{"id":146604,"date":"2021-09-04T16:35:06","date_gmt":"2021-09-04T16:35:06","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/headers-security-advanced-hsts-wp\/"},"modified":"2026-03-16T14:46:20","modified_gmt":"2026-03-16T14:46:20","slug":"headers-security-advanced-hsts-wp","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/headers-security-advanced-hsts-wp\/","author":18810140,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"5.3.2","stable_tag":"5.3.2","tested":"6.9.4","requires":"4.7","requires_php":"7.4","requires_plugins":null,"header_name":"Headers Security Advanced & HSTS WP","header_author":"\ud83d\udc19 Andrea Ferro","header_description":"Headers Security Advanced & HSTS WP - Simple, Light and Fast allows you to customize 'wp-admin' URL and 'wp-login.php' page.","assets_banners_color":"0e1217","last_updated":"2026-03-16 14:46:20","external_support_url":"","external_repository_url":"","donate_link":"https:\/\/www.buymeacoffee.com\/tentacleplugins","header_plugin_uri":"https:\/\/openheaders.org","header_author_uri":"https:\/\/www.linkedin.com\/in\/andrea-ferro-55046186\/","rating":4.9,"author_block_rating":0,"active_installs":90000,"downloads":1369417,"num_ratings":77,"support_threads":2,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"5.0.01":{"tag":"5.0.01","author":"unicorn03","date":"2022-08-13 17:00:53"},"5.0.02":{"tag":"5.0.02","author":"unicorn03","date":"2022-08-20 12:30:46"},"5.0.03":{"tag":"5.0.03","author":"unicorn03","date":"2022-08-22 16:04:46"},"5.0.04":{"tag":"5.0.04","author":"unicorn03","date":"2022-08-23 09:21:13"},"5.0.05":{"tag":"5.0.05","author":"unicorn03","date":"2022-09-13 13:58:27"},"5.0.06":{"tag":"5.0.06","author":"unicorn03","date":"2022-09-13 14:13:19"},"5.0.10":{"tag":"5.0.10","author":"unicorn03","date":"2022-12-26 18:15:13"},"5.0.13":{"tag":"5.0.13","author":"unicorn03","date":"2022-12-31 11:42:37"},"5.0.14":{"tag":"5.0.14","author":"unicorn03","date":"2023-01-03 11:44:26"},"5.0.16":{"tag":"5.0.16","author":"unicorn03","date":"2023-01-16 19:30:25"},"5.0.17":{"tag":"5.0.17","author":"unicorn03","date":"2023-01-17 00:36:37"},"5.0.18":{"tag":"5.0.18","author":"unicorn03","date":"2023-01-18 08:54:29"},"5.0.19":{"tag":"5.0.19","author":"unicorn03","date":"2023-01-20 11:56:46"},"5.0.20":{"tag":"5.0.20","author":"unicorn03","date":"2023-01-24 11:33:34"},"5.0.21":{"tag":"5.0.21","author":"unicorn03","date":"2023-05-18 05:20:05"},"5.0.22":{"tag":"5.0.22","author":"unicorn03","date":"2023-05-23 18:01:41"},"5.0.23":{"tag":"5.0.23","author":"unicorn03","date":"2023-05-26 16:49:34"},"5.0.24":{"tag":"5.0.24","author":"unicorn03","date":"2023-06-17 18:05:32"},"5.0.25":{"tag":"5.0.25","author":"unicorn03","date":"2023-06-29 20:53:18"},"5.0.26":{"tag":"5.0.26","author":"unicorn03","date":"2023-07-22 19:04:42"},"5.0.27":{"tag":"5.0.27","author":"unicorn03","date":"2023-07-23 14:39:21"},"5.0.28":{"tag":"5.0.28","author":"unicorn03","date":"2023-08-04 15:51:22"},"5.0.29":{"tag":"5.0.29","author":"unicorn03","date":"2023-09-10 12:11:17"},"5.0.30":{"tag":"5.0.30","author":"unicorn03","date":"2024-01-11 18:06:25"},"5.0.33":{"tag":"5.0.33","author":"unicorn03","date":"2024-03-10 13:36:26"},"5.0.34":{"tag":"5.0.34","author":"unicorn03","date":"2024-03-10 13:52:07"},"5.0.35":{"tag":"5.0.35","author":"unicorn03","date":"2024-03-13 14:23:54"},"5.0.36":{"tag":"5.0.36","author":"unicorn03","date":"2024-04-04 19:47:59"},"5.0.37":{"tag":"5.0.37","author":"unicorn03","date":"2024-08-08 09:50:05"},"5.0.38":{"tag":"5.0.38","author":"unicorn03","date":"2024-08-26 08:32:06"},"5.0.39":{"tag":"5.0.39","author":"unicorn03","date":"2024-08-29 16:05:57"},"5.0.40":{"tag":"5.0.40","author":"unicorn03","date":"2024-08-30 09:23:29"},"5.0.41":{"tag":"5.0.41","author":"unicorn03","date":"2024-10-15 08:07:18"},"5.0.42":{"tag":"5.0.42","author":"unicorn03","date":"2025-02-17 