002Fstrong>\u003Cbr \u002F>\n• E-commerce sites handling sensitive customer data\u003Cbr \u002F>\n• Membership sites with user logins\u003Cbr \u002F>\n• Business websites with contact forms\u003Cbr \u002F>\n• Blogs that want to protect visitor privacy\u003Cbr \u002F>\n• Development sites that need security during testing\u003C\u002Fp>\n\u003Cp>BaseCloud Security Manager is lightweight, efficient, and designed to integrate seamlessly into your WordPress admin experience without clutter or intrusive advertising.\u003C\u002Fp>\n\u003Ch3>Additional Information\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>🎯 Why Choose BaseCloud Security Manager?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>✅ \u003Cstrong>Instant Protection\u003C\u002Fstrong> – Works immediately after activation\u003Cbr \u002F>\n✅ \u003Cstrong>Zero Learning Curve\u003C\u002Fstrong> – No technical knowledge required\u003Cbr \u002F>\n✅ \u003Cstrong>Enterprise Grade\u003C\u002Fstrong> – Same technology used by Fortune 500 companies\u003Cbr \u002F>\n✅ \u003Cstrong>Fully Customizable\u003C\u002Fstrong> – Advanced users have complete control\u003Cbr \u002F>\n✅ \u003Cstrong>Regular Updates\u003C\u002Fstrong> – Stay protected against emerging threats\u003Cbr \u002F>\n✅ \u003Cstrong>Expert Support\u003C\u002Fstrong> – Professional team ready to help\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🔗 Useful Links:\u003C\u002Fstrong>\u003Cbr \u002F>\n• \u003Cstrong>Documentation:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.basecloudglobal.com\u002Fsecurity-manager-docs\" rel=\"nofollow ugc\">BaseCloud Security Docs\u003C\u002Fa>\u003Cbr \u002F>\n• \u003Cstrong>Support:\u003C\u002Fstrong> support@basecloudglobal.com\u003Cbr \u002F>\n• \u003Cstrong>Security Testing:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fobservatory.mozilla.org\" rel=\"nofollow ugc\">Mozilla Observatory\u003C\u002Fa>\u003Cbr \u002F>\n• \u003Cstrong>Header Verification:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fsecurityheaders.com\" rel=\"nofollow ugc\">SecurityHeaders.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>🤝 Join Our Community:\u003C\u002Fstrong>\u003Cbr \u002F>\nConnect with other security-conscious WordPress users, get tips, and stay updated on the latest security trends.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>⭐ Love BaseCloud Security Manager?\u003C\u002Fstrong>\u003Cbr \u002F>\nHelp others discover enterprise-grade security by leaving a review. Your feedback helps us improve and helps other users make informed decisions about their website security.\u003C\u002Fp>\n\u003Cp>\u003Cem>Made with ❤️ by the BaseCloud Team – Securing WordPress sites worldwide since 2024\u003C\u002Fem>\u003C\u002Fp>\n","🛡️ Enterprise-grade WordPress security made simple. Implement military-standard HTTP security headers with zero technical knowledge required.",10,994,"2026-02-25T14:45:00.000Z","5.8",[19,20,21,22,86],"xss","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbasecloud-security-manager.1.0.26.zip",{"slug":89,"name":90,"version":91,"author":92,"author_profile":93,"description":94,"short_description":95,"active_installs":81,"downloaded":96,"rating":11,"num_ratings":11,"last_updated":97,"tested_up_to":66,"requires_at_least":84,"requires_php":16,"tags":98,"homepage":23,"download_link":100,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"fix-it-easy-security-headers","Fix It Easy Security Headers","1.1","WP Fix It - WordPress Experts","https:\u002F\u002Fprofiles.wordpress.org\u002Fwpfixit\u002F","\u003Cp>\u003Cstrong>WP Fix It Easy Security Headers\u003C\u002Fstrong> adds a simple page under \u003Cstrong>Tools \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> Security Headers\u003C\u002Fstrong> where you can toggle common HTTP security headers:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Strict-Transport-Security (HSTS)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content-Security-Policy (CSP)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-Frame-Options\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>X-Content-Type-Options\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Referrer-Policy\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Permissions-Policy\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On activation, all headers are \u003Cstrong>enabled by default\u003C\u002Fstrong> and you’re redirected to the settings screen.\u003C\u002Fp>\n\u003Cp>For convenience, the page and the Plugins screen include a \u003Cstrong>“Check Headers”\u003C\u002Fstrong> button that opens SecurityHeaders.com with your site’s URL prefilled (built dynamically from \u003Ccode>home_url()\u003C\u002Fcode>).\u003C\u002Fp>\n\u003Ch3>Notes on CSP\u003C\u002Fh3>\n\u003Cp>This plugin ships with a \u003Cstrong>permissive\u003C\u002Fstrong> default CSP intended to “work everywhere” out of the box (allows most external sources and inline code). For stronger protection, you should harden the directives for your specific site.