[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-8HNocw8ec7L6ZDEmVrsdBSOfS1yE_lZdzZEbH7r48U":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":32,"crawl_stats":29,"alternatives":39,"analysis":137,"fingerprints":263},"seo-http-headers-easy","\"SEO-HEADERS-Easy\" Protocol HTTP 1.1","2.0.0","Smiling_Hemp","https:\u002F\u002Fprofiles.wordpress.org\u002Fsmiling_hemp\u002F","\u003Ch4>ENG\u003C\u002Fh4>\n\u003Cp>The plugin allows sending headers Last Modified, Cache Control and 304 Not Modified – headers HTTP, which are sent according to “client-server-client” principle. Absence of determined headers can adversely affect indexing your website by a search system or even be banned for incorrect sending of headers. Such headers as Last Modified, Cache Control are just related to this category. The plug-in allows to flexibly control data settings for each of these pages: Home, Single, Page, Author, Category, Tag, Search. For details please reffer to \u003Ca href=\"http:\u002F\u002Favkproject.ru\u002Fuseful-articles\u002Fheaders-in-wordpress.html\" rel=\"nofollow ugc\">the page of this plugin\u003C\u002Fa> and its \u003Ca href=\"http:\u002F\u002Favkproject.ru\u002Fplugins\u002Fseo-headers-full.html\" rel=\"nofollow ugc\">full version page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>RUS\u003C\u002Fh4>\n\u003Cp>Плагин дает возможность отправлять заголовки Last-Modified, Сache-Сontrol и 304 Not Modified – заголовки HTTP протокола, посылаемые по принципу: «клиент – сервер – клиент».  Отсутствие определенных заголовков может негативно сказаться на индексации вашего сайта поисковой системой или вообще получить бан за не корректно отправленные заголовки. К этой категории как раз и относятся заголовки, такие как Last-Modified и Сache-Сontrol. Плагин позволяет гибко управлять настройками данных заголовков для каждой из этих страниц: Home, Single, Page, Author, Category, Tag, Search. Более подроно вы можете почитать на \u003Ca href=\"http:\u002F\u002Favkproject.ru\u002Fuseful-articles\u002Fheaders-in-wordpress.html\" rel=\"nofollow ugc\">странице плагина\u003C\u002Fa> и на странице его \u003Ca href=\"http:\u002F\u002Favkproject.ru\u002Fplugins\u002Fseo-headers-full.html\" rel=\"nofollow ugc\">полной версии\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>If you like the plugin, feel free to rate it (on the right side of this page) or \u003Ca href=\"http:\u002F\u002Fgoo.gl\u002FqnrM08\" rel=\"nofollow ugc\">donate via PayPal\u003C\u002Fa>. Thanks a lot!)\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Warning\u003C\u002Fh4>\n\u003Cp>Please read the installation instructions and FAQ before installing this plugin.\u003C\u002Fp>\n\u003Cp>Пожалуйста, перед установкой этого плагина, прочитайте инструкцию по установке и FAQ.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"http:\u002F\u002Favkproject.ru\u002Fplugins\u002Fseo-headers-full.html\" rel=\"nofollow ugc\">Upgrade to Full Version\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Sends to a client correct HTTP headers Last Modified, Cache Control and 304 Not