10:05:27"},"5.0.43":{"tag":"5.0.43","author":"unicorn03","date":"2025-04-28 09:43:33"},"5.0.44":{"tag":"5.0.44","author":"unicorn03","date":"2025-05-22 08:07:24"},"5.0.45":{"tag":"5.0.45","author":"unicorn03","date":"2025-10-24 15:15:13"},"5.2.4":{"tag":"5.2.4","author":"unicorn03","date":"2025-11-17 14:57:34"},"5.2.5":{"tag":"5.2.5","author":"unicorn03","date":"2026-01-18 14:24:01"},"5.3.2":{"tag":"5.3.2","author":"unicorn03","date":"2026-03-16 14:46:20"}},"upgrade_notice":[],"ratings":{"1":0,"2":1,"3":1,"4":3,"5":72},"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":2785539,"resolution":"256x256","location":"assets","locale":""},"icon.svg":{"filename":"icon.svg","revision":3102785,"resolution":false,"location":"assets","locale":false}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3102792,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3102777,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["5.0.01","5.0.02","5.0.03","5.0.04","5.0.05","5.0.06","5.0.10","5.0.13","5.0.14","5.0.16","5.0.17","5.0.18","5.0.19","5.0.20","5.0.21","5.0.22","5.0.23","5.0.24","5.0.25","5.0.26","5.0.27","5.0.28","5.0.29","5.0.30","5.0.33","5.0.34","5.0.35","5.0.36","5.0.37","5.0.38","5.0.39","5.0.40","5.0.41","5.0.42","5.0.43","5.0.44","5.0.45","5.2.4","5.2.5","5.3.2"],"block_files":[],"assets_screenshots":{"screenshot-1.jpg":{"filename":"screenshot-1.jpg","revision":2716089,"resolution":"1","location":"assets","locale":""},"screenshot-2.jpg":{"filename":"screenshot-2.jpg","revision":2716089,"resolution":"2","location":"assets","locale":""},"screenshot-3.jpg":{"filename":"screenshot-3.jpg","revision":2716089,"resolution":"3","location":"assets","locale":""},"screenshot-4.jpg":{"filename":"screenshot-4.jpg","revision":2716089,"resolution":"4","location":"assets","locale":""},"screenshot-5.jpg":{"filename":"screenshot-5.jpg","revision":2716089,"resolution":"5","location":"assets","locale":""},"screenshot-6.jpg":{"filename":"screenshot-6.jpg","revision":2716089,"resolution":"6","location":"assets","locale":""},"screenshot-7.jpg":{"filename":"screenshot-7.jpg","revision":2726581,"resolution":"7","location":"assets","locale":""},"screenshot-8.jpg":{"filename":"screenshot-8.jpg","revision":2726582,"resolution":"8","location":"assets","locale":""},"screenshot-9.jpg":{"filename":"screenshot-9.jpg","revision":2726582,"resolution":"9","location":"assets","locale":""}},"screenshots":{"1":"Check HTTP Security Headers (AFTER)","2":"Check HTTP Security Headers (BEFORE)","3":"Check HTTP Strict Transport Security \/ HSTS (list)","4":"Check WebPageTest (AFTER)","5":"Check WebPageTest (BEFORE)","6":"Setting on single site installation","7":"Check HTTP Security Headers - Serpworx (AFTER)","8":"Check HTTP Security Headers - Serpworx (BEFORE)","9":"Site-wide security setting"},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[7642,19966,2846,202916,34310],"plugin_category":[44,54],"plugin_contributors":[217196,202988],"plugin_business_model":[],"class_list":["post-146604","plugin","type-plugin","status-publish","hentry","plugin_tags-clickjacking","plugin_tags-csp","plugin_tags-headers","plugin_tags-headers-security","plugin_tags-hsts","plugin_category-discussion-and-community","plugin_category-security-and-spam-protection","plugin_contributors-alexclassroom","plugin_contributors-unicorn03","plugin_committers-unicorn03","plugin_support_reps-unicorn07"],"banners":{"banner":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/banner-772x250.png?rev=3102777","banner_2x":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/banner-1544x500.png?rev=3102792","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/icon.svg?rev=3102785","icon":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/icon.svg?rev=3102785","icon_2x":false,"generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-1.jpg?rev=2716089","caption":"Check HTTP Security