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>One-click toggles for popular headers\u003C\u002Fli>\n\u003Cli>Dynamic “Check Headers” scan link\u003C\u002Fli>\n\u003Cli>Uses the WordPress Settings API (nonce + capability checks)\u003C\u002Fli>\n\u003Cli>Output escaping and sanitization following PHPCS\u003C\u002Fli>\n\u003C\u002Ful>\n","Configure core HTTP security headers for your WordPress site in a few clicks.",291,"2025-08-24T17:31:00.000Z",[18,20,21,99,22],"referrer-policy","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffix-it-easy-security-headers.1.1.zip",{"slug":102,"name":103,"version":104,"author":105,"author_profile":106,"description":107,"short_description":108,"active_installs":11,"downloaded":109,"rating":25,"num_ratings":32,"last_updated":110,"tested_up_to":14,"requires_at_least":111,"requires_php":16,"tags":112,"homepage":23,"download_link":114,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":56},"boundaryguard-headers","BoundaryGuard Headers","1.0.0","Jay Suthar","https:\u002F\u002Fprofiles.wordpress.org\u002Fjsjack74\u002F","\u003Cp>BoundaryGuard Headers enforces modern HTTP security headers to harden your WordPress site against XSS, clickjacking, mixed content, and cross-origin attacks.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Essential Protection:\u003C\u002Fstrong> Adds X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy to reduce attack surface and prevent clickjacking.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>HSTS (Strict Transport Security):\u003C\u002Fstrong> Forces HTTPS connections to help prevent protocol downgrade and man-in-the-middle attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Advanced Isolation (COOP\u002FCOEP):\u003C\u002Fstrong> Enables Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy to improve cross-origin isolation and mitigate certain side-channel attacks.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Content Security Policy (CSP):\u003C\u002Fstrong> One of the strongest defenses against XSS. Includes a dashboard-based CSP builder with preset options to whitelist trusted sources for scripts, styles, images, and more.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSP Report-Only Mode:\u003C\u002Fstrong> Test your policy safely without blocking content.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Server Header Hardening:\u003C\u002Fstrong> Removes or limits exposure of headers such as \u003Ccode>X-Powered-By\u003C\u002Fcode> and \u003Ccode>Server\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Lightweight and Fast:\u003C\u002Fstrong> Uses PHP headers for broad server compatibility and minimal performance impact.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>No \u003Ccode>.htaccess\u003C\u002Fcode> Editing Required:\u003C\u002Fstrong> Works without modifying server configuration files.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Designed for developers and site owners who want stronger security without unnecessary complexity.\u003C\u002Fp>\n\u003Ch3>External Services\u003C\u002Fh3>\n\u003Cp>This plugin provides a Content Security Policy (CSP) builder. To assist users, it includes “Preset Buttons” that allow users to quickly add domain names to their own CSP whitelist.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>This plugin DOES NOT connect to, load data from, or send data to these services automatically.\u003C\u002Fstrong> The following third-party domains are referenced as presets within the admin dashboard for whitelisting purposes:\u003Cbr \u002F>\n* Google Analytics (www.google-analytics.com) – Used for tracking whitelisting. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Google Tag Manager (www.googletagmanager.com) – Used for tag management. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Stripe (js.stripe.com, api.stripe.com) – Used for payment processing. [Privacy: https:\u002F\u002Fstripe.com\u002Fprivacy]\u003Cbr \u002F>\n* Facebook (www.facebook.com, connect.facebook.net) – Used for social embeds. [Privacy: https:\u002F\u002Fwww.facebook.com\u002Fpolicy.php]\u003Cbr \u002F>\n* YouTube (www.youtube.com, i.ytimg.com) – Used for video embeds. [Privacy: https:\u002F\u002Fpolicies.google.com\u002Fprivacy]\u003Cbr \u002F>\n* Vimeo (player.vimeo.com) – Used for video embeds. [Privacy: https:\u002F\u002Fvimeo.com\u002Fprivacy]\u003Cbr \u002F>\n* Gravatar (secure.gravatar.com) – Used for user avatars. [Privacy: https:\u002F\u002Fautomattic.com\u002Fprivacy\u002F]\u003C\u002Fp>\n","Automatically enforces essential HTTP security headers to protect your site from XSS, clickjacking, and protocol downgrade