Modified",100,3629,94,3,"2015-12-10T14:30:00.000Z","4.4.34","3.5.1","",[20,21,22,23,24],"headers","heading","http","http1-1","protocol","http:\u002F\u002Favkproject.ru\u002Fuseful-articles\u002Fheaders-in-wordpress.html","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fseo-http-headers-easy.zip",85,0,null,"2026-03-15T15:16:48.613Z",[],{"slug":33,"display_name":7,"profile_url":8,"plugin_count":34,"total_installs":35,"avg_security_score":27,"avg_patch_time_days":36,"trust_score":37,"computed_at":38},"smiling_hemp",2,110,30,84,"2026-04-04T15:11:50.010Z",[40,66,85,104,120],{"slug":41,"name":42,"version":43,"author":44,"author_profile":45,"description":46,"short_description":47,"active_installs":48,"downloaded":49,"rating":50,"num_ratings":51,"last_updated":52,"tested_up_to":53,"requires_at_least":54,"requires_php":55,"tags":56,"homepage":61,"download_link":62,"security_score":63,"vuln_count":64,"unpatched_count":28,"last_vuln_date":65,"fetched_at":30},"http-headers","HTTP Headers","1.19.2","Dimitar Ivanov","https:\u002F\u002Fprofiles.wordpress.org\u002Fzinoui\u002F","\u003Cp>HTTP Headers gives your control over the http headers returned by your blog or website.\u003C\u002Fp>\n\u003Cp>Headers supported by HTTP Headers includes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Access-Control-Allow-Origin\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Credentials\u003C\u002Fli>\n\u003Cli>Access-Control-Max-Age\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Methods\u003C\u002Fli>\n\u003Cli>Access-Control-Allow-Headers\u003C\u002Fli>\n\u003Cli>Access-Control-Expose-Headers\u003C\u002Fli>\n\u003Cli>Age \u003C\u002Fli>\n\u003Cli>Content-Security-Policy\u003C\u002Fli>\n\u003Cli>Content-Security-Policy-Report-Only\u003C\u002Fli>\n\u003Cli>Cache-Control\u003C\u002Fli>\n\u003Cli>Clear-Site-Data\u003C\u002Fli>\n\u003Cli>Connection\u003C\u002Fli>\n\u003Cli>Content-Encoding\u003C\u002Fli>\n\u003Cli>Content-Type\u003C\u002Fli>\n\u003Cli>Cross-Origin-Embedder-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Opener-Policy\u003C\u002Fli>\n\u003Cli>Cross-Origin-Resource-Policy\u003C\u002Fli>\n\u003Cli>Expect-CT\u003C\u002Fli>\n\u003Cli>Expires\u003C\u002Fli>\n\u003Cli>Feature-Policy\u003C\u002Fli>\n\u003Cli>NEL\u003C\u002Fli>\n\u003Cli>Permissions-Policy\u003C\u002Fli>\n\u003Cli>Pragma\u003C\u002Fli>\n\u003Cli>P3P\u003C\u002Fli>\n\u003Cli>Referrer-Policy\u003C\u002Fli>\n\u003Cli>Report-To\u003C\u002Fli>\n\u003Cli>Strict-Transport-Security\u003C\u002Fli>\n\u003Cli>Timing-Allow-Origin\u003C\u002Fli>\n\u003Cli>Vary\u003C\u002Fli>\n\u003Cli>WWW-Authenticate\u003C\u002Fli>\n\u003Cli>X-Content-Type-Options\u003C\u002Fli>\n\u003Cli>X-DNS-Prefetch-Control\u003C\u002Fli>\n\u003Cli>X-Download-Options\u003C\u002Fli>\n\u003Cli>X-Frame-Options\u003C\u002Fli>\n\u003Cli>X-Permitted-Cross-Domain-Policies\u003C\u002Fli>\n\u003Cli>X-Powered-By\u003C\u002Fli>\n\u003Cli>X-Robots-Tag\u003C\u002Fli>\n\u003Cli>X-UA-Compatible\u003C\u002Fli>\n\u003Cli>X-XSS-Protection\u003C\u002Fli>\n\u003C\u002Ful>\n","HTTP Headers adds CORS & security HTTP headers to your website.",50000,715994,86,70,"2024-12-22T11:49:00.000Z","6.7.5","3.2","5.3",[57,58,59,41,60],"cors-headers","csp-header","custom-headers","security-headers","https:\u002F\u002Fgithub.com\u002Friverside\u002Fhttp-headers","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fhttp-headers.1.19.2.zip",91,4,"2023-07-13 00:00:00",{"slug":67,"name":68,"version":69,"author":70,"author_profile":71,"description":72,"short_description":73,"active_installs":74,"downloaded":75,"rating":11,"num_ratings":76,"last_updated":77,"tested_up_to":78,"requires_at_least":79,"requires_php":80,"tags":81,"homepage":83,"download_link":84,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"gnu-terry-pratchett","GNU Terry Pratchett","0.4.1","Nick C","https:\u002F\u002Fprofiles.wordpress.org\u002Fmodernnerd\u002F","\u003Cp>The GNU Terry Pratchett plugin transmits an “X-Clacks-Overhead” header reading, “GNU Terry Pratchett” so that Terry’s name is whispered forevermore in the Internet’s “overhead”.