Headers (AFTER)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-2.jpg?rev=2716089","caption":"Check HTTP Security Headers (BEFORE)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-3.jpg?rev=2716089","caption":"Check HTTP Strict Transport Security \/ HSTS (list)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-4.jpg?rev=2716089","caption":"Check WebPageTest (AFTER)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-5.jpg?rev=2716089","caption":"Check WebPageTest (BEFORE)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-6.jpg?rev=2716089","caption":"Setting on single site installation"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-7.jpg?rev=2726581","caption":"Check HTTP Security Headers - Serpworx (AFTER)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-8.jpg?rev=2726582","caption":"Check HTTP Security Headers - Serpworx (BEFORE)"},{"src":"https:\/\/ps.w.org\/headers-security-advanced-hsts-wp\/assets\/screenshot-9.jpg?rev=2726582","caption":"Site-wide security setting"}],"raw_content":"<!--section=description-->\n<p><strong>Headers Security Advanced &amp; HSTS WP<\/strong> is Best all-in-one a free plug-in for all WordPress users. Deactivating this plugin will return your site configuration exactly to the state it was in before.<\/p>\n\n<p>The <strong>Headers Security Advanced &amp; HSTS WP<\/strong> project implements HTTP response headers that your site can use to increase the security of your website. The plug-in will automatically set up all Best Practices (you don't have to think about anything), these HTTP response headers can prevent modern browsers from running into easily predictable vulnerabilities. The Headers Security Advanced &amp; HSTS WP project wants to popularize and increase awareness and usage of these headers for all wordpress users.<\/p>\n\n<p>This plugin is developed by OpenHeaders by irn3, we care about WordPress security and best practices.<\/p>\n\n<p>Check out the best features of <strong>Headers Security Advanced &amp; HSTS WP:<\/strong><\/p>\n\n<ul>\n<li>X-XSS-Protection (Deprecated)<\/li>\n<li>Pragma (Deprecated)<\/li>\n<li>Public-Key-Pins (Deprecated)<\/li>\n<li>Expect-CT (Deprecated)<\/li>\n<li>Access-Control-Allow-Origin<\/li>\n<li>Access-Control-Allow-Methods<\/li>\n<li>Access-Control-Allow-Headers<\/li>\n<li>X-Content-Security-Policy<\/li>\n<li>X-Content-Type-Options<\/li>\n<li>X-Frame-Options<\/li>\n<li>X-Permitted-Cross-Domain-Policies<\/li>\n<li>X-Powered-By<\/li>\n<li>Content-Security-Policy<\/li>\n<li>Referrer-Policy<\/li>\n<li>HTTP Strict Transport Security \/ HSTS<\/li>\n<li>Content-Security-Policy<\/li>\n<li>Content-Security-Policy-Report-Only<\/li>\n<li>Clear-Site-Data<\/li>\n<li>Cross-Origin-Embedder-Policy-Report-Only<\/li>\n<li>Cross-Origin-Opener-Policy-Report-Only<\/li>\n<li>Cross-Origin-Embedder-Policy<\/li>\n<li>Cross-Origin-Opener-Policy<\/li>\n<li>Cross-Origin-Resource-Policy<\/li>\n<li>Permissions-Policy<\/li>\n<li>Strict-dynamic<\/li>\n<li>Strict-Transport-Security<\/li>\n<li>FLoC (Federated Learning of Cohorts)<\/li>\n<\/ul>\n\n<p><strong>Headers Security Advanced &amp; HSTS WP<\/strong> is based on <strong>OWASP CSRF<\/strong> to protect your wordpress site. Using OWASP CSRF, once the plugin is installed, it will provide full CSRF mitigation without having to call a method to use nonce on the output. The site will be secure despite having other vulnerable plugins (CSRF).<\/p>\n\n<p>HTTP security headers are a critical part of your website's security. After automatic implementation with Headers Security Advanced &amp; HSTS WP, they protect you from the most notorious types of attacks your site might encounter. These headers protect against XSS, code injection, clickjacking, etc.