Does Security Headers & Caching have any unpatched vulnerabilities?

No. All known vulnerabilities in Security Headers & Caching have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Security Headers & Caching compatible with WordPress 6.8.5?

According to WordPress.org data, Security Headers & Caching 7.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Security Headers & Caching compatible with PHP 7.2+?

Security Headers & Caching requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Security Headers & Caching updated?

Security Headers & Caching was last updated on Oct 8, 2025. Frequent updates are generally a positive security signal.

What is Security Headers & Caching's security score?

Security Headers & Caching has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Security Headers & Caching Security & Risk Analysis

wordpress.org/plugins/security-headers-caching

Enhance your WordPress site security with HTTP security headers and improve performance with smart caching. Works with all hosting providers.

20 active installs v7.4 PHP 7.2+ WP 5.9+ Updated Oct 8, 2025

cachecspheadershstssecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Security Headers & Caching Safe to Use in 2026?

Generally Safe

Score 100/100

Security Headers & Caching has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "security-headers-caching" v7.4 plugin exhibits a strong security posture based on the provided static analysis. The complete absence of detectable attack surface points like AJAX handlers, REST API routes, or shortcodes significantly minimizes the potential for external exploitation. The code also demonstrates good practices with 100% of SQL queries using prepared statements, a high percentage of properly escaped output, and the presence of nonce and capability checks. This suggests a well-developed and security-conscious approach to its codebase.

While the static analysis reveals no critical or high-severity issues, and the vulnerability history is clean, there's a small area for potential improvement. The 94% output escaping rate, while good, means that approximately 6% of outputs are not properly escaped. This could, in a theoretical scenario with specific data inputs, lead to minor cross-site scripting (XSS) vulnerabilities if malicious data were injected and displayed without proper sanitization. However, given the overall robust findings, this remains a low-level concern. The plugin's strengths far outweigh any minor areas for improvement, making it a relatively secure option.

Key Concerns

Unescaped output (approx 6%)

Vulnerabilities

None known

Security Headers & Caching Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Security Headers & Caching Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

17 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped18 total outputs

Attack Surface

Security Headers & Caching Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_menuadmin\class-shc-admin.php:30

actionadmin_initadmin\class-shc-admin.php:31

actionadmin_enqueue_scriptsadmin\class-shc-admin.php:32

actionadmin_initadmin\class-shc-admin.php:33

actionsend_headersincludes\class-shc-headers.php:31

filtershc_security_headersincludes\class-shc-headers.php:34

actioninitincludes\class-shc-headers.php:160

actionplugins_loadedsecurity-headers-caching.php:78

actionplugins_loadedsecurity-headers-caching.php:81

actionplugins_loadedsecurity-headers-caching.php:85

Maintenance & Trust

Security Headers & Caching Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 8, 2025

PHP min version7.2

Downloads846

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Security Headers & Caching Alternatives

Headers Security Advanced & HSTS WP

headers-security-advanced-hsts-wp

100

Best all-in-one WordPress security plugin, uses HTTP & HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP/HTTPS.

90K No CVEs

Fix It Easy Security Headers

fix-it-easy-security-headers

100

Configure core HTTP security headers for your WordPress site in a few clicks.

10 No CVEs

HTTP Headers

http-headers

HTTP Headers adds CORS & security HTTP headers to your website.

50K 4 CVEs

Content Security Policy Manager

csp-manager

Plugin for configuring Content Security Policy headers for your site. Allows different CSP headers for admin, logged inn frontend and regular visitors

2K No CVEs

CSP Friendly Security

csp-antsst

100

Adds a CSP header compatible with most WP plugins without breaking styles.

100 No CVEs

Developer Profile

Security Headers & Caching Developer Profile

Studio Be4

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Security Headers & Caching

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/security-headers-caching/admin/css/shc-admin.css/wp-content/plugins/security-headers-caching/admin/js/shc-admin.js

Version Parameters

security-headers-caching/admin/css/shc-admin.css?ver=security-headers-caching/admin/js/shc-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

shc-admin-settings

JS Globals

shc_admin_params

FAQ