\u003C\u002Fp>\n\u003Cp>In Pratchett’s “Going Postal”, workers who die in the line of duty have their names transmitted up and down the Discworld’s telegraph system as a tribute.\u003C\u002Fp>\n\u003Cp>This plugin makes it easy for WordPress users to do the same for Terry Pratchett, without having to modify their server configuration.\u003C\u002Fp>\n\u003Ch4>The GNU Terry Pratchett headers\u003C\u002Fh4>\n\u003Cp>The plugin adds the GNU Terry Pratchett header in two ways:\u003C\u002Fp>\n\u003Col>\n\u003Cli>As an HTTP header (if you don’t use a WordPress page caching plugin).\u003C\u002Fli>\n\u003Cli>As a meta tag in your HTML with the http-equiv attribute.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch4>Settings\u003C\u002Fh4>\n\u003Cp>The text sent in HTTP headers and meta tags is “GNU Terry Pratchett” by default.\u003C\u002Fp>\n\u003Cp>Change this by visiting Settings \u003Cspan aria-hidden=\"true\" class=\"wp-exclude-emoji\">→\u003C\u002Fspan> GNU Terry Pratchett in your WordPress admin area and editing the “X-Clacks-Overhead header” field.\u003C\u002Fp>\n\u003Cp>This option lets you honor other people you would like to remember by making them a small part of your site’s content forever.\u003C\u002Fp>\n\u003Ch4>Checking the HTTP header is sent\u003C\u002Fh4>\n\u003Cp>There are several ways to check that the HTTP header is appearing for your site:\u003C\u002Fp>\n\u003Col>\n\u003Cli>With your terminal (\u003Ccode>curl -I example.com\u003C\u002Fcode>)\u003C\u002Fli>\n\u003Cli>With Chrome’s Network tab.\u003C\u002Fli>\n\u003Cli>With the \u003Ca href=\"https:\u002F\u002Fchrome.google.com\u002Fwebstore\u002Fdetail\u002Fclacks-overhead-gnu-terry\u002Flnndfmobdoobjfcalkmfojmanbeoegab\" rel=\"nofollow ugc\">Clacks Overhead\u003C\u002Fa> Chrome plugin or the \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fgnu_terry_pratchett\u002F\" rel=\"nofollow ugc\">GNU Terry Pratchett Firefox extension\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Using the \u003Ca href=\"http:\u002F\u002Ftools.seobook.com\u002Fserver-header-checker\u002F\" rel=\"nofollow ugc\">Server Header Checker\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Note that the HTTP header is not sent if you use a page caching plugin. To send the HTTP header and continue to use a caching plugin, add the header at the server level. See http:\u002F\u002Fwww.gnuterrypratchett.com\u002F for options.\u003C\u002Fp>\n\u003Ch4>Checking the meta tag is added\u003C\u002Fh4>\n\u003Cp>You can check that the meta tag is visible by viewing your site’s HTML source and searching for “GNU Terry Pratchett”.\u003C\u002Fp>\n\u003Cp>The \u003Ca href=\"https:\u002F\u002Fchrome.google.com\u002Fwebstore\u002Fdetail\u002Fclacks-overhead-gnu-terry\u002Flnndfmobdoobjfcalkmfojmanbeoegab\" rel=\"nofollow ugc\">Clacks Overhead plugin\u003C\u002Fa> for Chrome and the \u003Ca href=\"https:\u002F\u002Faddons.mozilla.org\u002Fen-US\u002Ffirefox\u002Faddon\u002Fgnu_terry_pratchett\u002F\" rel=\"nofollow ugc\">GNU Terry Pratchett extension\u003C\u002Fa> for Firefox both light up when they detect the HTML meta tag or HTTP header.\u003C\u002Fp>\n\u003Ch4>Credits and contributions\u003C\u002Fh4>\n\u003Cp>Inspired by \u003Ca href=\"http:\u002F\u002Fwww.reddit.com\u002Fr\u002Fbestof\u002Fcomments\u002F2yyop7\u002Frdiscworld_redditors_with_web_servers_start\u002F\" rel=\"nofollow ugc\">this reddit post\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fboingboing.net\u002F2015\u002F03\u002F15\u002Fsending-terry-pratchett-home-w.html\" rel=\"nofollow ugc\">boingboing’s report\u003C\u002Fa>, and the \u003Ca href=\"http:\u002F\u002Fwww.gnuterrypratchett.com\u002F\" rel=\"nofollow ugc\">GNU Terry Pratchett\u003C\u002Fa> website.