<\/p>\n\n<p>We have put a lot of effort into making the most important services operational with <strong>Content Security Policy (CSP)<\/strong>, below are some examples that we have tested and used with <strong>Headers Security Advanced &amp; HSTS WP<\/strong>:<\/p>\n\n<ul>\n<li>CSP usage for <strong>Google Tag Manager<\/strong>\nworld's most popular tag manager<\/li>\n<li>Using CSP for <strong>Gravatar<\/strong>\nAvatar service for WordPress and Social sites<\/li>\n<li>Using CSP for <strong>Wordpress Internal Media<\/strong>\nsupport Wordpress media<\/li>\n<li>Using CSP for <strong>Youtube Embedded Video SDK<\/strong>\nsupport Youtube embedded frames and JS SDK<\/li>\n<li>CSP usage for <strong>CookieLaw<\/strong>\nprivacy technology to meet regulatory requirements<\/li>\n<li>CSP usage for <strong>Mailchimp<\/strong>\nsupport for Mailchimp automation, SDK and modules<\/li>\n<li>CSP usage for <strong>Google Analytics<\/strong>\nsupport for basic conversion domains such as: stats.g.doubleclick.net and www.google.com<\/li>\n<li>CSP usage for <strong>Google Fonts<\/strong>\nyou're not loading it on the page, chances are one of your SDKs is using it<\/li>\n<li>Using CSP for <strong>Facebook<\/strong>\nsupport Facebook SDK functionality<\/li>\n<li>Using CSP for <strong>Stripe<\/strong>\nhighly secure online payment system<\/li>\n<li>Using CSP for <strong>New Relic<\/strong>\nit's a registration and monitoring utility<\/li>\n<li>Using CSP for <strong>Linkedin Tags + SDKs<\/strong>\nsupport Linkedin Insight, Linkedin Ads and SDK<\/li>\n<li>Using CSP for <strong>OneTrust<\/strong>\nOneTrust support helps companies manage privacy requirements<\/li>\n<li>CSP usage for <strong>Moat<\/strong>\nMoat support to measurement suite such as: ad verification, brand safety, advertising and coverage<\/li>\n<li>CSP usage for <strong>jQuery<\/strong>\nsupport of jQuery - JS library<\/li>\n<li>CSP usage for <strong>Twitter Widgets &amp; SDKs<\/strong>\nsupport Connect, Widgets and the Twitter client-side SDK<\/li>\n<li>Using CSP for <strong>Google Maps<\/strong>\nsupport Google Maps as The ggpht used by streetview<\/li>\n<li>Using CSP for <strong>Quantcast Choice<\/strong>\nQuantcast support for privacy such as GDPR and CCPA<\/li>\n<li>CSP usage for <strong>Twitter Ads &amp; Analytics<\/strong>\nTwitter support for advertising and Analytics<\/li>\n<li>Using CSP for <strong>Paypal<\/strong>\nPayPal support for online payment system<\/li>\n<li>Using CSP for <strong>Drift<\/strong>\nDrift and Driftt support<\/li>\n<li>CSP usage for <strong>Cookiebot<\/strong>\ncookie and tracker support, GDPR\/ePrivacy and CCPA compliance<\/li>\n<li>CSP usage for <strong>Vimeo Embedded Videos SDK<\/strong>\nsupport frames, JS SDK, Froogaloop integration<\/li>\n<li>Using CSP for <strong>AppNexus (now Xandr)<\/strong>\nAppNexus support for custom retargeting<\/li>\n<li>Using CSP for <strong>Mixpanel<\/strong>\nsupport analytics tool with SDK\/JS to collect client-side data<\/li>\n<li>Using CSP for <strong>Font Awesome<\/strong>\ntoolkit support for fonts and icons over CSS and Less<\/li>\n<li>Using CSP for <strong>Google reCAPTCHA<\/strong>\nreCAPTCHA support for fraud and bot protection<\/li>\n<li>CSP usage for <strong>Bootstrap<\/strong> CDN\nBootstrap support for CSS frameworks<\/li>\n<li>Using CSP for <strong>HubSpot<\/strong>\nHubspot support with many features, used for monitoring and mkt functionality<\/li>\n<li>Using CSP for <strong>Hotjar<\/strong>\nHotjar tracker support for analytics and metrics<\/li>\n<li>Using CSP for <strong>WP.com<\/strong>\nsupport for wp.com hosting<\/li>\n<li>Using CSP for <strong>Akamai mPulse<\/strong>\nsupport for Akamai mPulse, for origin and perimeter integrations<\/li>\n<li>CSP usage for <strong>Cloudflare - Rocket-Loader &amp; Mirage<\/strong>\nsupport for Mirage libraries for performance acceleration<\/li>\n<li>Using CSP for <strong>Cloudflare - CDN.js<\/strong>\nCloudflare's open CDN support with multiple libraries<\/li>\n<li>Using CSP for <strong>jsDelivr<\/strong>\nsupport jsDelivr free CDN for Open Source<\/li>\n<\/ul>\n\n<p><strong>Headers Security Advanced &amp; HSTS WP<\/strong> is based on the OWASP CSRF standard to protect your wordpress site. Using the OWASP CSRF standard, once the plugin is installed, you can customize CSP rules for full CSRF mitigation. The site will be secure despite having other vulnerable plugins (CSRF).