Security Header Generator

This plugin generates the proper security HTTP response headers to keep your site secured.

v6.0.51Kevin PirnieUpdated 9 days agoAdded 5 years ago500 installs96% rating

Security Headers content security policy permissions permissions policy security

Score

Errors

Warnings

Change

Category Scores

Security80

Repo100

Performance100

Maintainability88

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

30 findings

Maintainability

6 issue groups

I18n

1 issue group

Security

2 issue groups

ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $v['desc']9

Category: I18n
Occurrences: 9
Severity: error

Sample message

The $text parameter must be a single text string literal. Found: $v['desc']

WordPress.WP.I18n.NonSingularStringLiteralText Reference

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_directives".7

Category: Maintainability
Occurrences: 7
Severity: warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_directives".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound

WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "KCP_CSPGEN_Configs".6

Category: Maintainability
Occurrences: 6
Severity: warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "KCP_CSPGEN_Configs".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "clear_our_option_cache".2

Category: Maintainability
Occurrences: 2
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "clear_our_option_cache".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$json'.1

Category: Security
Occurrences: 1
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$json'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGMaintainabilityMissing VersionResource version not set in call to wp_register_script(). This means new versions of the script may not always be loaded due to browser caching.1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Resource version not set in call to wp_register_script(). This means new versions of the script may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion

WARNINGMaintainabilitymissing composer json fileThe "/vendor" directory using composer exists, but "composer.json" file is missing.1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_file Reference

External Connections

Potential connections found in static code analysis.

12 domains

Outbound calls

External assets

Incoming endpoints

Notable Domains

developer.mozilla.org34 · outbound

kevinpirnie.com2 · outbound

nwebsec.com2 · outbound

php-fig.org2 · outbound

getcomposer.org1 · outbound

hstspreload.org1 · outbound

Platform / Reference Domains

github.com2 · platform/reference

gnu.org1 · platform/reference

External Asset Domains

cdn.jsdelivr.net3 · asset + outbound

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints3

wp_ajax_kp_wsf_export_settingsauthenticated

wp_ajax

wp_ajax_kp_wsf_import_settingsauthenticated

wp_ajax

wp_ajax_wpsh_load_presetauthenticated

wp_ajax

Score History

First score snapshot

2 days ago

v6.0.51

Latest

Findings: 30
Errors: 10
Warnings: 20
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
2 days agoLatest	87	30	10	20	v6.0.51	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Loading map

PluginAuthorCategoryIssueDomainRelated

Relationship links

Issue

Domain

developer.mozilla.org34 signals kevinpirnie.com2 signals nwebsec.com2 signals php-fig.org2 signals getcomposer.org1 signal hstspreload.org1 signal owasp.org1 signal php.net1 signal

Related Plugins

HTTP Security Header

1k+ active installs

Restricted Site Access

10k+ active installs

Security Headers

700 active installs

Content Security Policy Manager

2k+ active installs

HTTP Headers

50k+ active installs

Roles & Capabilities

1k+ active installs