\u003C\u002Fp>\n\u003Cp>Contributions welcome at the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fnickcernis\u002Fgnu-terry-pratchett\" rel=\"nofollow ugc\">GitHub repo\u003C\u002Fa>.\u003C\u002Fp>\n","Add an X-Clacks-Overhead header with “GNU Terry Pratchett” to all non-admin pages.",1000,18229,13,"2025-12-02T20:30:00.000Z","6.9.4","4.6","5.6",[41,82],"terry-pratchett","https:\u002F\u002Fgithub.com\u002Fnickcernis\u002Fgnu-terry-pratchett","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgnu-terry-pratchett.0.4.1.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":93,"downloaded":94,"rating":11,"num_ratings":14,"last_updated":95,"tested_up_to":78,"requires_at_least":96,"requires_php":97,"tags":98,"homepage":18,"download_link":103,"security_score":11,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"security-header","HTTP Security Header","3.1","MOHIT GOYAL","https:\u002F\u002Fprofiles.wordpress.org\u002Fmohitgoyal1108\u002F","\u003Cp>\u003Cstrong>HTTP Security Header\u003C\u002Fstrong> helps protect your WordPress site by adding critical HTTP headers to each response — with no code required. These headers provide additional layers of protection against attacks such as cross-site scripting (XSS), clickjacking, content injection, and resource leaks.\u003C\u002Fp>\n\u003Cp>This plugin offers a modern, responsive admin dashboard with validation, fallback safety, and full control over each header’s default or custom value.\u003C\u002Fp>\n\u003Ch3>🔎 Scan Your Website Security Headers\u003C\u002Fh3>\n\u003Cp>Before configuring headers, instantly check your website’s current security score using our online header scanner:\u003C\u002Fp>\n\u003Cp>👉 \u003Ca href=\"https:\u002F\u002Finspiredmonks.com\u002Fhttp-security-header-scanner\u002F\" rel=\"nofollow ugc\">Scan Your Website Security Headers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>✔ Enter your website URL\u003Cbr \u002F>\n✔ Get instant Security Grade (A+ to F)\u003Cbr \u002F>\n✔ See which headers are Present or Missing\u003Cbr \u002F>\n✔ Get clear, actionable recommendations\u003Cbr \u002F>\n✔ Easily fix them using this plugin\u003C\u002Fp>\n\u003Cp>Used by thousands of websites to enhance security and protect user data.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Features Include:\u003C\u002Fstrong>\u003Cbr \u002F>\n– Visual toggles for enabling\u002Fdisabling headers\u003Cbr \u002F>\n– Option to use \u003Cstrong>default or custom header values\u003C\u002Fstrong>\u003Cbr \u002F>\n– Secure fallback if a header is misconfigured\u003Cbr \u002F>\n– Integrated \u003Cstrong>header validation\u003C\u002Fstrong>\u003Cbr \u002F>\n– Support for all major browser-supported headers\u003Cbr \u002F>\n– Nonce-based saving and admin notices\u003Cbr \u002F>\n– WP Multisite compatible\u003Cbr \u002F>\n– “Disable All” and “Reset to Important Headers” actions\u003Cbr \u002F>\n– Per-header input validation with real-time error fallback\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Supported Headers:\u003C\u002Fstrong>\u003Cbr \u002F>\n* Strict-Transport-Security (HSTS)\u003Cbr \u002F>\n* X-Frame-Options\u003Cbr \u002F>\n* X-Content-Type-Options\u003Cbr \u002F>\n* Referrer-Policy\u003Cbr \u002F>\n* Content-Security-Policy\u003Cbr \u002F>\n* Permissions-Policy\u003Cbr \u002F>\n* X-XSS-Protection\u003Cbr \u002F>\n* X-Permitted-Cross-Domain-Policies\u003Cbr \u002F>\n* Expect-CT\u003Cbr \u002F>\n* Cross-Origin-Opener-Policy (COOP)\u003Cbr \u002F>\n* Cross-Origin-Resource-Policy (CORP)\u003Cbr \u002F>\n* Cross-Origin-Embedder-Policy (COEP)\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight and performance-focused  \u003C\u002Fli>\n\u003Cli>No front-end impact  \u003C\u002Fli>\n\u003Cli>Choose default or custom header values  \u003C\u002Fli>\n\u003Cli>Secure validation and auto-fallbacks  \u003C\u002Fli>\n\u003Cli>Seamless plugin compatibility (including WP Rocket)  \u003C\u002Fli>\n\u003Cli>Fully translation-ready and i18n-compliant  \u003C\u002Fli>\n\u003Cli>Nonce-protected admin save actions  \u003C\u002Fli>\n\u003Cli>Optional reset-to-default support  \u003C\u002Fli>\n\u003Cli>Reset or disable all headers with one click\u003C\u002Fli>\n\u003C\u002Ful>\n","Add and manage essential HTTP security headers with ease. Protect your WordPress site from XSS, clickjacking, and other common vulnerabilities.",800,4254,"2025-12-30T17:44:00.000Z","5.0","7.0",[99,100,101,60,102],"clickjacking","content-security-policy","http-security-header","wordpress-security","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsecurity-header.3.1.zip",{"slug":105,"name":106,"version":107,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":11,"downloaded":112,"rating":11,"num_ratings":34,"last_updated":113,"tested_up_to":114,"requires_at_least":115,"requires_php":18,"tags":116,"homepage":18,"download_link":119,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"simple-iframe-buster","Simple Iframe Buster","1.1.1","Mikel King","https:\u002F\u002Fprofiles.wordpress.org\u002Fvizkr\u002F","\u003Cp>Provides a method of adding X-Frame-Options to the http headers for sites hosted in an environment that does not grant access to\u003Cbr \u002F>\nthe webserver config, .htaccess or lack mod_headers type facility.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Sets X-Frame-Options to SAMEORIGIN\u003C\u002Fli>\n\u003Cli>Enqueue iframe blocking javascript\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>This is my arbitrary section. There’s really nothing special to add because this is truly a simple plugin with no settings or configuration. Turn it on and block the iframe content thieves. Much of this can also be achieve by working with a good hosting provider. If you are board then head over to my content site \u003Ca href=\"https:\u002F\u002Fwww.jafdip.com\" rel=\"nofollow ugc\">JAFDIP\u003C\u002Fa>.\u003C\u002Fp>\n","Provides a method of setting the X-Frame-Options header to SAMEORIGIN. Also enqueues a javascript based iframe blocker.",6274,"2021-08-13T21:10:00.000Z","5.7.15","3.9",[41,117,118],"iframe","x-frame-options","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-iframe-buster.zip",{"slug":121,"name":122,"version":123,"author":124,"author_profile":125,"description":126,"short_description":127,"active_installs":128,"downloaded":129,"rating":28,"num_ratings":28,"last_updated":130,"tested_up_to":131,"requires_at_least":132,"requires_php":18,"tags":133,"homepage":135,"download_link":136,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30},"wp-secure-http-headers","WP Secure HTTP Headers","1.1","WP Academic","https:\u002F\u002Fprofiles.wordpress.org\u002Feastsidecode\u002F","\u003Cp>This WordPress Plugin add secure headers to you WordPress site.