<\/p>\n\n<p><strong>Integration with Sentry, Report URI, URIports and Datadog<\/strong>\nSentry is a well-known platform for monitoring and tracking errors in applications. By integrating Sentry with our plugin, users can:\n  * Receive detailed reports on content security policy (CSP) violations.\n  * Monitor and analyze JavaScript exceptions occurring on their site.\n  * Benefit from advanced tools for proactive troubleshooting.<\/p>\n\n<p>Monitoring and Integration with Sentry, Datadog and URI Reports for optimal security.<\/p>\n\n<h4>Free Forever<\/h4>\n\n<p>Every security header, every configuration option, and every protection this plugin offers today will remain completely free. No features will ever be moved behind a paywall. Shield is a separate set of brand-new monitoring tools built on top. The free plugin gets better because Shield exists, not worse.<\/p>\n\n<p>Even though <strong>FLoC<\/strong> is still fairly new and not yet widely supported, as programmers we think that privacy protection elements are important, so we choose to give you the feature of being opt out of FLoC! We\u2019ve created a special <strong>\u201cautomatic blocking of FLoC\u201d<\/strong> feature, trying to always <strong>offer the best tool with privacy protection and cyber security<\/strong> as main targets and focus.<\/p>\n\n<p>Analyze your site before and after using <em>Headers Security Advanced &amp; HSTS WP<\/em> security headers are self-configured according to HTTP Security Headers and HTTP Strict Transport Security \/ HSTS best practices.<\/p>\n\n<ul>\n<li>Check HTTP Security Headers on <a href=\"https:\/\/securityheaders.com\/\">securityheaders.com<\/a> <\/li>\n<li>Check HTTP Strict Transport Security \/ HSTS at <a href=\"https:\/\/hstspreload.org\/\">hstspreload.org<\/a><\/li>\n<li>Check WebPageTest at <a href=\"https:\/\/www.webpagetest.org\/\">webpagetest.org<\/a><\/li>\n<li>Check HSTS test website <a href=\"https:\/\/gf.dev\/hsts-test\/\">gf.dev\/hsts-test<\/a><\/li>\n<li>Check CSP test website <a href=\"https:\/\/csper.io\/evaluator\">csper.io\/evaluator<\/a><\/li>\n<li>Check CSP Evaluator <a href=\"https:\/\/csp-evaluator.withgoogle.com\/\">csp-evaluator.withgoogle.com<\/a><\/li>\n<li>CSP Content Security Policy Generator <a href=\"https:\/\/addons.mozilla.org\/en-US\/firefox\/addon\/content-security-policy-gen\/\">addons.mozilla.org<\/a><\/li>\n<\/ul>\n\n<p>This plugin is updated periodically, our limited support is free, we are available for your feedback (bugs, compatibility issues or recommendations for next updates). We are usually fast :-D.<\/p>\n\n<h4>Shield \u2014 Advanced Features (Optional)<\/h4>\n\n<p>Every feature this plugin offers today is and will remain completely free, forever. <strong>Shield<\/strong> is a separate set of brand-new advanced tools for professionals who need deeper monitoring and automation:<\/p>\n\n<ul>\n<li><strong>Security Advisor<\/strong> \u2014 Analyzes your configuration and gives personalized recommendations in plain language<\/li>\n<li><strong>CSP Guide<\/strong> \u2014 Recommended tools, safe workflow, WordPress-specific CSP snippets, and CSP FAQ<\/li>\n<li><strong>Security Score Dashboard<\/strong> \u2014 Real-time A+ to F grade with header status for all 10 security headers<\/li>\n<li><strong>Email &amp; Webhook Alerts<\/strong> \u2014 Get notified via email, Slack, Discord, Microsoft Teams, or custom webhook when something changes<\/li>\n<li><strong>CSP Violation Analytics<\/strong> \u2014 See which resources browsers are blocking and why<\/li>\n<li><strong>Weekly Automated Scans<\/strong> \u2014 Automatic security audit with scan history and trend tracking<\/li>\n<\/ul>\n\n<p>Nothing existing moves behind a paywall. Revenue from Shield directly funds free updates and maintenance for all 100,000+ users. Learn more at <a href=\"https:\/\/openheaders.org\/pro\">openheaders.org\/pro<\/a>.