attacks.",178,"2026-01-05T08:19:00.000Z","6.0",[18,21,113,22,86],"http-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fboundaryguard-headers.1.0.0.zip",{"attackSurface":116,"codeSignals":145,"taintFlows":155,"riskAssessment":156,"analyzedAt":159},{"hooks":117,"ajaxHandlers":141,"restRoutes":142,"shortcodes":143,"cronEvents":144,"entryPointCount":11,"unprotectedCount":11},[118,124,128,132,136,138,139,140],{"type":119,"name":120,"callback":121,"priority":81,"file":122,"line":123},"action","send_headers","vi_headershield_add_security_headers","headershield.php",205,{"type":119,"name":125,"callback":126,"file":122,"line":127},"admin_init","vi_headershield_handle_admin_post",261,{"type":119,"name":129,"callback":130,"file":122,"line":131},"admin_enqueue_scripts","vi_headershield_admin_assets",330,{"type":119,"name":133,"callback":134,"file":122,"line":135},"admin_menu","vi_headershield_admin_menu",333,{"type":119,"name":120,"callback":121,"priority":81,"file":137,"line":123},"trunk\u002Fheadershield.php",{"type":119,"name":125,"callback":126,"file":137,"line":127},{"type":119,"name":129,"callback":130,"file":137,"line":131},{"type":119,"name":133,"callback":134,"file":137,"line":135},[],[],[],[],{"dangerousFunctions":146,"sqlUsage":147,"outputEscaping":149,"fileOperations":11,"externalRequests":11,"nonceChecks":152,"capabilityChecks":153,"bundledLibraries":154},[],{"prepared":11,"raw":11,"locations":148},[],{"escaped":150,"rawEcho":11,"locations":151},220,[],2,4,[],[],{"summary":157,"deductions":158},"The \"headershield\" v1.0.14 plugin exhibits a strong security posture based on the provided static analysis.  The absence of any identified attack surface points (AJAX handlers, REST API routes, shortcodes, cron events) is a significant strength, indicating the plugin does not expose direct entry points for potential attackers. Furthermore, the code signals show excellent adherence to secure coding practices, with 100% of SQL queries using prepared statements, all output properly escaped, and no file operations or external HTTP requests detected. The presence of nonce and capability checks, while not covering all potential interactions, demonstrates an awareness of security principles. The lack of any historical vulnerabilities further reinforces this positive assessment.\n\nWhile the static analysis and vulnerability history are overwhelmingly positive, the absence of taint analysis flows (total flows analyzed: 0) means that the complex interactions between user input and code execution pathways have not been deeply examined. This could potentially mask subtle vulnerabilities that might not be apparent through direct function analysis. However, given the other strong indicators, the risk associated with this omission is likely low. In conclusion, \"headershield\" v1.0.14 appears to be a well-secured plugin with robust coding practices and no known security issues. The primary area for potential improvement, albeit with likely low impact given the other findings, would be to ensure comprehensive taint analysis in future security reviews.",[],"2026-04-16T13:22:06.804Z",{"wat":161,"direct":170},{"assetPaths":162,"generatorPatterns":165,"scriptPaths":166,"versionParams":167},[163,164],"\u002Fwp-content\u002Fplugins\u002Fheadershield\u002Fassets\u002Fcss\u002Fheadershield-guide.css","\u002Fwp-content\u002Fplugins\u002Fheadershield\u002Fassets\u002Fjs\u002Fheadershield-guide.js",[],[164],[168,169],"headershield\u002Fassets\u002Fcss\u002Fheadershield-guide.css?ver=","headershield\u002Fassets\u002Fjs\u002Fheadershield-guide.js?ver=",{"cssClasses":171,"htmlComments":175,"htmlAttributes":176,"restEndpoints":178,"jsGlobals":179,"shortcodeOutput":181},[172,173,174],"headershield-guide-page","headershield-settings-page","headershield-settings-wrap",[],[177],"data-headershield-plugin-path",[],[180],"vi_headershield_admin_object",[],{"error":183,"url":184,"statusCode":185,"statusMessage":186,"message":186},true,"http:\u002F\u002Flocalhost\u002Fapi\u002Fplugins\u002Fheadershield\u002Fbundle",404,"no bundle for this plugin yet",{"slug":4,"current_version":6,"total_versions":152,"versions":188},[189,197],{"version":190,"download_url":191,"svn_tag_url":192,"released_at":26,"has_diff":193,"diff_files_changed":194,"diff_lines":26,"trac_diff_url":195,"vulnerabilities":196,"is_current":193},"1.0.1401","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fheadershield.1.0.1401.zip","https:\u002F\u002Fplugins.svn.wordpress.org\u002Fheadershield\u002Ftags\u002F1.0.1401\u002F",false,[],"https:\u002F\u002Fplugins.trac.wordpress.org\u002Fchangeset?old_path=%2Fheadershield%2Ftags%2F1.0.14&new_path=%2Fheadershield%2Ftags%2F1.0.1401",[],{"version":6,"download_url":24,"svn_tag_url":198,"released_at":26,"has_diff":193,"diff_files_changed":199,"diff_lines":26,"trac_diff_url":26,"vulnerabilities":200,"is_current":183},"https:\u002F\u002Fplugins.svn.wordpress.org\u002Fheadershield\u002Ftags\u002F1.0.14\u002F",[],[]]