\u003C\u002Fp>\n\u003Cp>The Following Headers are included:\u003Cbr \u002F>\n– Strict-Transport-Security: Enforces SSL if your website is using SSL (which it should be)\u003Cbr \u002F>\n– X-Frame-Options: Prevents Clickjacking\u003Cbr \u002F>\n– X-XSS-Protection: Prevents XSS attacks\u003Cbr \u002F>\n– X-Content-Type-Options: set to ‘nosniff to prevent MIME-type sniffing\u003Cbr \u002F>\n– Referrer-Policy: set to ‘no-referrer-when-downgrade’\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No setup required!\u003C\u002Fli>\n\u003C\u002Ful>\n","License: GPLv2 or later WordPress plugin to add secure headers to your website.",40,1195,"2019-06-17T12:37:00.000Z","5.2.24","4.3",[41,134],"security","https:\u002F\u002Feastsidecode.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-secure-http-headers.zip",{"attackSurface":138,"codeSignals":173,"taintFlows":203,"riskAssessment":249,"analyzedAt":262},{"hooks":139,"ajaxHandlers":169,"restRoutes":170,"shortcodes":171,"cronEvents":172,"entryPointCount":28,"unprotectedCount":28},[140,146,150,154,159,165],{"type":141,"name":142,"callback":143,"file":144,"line":145},"action","plugins_loaded","load_plugin_lang","seo_http_headers.class.php",38,{"type":141,"name":147,"callback":148,"file":144,"line":149},"admin_menu","add_http_page_settings",88,{"type":141,"name":151,"callback":152,"file":144,"line":153},"admin_enqueue_scripts","avk_admin_styles",90,{"type":141,"name":155,"callback":156,"priority":157,"file":144,"line":158},"wp","clear_http_headrs",1,95,{"type":160,"name":161,"callback":162,"priority":163,"file":144,"line":164},"filter","plugin_action_links","add_http_link_tools",10,96,{"type":160,"name":166,"callback":167,"priority":163,"file":144,"line":168},"plugin_row_meta","add_link_dashplugins",97,[],[],[],[],{"dangerousFunctions":174,"sqlUsage":175,"outputEscaping":177,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":202},[],{"prepared":28,"raw":28,"locations":176},[],{"escaped":28,"rawEcho":163,"locations":178},[179,183,185,188,190,192,194,196,198,200],{"file":180,"line":181,"context":182},"pages\\settings_menu.php",14,"raw output",{"file":180,"line":184,"context":182},50,{"file":186,"line":187,"context":182},"pages\\t_autor.php",28,{"file":189,"line":187,"context":182},"pages\\t_category.php",{"file":191,"line":187,"context":182},"pages\\t_index.php",{"file":193,"line":187,"context":182},"pages\\t_page.php",{"file":195,"line":187,"context":182},"pages\\t_search.php",{"file":197,"line":187,"context":182},"pages\\t_single.php",{"file":199,"line":187,"context":182},"pages\\t_tag.php",{"file":144,"line":201,"context":182},298,[],[204,222,239],{"entryPoint":205,"graph":206,"unsanitizedCount":157,"severity":221},"_set_headers (seo_http_headers.class.php:226)",{"nodes":207,"edges":218},[208,213],{"id":209,"type":210,"label":211,"file":144,"line":212},"n0","source","$_SERVER['SERVER_PROTOCOL']",277,{"id":214,"type":215,"label":216,"file":144,"line":212,"wp_function":217},"n1","sink","header() [Header Injection]","header",[219],{"from":209,"to":214,"sanitized":220},false,"medium",{"entryPoint":223,"graph":224,"unsanitizedCount":34,"severity":221},"\u003Cseo_http_headers.class> (seo_http_headers.class.php:0)",{"nodes":225,"edges":236},[226,227,228,232],{"id":209,"type":210,"label":211,"file":144,"line":212},{"id":214,"type":215,"label":216,"file":144,"line":212,"wp_function":217},{"id":229,"type":210,"label":230,"file":144,"line":231},"n2","$_SERVER",295,{"id":233,"type":215,"label":234,"file":144,"line":201,"wp_function":235},"n3","echo() [XSS]","echo",[237,238],{"from":209,"to":214,"sanitized":220},{"from":229,"to":233,"sanitized":220},{"entryPoint":240,"graph":241,"unsanitizedCount":157,"severity":248},"\u003Csettings_menu> (pages\\settings_menu.php:0)",{"nodes":242,"edges":246},[243,245],{"id":209,"type":210,"label":244,"file":180,"line":184},"$_SERVER['HTTP_HOST']",{"id":214,"type":215,"label":234,"file":180,"line":184,"wp_function":235},[247],{"from":209,"to":214,"sanitized":220},"low",{"summary":250,"deductions":251},"The \"seo-http-headers-easy\" v2.0.0 plugin presents a mixed security profile. On the positive side, it demonstrates an absence of known vulnerabilities in its history and avoids common risky practices like raw SQL queries or file operations. The static analysis reveals a seemingly small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are unprotected, which is a strong indication of good initial design regarding entry points.\n\nHowever, several critical concerns arise from the code analysis. The most significant issue is that 100% of the plugin's output is not properly escaped, with a total of 10 output operations. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as user-supplied or manipulated data could be rendered directly in the browser. Furthermore, the taint analysis reveals 3 flows with unsanitized paths, which, while not classified as critical or high severity in this report, still indicates potential avenues for injection attacks if not properly handled. The lack of nonce and capability checks on any entry points (even though there are zero identified) suggests a potential weakness if new entry points were introduced or if the current ones are misclassified. The plugin also lacks any external HTTP requests and dangerous functions, which are positive indicators.\n\nIn conclusion, while the plugin has a clean vulnerability history and avoids some dangerous practices, the pervasive lack of output escaping and the presence of unsanitized taint flows represent substantial security risks that need immediate attention. The absence of explicit capability and nonce checks, while potentially mitigated by the zero attack surface, still represents a gap in defensive programming that could be exploited if the attack surface were to grow or be misunderstood. The plugin's strengths lie in its lack of historical CVEs and avoidance of raw SQL, but its weaknesses in output sanitization and taint handling are significant.",[252,255,258,260],{"reason":253,"points":254},"Unescaped output detected (10\u002F10)",20,{"reason":256,"points":257},"Unsanitized paths in taint analysis (3 flows)",15,{"reason":259,"points":163},"Missing nonce checks",{"reason":261,"points":163},"Missing capability checks","2026-03-16T20:55:53.551Z",{"wat":264,"direct":277},{"assetPaths":265,"generatorPatterns":270,"scriptPaths":271,"versionParams":272},[266,267,268,269],"\u002Fwp-content\u002Fplugins\u002Fseo-http-headers-easy\u002Fcss\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fseo-http-headers-easy\u002Fcss\u002Fjquery-ui.min.css","\u002Fwp-content\u002Fplugins\u002Fseo-http-headers-easy\u002Fjs\u002Fscript.js","\u002Fwp-content\u002Fplugins\u002Fseo-http-headers-easy\u002Fjs\u002Fajax.js",[],[268,269],[273,274,275,276],"seo-http-headers-easy\u002Fcss\u002Fadmin-style.css?ver=","seo-http-headers-easy\u002Fcss\u002Fjquery-ui.min.css?ver=","seo-http-headers-easy\u002Fjs\u002Fscript.js?ver=","seo-http-headers-easy\u002Fjs\u002Fajax.js?ver=",{"cssClasses":278,"htmlComments":279,"htmlAttributes":280,"restEndpoints":281,"jsGlobals":282,"shortcodeOutput":284},[],[],[],[],[283],"httpVar",[]]