<\/p>\n\n<!--section=installation-->\n<h4>ITALIAN<\/h4>\n\n<ol>\n<li>Vai in Plugin 'Aggiungi nuovo'.<\/li>\n<li>Cerca Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>Cerca questo plugin, scaricalo e attivalo.<\/li>\n<li>Vai in 'impostazioni' &gt; 'Headers Security Advanced &amp; HSTS WP'. Per personalizzare le intestazioni.<\/li>\n<li>Puoi cambiare questa opzione quando vuoi, Headers Security Advanced &amp; HSTS WP viene impostato in automatico.<\/li>\n<\/ol>\n\n<h4>ENGLISH<\/h4>\n\n<ol>\n<li>Go to Plugins 'Add New'.<\/li>\n<li>Search for Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>Search for this plugin, download and activate it.<\/li>\n<li>Go to 'settings' &gt; 'Headers Security Advanced &amp; HSTS WP'. To customize headers.<\/li>\n<li>You can change this option whenever you want, Headers Security Advanced &amp; HSTS WP is set automatically.<\/li>\n<\/ol>\n\n<h4>FRAN\u00c7AIS<\/h4>\n\n<ol>\n<li>Allez dans Plugins 'Add new'.<\/li>\n<li>Recherchez Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>Recherchez ce plugin, t\u00e9l\u00e9chargez-le et activez-le.<\/li>\n<li>Allez dans 'settings' &gt; 'Headers Security Advanced &amp; HSTS WP'. Pour personnaliser les en-t\u00eates<\/li>\n<li>Vous pouvez modifier cette option quand vous le souhaitez, Headers Security Advanced &amp; HSTS WP est r\u00e9gl\u00e9 automatiquement.<\/li>\n<\/ol>\n\n<h4>SPANISH<\/h4>\n\n<ol>\n<li>Ve a Plugins &gt; A\u00f1adir nuevo.<\/li>\n<li>Busca Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>Busca este plugin, desc\u00e1rgalo y act\u00edvalo.<\/li>\n<li>Ve a Ajustes &gt; Headers Security Advanced &amp; HSTS WP para personalizar los encabezados.<\/li>\n<li>Puedes cambiar esta opci\u00f3n cuando desees, Headers Security Advanced &amp; HSTS WP se configura autom\u00e1ticamente.<\/li>\n<\/ol>\n\n<h4>DEUTSCH<\/h4>\n\n<ol>\n<li>Gehen Sie zu Plugins 'Neu hinzuf\u00fcgen'.<\/li>\n<li>Suchen Sie nach Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>Suchen Sie nach diesem Plugin, laden Sie es herunter und aktivieren Sie es.<\/li>\n<li>Gehen Sie zu \"Einstellungen\" &gt; \"Kopfzeilen Sicherheit Erweitert &amp; HSTS WP\". So passen Sie die Kopfzeilen an<\/li>\n<li>Sie k\u00f6nnen diese Option jederzeit \u00e4ndern, Headers Security Advanced &amp; HSTS WP wird automatisch eingestellt.<\/li>\n<\/ol>\n\n<h4>PORTUGUESE<\/h4>\n\n<ol>\n<li>V\u00e1 para Plugins &gt; Adicionar novo.<\/li>\n<li>Procure por Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>Procure por este plugin, baixe-o e ative-o.<\/li>\n<li>V\u00e1 para Configura\u00e7\u00f5es &gt; Headers Security Advanced &amp; HSTS WP para personalizar os cabe\u00e7alhos.<\/li>\n<li>Voc\u00ea pode alterar esta op\u00e7\u00e3o sempre que desejar, Headers Security Advanced &amp; HSTS WP \u00e9 configurado automaticamente.<\/li>\n<\/ol>\n\n<h4>SWEDISH<\/h4>\n\n<ol>\n<li>G\u00e5 till Plugins &gt; L\u00e4gg till nytt.<\/li>\n<li>S\u00f6k efter Headers Security Advanced &amp; HSTS WP.<\/li>\n<li>S\u00f6k efter denna plugin, ladda ner och aktivera den.<\/li>\n<li>G\u00e5 till Inst\u00e4llningar &gt; Headers Security Advanced &amp; HSTS WP f\u00f6r att anpassa rubrikerna.<\/li>\n<li>Du kan \u00e4ndra detta alternativ n\u00e4r du vill, Headers Security Advanced &amp; HSTS WP \u00e4r inst\u00e4llt automatiskt.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"will%20this%20plugin%20slow%20down%20my%20site%3F\"><h3>Will this plugin slow down my site?