WP-Safety

Security Header Generator Security & Risk Analysis

wordpress.org/plugins/security-header-generator

This plugin generates the proper security HTTP response headers to keep your site secured.

500 active installs v5.4.77 PHP 8.2+ WP 6.0.9+ Updated Feb 3, 2026
content-security-policypermissionspermissions-policysecuritysecurity-headers
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Security Header Generator Safe to Use in 2026?

Generally Safe

Score 100/100

Security Header Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The security-header-generator plugin v6.0.23 exhibits a mixed security posture. On the positive side, it demonstrates good practices by avoiding dangerous functions, performing all SQL queries using prepared statements, and having a high percentage of properly escaped output. It also includes nonce and capability checks, and lacks any known critical or high vulnerability history, suggesting a generally well-maintained codebase.

However, a significant concern arises from the presence of one AJAX handler that lacks authentication checks. This creates a direct entry point for potential attacks that could be exploited by unauthenticated users. While taint analysis shows no identified vulnerabilities, the absence of authentication on an exposed AJAX endpoint is a critical oversight that could be leveraged in conjunction with other potential plugin or WordPress core vulnerabilities.

Given the clean vulnerability history, it's possible this is an oversight. The plugin's strengths in other security areas are noteworthy, but the unprotected AJAX endpoint represents a clear and present risk that needs immediate attention to ensure a robust security posture.

Key Concerns

  • AJAX handler without auth checks
Vulnerabilities
None known

Security Header Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Security Header Generator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
16 escaped
Nonce Checks
2
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

94% escaped17 total outputs
Attack Surface
1 unprotected

Security Header Generator Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wpsh_load_presetwork\common.php:185
WordPress Hooks 12
actionplugins_loadedwork\common.php:115
actionplugins_loadedwork\common.php:126
actionplugins_loadedwork\common.php:133
actionadmin_enqueue_scriptswork\common.php:146
actionadmin_noticeswork\common.php:168
actionsend_headerswork\inc\kcp-cspgen-headers.php:83
actionrest_api_initwork\inc\kcp-cspgen-headers.php:121
filterrest_pre_serve_requestwork\inc\kcp-cspgen-headers.php:133
actionadmin_initwork\inc\kcp-cspgen-headers.php:178
actionadmin_noticeswork\inc\kcp-cspgen-migration-backup.php:46
actionadmin_enqueue_scriptswork\inc\kcp-cspgen-migration-backup.php:49
filtersubmenu_filework\inc\kcp-cspgen-settings.php:125
Maintenance & Trust

Security Header Generator Maintenance & Trust

Maintenance Signals

WordPress version tested7.0
Last updatedFeb 3, 2026
PHP min version8.2
Downloads24K

Community Trust

Rating96/100
Number of ratings6
Active installs500
Alternatives

Security Header Generator Alternatives

Content Security Policy Manager

Content Security Policy Manager

csp-manager

A
85

Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors

2K No CVEs
HTTP Security Header

HTTP Security Header

security-header

A
100

Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.

800 No CVEs
CSP Friendly Security

CSP Friendly Security

csp-antsst

A
100

Adds a CSP header compatible with most WP plugins without breaking styles.

100 No CVEs
Abdal Security Headers

Abdal Security Headers

abdal-security-headers

A
92

Enhance WordPress security with essential HTTP security headers, protecting against XSS, clickjacking, and other common web vulnerabilities.

10 No CVEs
WPS Protect: Login URL & Security Headers

WPS Protect: Login URL & Security Headers

wps-protect-login-url-security-headers

A
100

The WPS Protect: Login URL & Security Headers plugin enhances your WordPress site security with multiple layers of protection.

0 No CVEs
Developer Profile

Security Header Generator Developer Profile

Kevin Pirnie

2 plugins · 2K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Security Header Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/security-header-generator/assets/css/style.css/wp-content/plugins/security-header-generator/assets/js/script.js
Script Paths
/wp-content/plugins/security-header-generator/assets/js/script.js
Version Parameters
security-header-generator/style.css?ver=security-header-generator/script.js?ver=

HTML / DOM Fingerprints

JS Globals
wpshPresets
FAQ

Frequently Asked Questions about Security Header Generator