<\/h3><\/dt>\n<dd><p>No. Headers add less than 1KB to each response. The plugin uses WordPress native hooks and Apache .htaccess. Zero database queries at page load for visitors.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20nginx%20or%20litespeed%3F\"><h3>Does it work with Nginx or LiteSpeed?<\/h3><\/dt>\n<dd><p>Yes. The PHP method (wp_headers filter) works on any server. The .htaccess method is Apache-only, but the plugin automatically uses the PHP method on other servers.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20caching%20plugins%3F\"><h3>Does it work with caching plugins?<\/h3><\/dt>\n<dd><p>Yes. Compatible with WP Super Cache, W3 Total Cache, LiteSpeed Cache, WP Rocket, and others.<\/p><\/dd>\n<dt id=\"does%20it%20work%20with%20cloudflare%3F\"><h3>Does it work with Cloudflare?<\/h3><\/dt>\n<dd><p>Yes. Cloudflare passes through headers set by WordPress. If you also set headers in Cloudflare dashboard, use the \"Resolve duplicate headers\" option in Settings to avoid duplicates.<\/p><\/dd>\n<dt id=\"how%20do%20i%20get%20an%20a%2B%20grade%20on%20securityheaders.com%3F\"><h3>How do I get an A+ grade on SecurityHeaders.com?<\/h3><\/dt>\n<dd><p>Your site needs all 6 scored headers present: Content-Security-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy. The plugin configures all of these automatically.<\/p><\/dd>\n<dt id=\"can%20it%20conflict%20with%20other%20security%20plugins%3F\"><h3>Can it conflict with other security plugins?<\/h3><\/dt>\n<dd><p>Rarely. If another plugin sets the same headers, you may get duplicates. Use the \"Resolve duplicate headers\" checkboxes in Settings to fix this.<\/p><\/dd>\n<dt id=\"what%20is%20hsts%3F\"><h3>What is HSTS?<\/h3><\/dt>\n<dd><p>HTTP Strict Transport Security tells browsers to always use HTTPS. Even if someone types http:\/\/, the browser upgrades to https:\/\/ automatically. Prevents protocol downgrade attacks.<\/p><\/dd>\n<dt id=\"what%20max-age%20should%20i%20use%20for%20hsts%3F\"><h3>What max-age should I use for HSTS?<\/h3><\/dt>\n<dd><p>Minimum for preload: 31536000 (1 year). Recommended: 63072000 (2 years). Start with 86400 (1 day) to test, then increase.<\/p><\/dd>\n<dt id=\"should%20i%20enable%20hsts%20preload%3F\"><h3>Should I enable HSTS Preload?<\/h3><\/dt>\n<dd><p>Only if your entire domain (including all subdomains) works over HTTPS. Preload is hardcoded in browsers and difficult to undo. Removal takes months. Test thoroughly first.<\/p><\/dd>\n<dt id=\"what%20is%20content%20security%20policy%20%28csp%29%3F\"><h3>What is Content Security Policy (CSP)?<\/h3><\/dt>\n<dd><p>CSP tells browsers which resources can load on your page. Anything not explicitly allowed is blocked. It is the strongest protection against XSS attacks.<\/p><\/dd>\n<dt id=\"how%20do%20i%20configure%20csp%20report%20uri%3F\"><h3>How do I configure CSP Report URI?<\/h3><\/dt>\n<dd><p>Enter the report URL from your monitoring service (Sentry, Report URI, URIports, or Datadog) into the CSP Report URI field in Settings. The plugin adds the report-uri directive to your CSP header automatically.<\/p><\/dd>\n<dt id=\"content%20security%20policy%20%E2%80%94%20best%20practices\"><h3>Content Security Policy \u2014 Best Practices<\/h3><\/dt>\n<dd><p>When writing CSP directives:<\/p>\n\n<ul>\n<li>Always use single quotes for keywords: 'self', 'none', 'unsafe-inline', 'unsafe-eval'<\/li>\n<li>Never use double quotes inside CSP syntax<\/li>\n<li>Avoid smart quotes (curly quotes) \u2014 the plugin converts them automatically but standard quotes are recommended<\/li>\n<li>The plugin validates and sanitizes CSP input to prevent .htaccess errors<\/li>\n<\/ul><\/dd>\n<dt id=\"what%20happens%20when%20shield%20license%20expires%3F\"><h3>What happens when Shield license expires?<\/h3><\/dt>\n<dd><p>Your site stays fully protected. All headers keep working. You lose Shield features (dashboard, advisor, alerts, analytics) and revert to the free version. Nothing breaks.<\/p><\/dd>\n<dt id=\"can%20i%20report%20a%20bug%20or%20request%20a%20feature%3F\"><h3>Can I report a bug or request a feature?<\/h3><\/dt>\n<dd><p>You can report bugs or request new features right <a href=\"mailto:support@openheaders.org\">support@openheaders[dot]org<\/a><\/p><\/dd>\n<dt id=\"what%20will%20report%20uri%20monitor%20for%20me%3F\"><h3>What will Report URI monitor for me?<\/h3><\/dt>\n<dd><p>Report URI will monitor content security policy (CSP) violations and provide detailed reports on detected violations.<\/p><\/dd>\n<dt id=\"what%20will%20datadog%20monitor%20for%20me%3F\"><h3>What will Datadog monitor for me?<\/h3><\/dt>\n<dd><p>Datadog will monitor content security policy (CSP) violations and other security and performance metrics of your site.<\/p><\/dd>\n<dt id=\"where%20can%20i%20find%20my%20datadog%20api%20key%3F\"><h3>Where can I find my Datadog API Key?<\/h3><\/dt>\n<dd><p>You can find your Datadog API Key in the \"API Keys\" section under \"Integrations\" in the Datadog control panel. Once the plug-in is activated it performs a test (before and after): <a href=\"https:\/\/www.datadoghq.com\/blog\/content-security-policy-reporting-with-datadog\/#csp-reporting-with-datadog\">Manage CSP reporting with Datadog<\/a><\/p><\/dd>\n<dt id=\"what%20will%20sentry%20monitor%20for%20me%3F\"><h3>What will Sentry monitor for me?<\/h3><\/dt>\n<dd><p>Sentry will monitor and log content security policy (CSP) violations and other JavaScript exceptions that occur on your site.<\/p><\/dd>\n<dt id=\"how%20can%20i%20configure%20sentry%20integration%20with%20the%20plugin%3F\"><h3>How can I configure Sentry integration with the plugin?<\/h3><\/dt>\n<dd><ol>\n<li>Log in to your Sentry dashboard.<\/li>\n<li>Click on the \"Projects\" menu item.<\/li>\n<li>Select the project you have created.<\/li>\n<li>Click on the gear icon to open project settings.<\/li>\n<li>In the project settings, go to the \"SDK SETUP\" section.<\/li>\n<li>Click on \"Security Headers\".<\/li>\n<li>Copy the automatically generated \"REPORT URI\" URL and paste it into the \"CSP Report URI\" field in the plugin settings. Example Sentry Report URI (e.g., <code>https:\/\/&lt;your_org&gt;.sentry.io\/api\/&lt;project_id&gt;\/security\/?sentry_key=&lt;key&gt;<\/code>).<\/li>\n<li>The plugin will initialize Sentry and send CSP reports to Sentry.<\/li>\n<\/ol>\n\n<p><a href=\"https:\/\/docs.sentry.io\/security-legal-pii\/security\/security-policy-reporting\/\">Manage CSP reporting with Sentry<\/a><\/p><\/dd>\n<dt id=\"how%20can%20i%20configure%20uriports%20integration%20with%20the%20plugin%3F\"><h3>How can I configure URIports integration with the plugin?<\/h3><\/dt>\n<dd><ol>\n<li>Log in to your Sentry dashboard.<\/li>\n<li>Click on the \"User Icon\" at the top right of your screen.<\/li>\n<li>Click \"Settings\".<\/li>\n<li>Add the domains you want to monitor to the \"Monitored Domains\" section on the settings page.<\/li>\n<li>Click on \"Security Headers\".<\/li>\n<li>Copy the automatically generated \"URIports\" URL and paste it into the \"CSP Report URI\" field in the plugin settings. Example URIports Report URI (e.g., <code>https:\/\/account-subdomain.uriports.com\/reports<\/code>).<\/li>\n<li>The plugin will initialize URIports and send CSP reports to URIports.<\/li>\n<\/ol>\n\n<p><a href=\"https:\/\/www.uriports.com\/getting-started-with-website-monitoring\">Manage CSP reporting with URIports<\/a><\/p><\/dd>\n<dt id=\"why%20did%20you%20choose%20to%20integrate%20with%20sentry%2C%20uriports%2C%20datadog%2C%20and%20report%20uri%3F\"><h3>Why did you choose to integrate with Sentry, URIports, Datadog, and Report URI?<\/h3><\/dt>\n<dd><p>I chose Sentry, URIports, Datadog, and Report URI for integration with this plugin because they are highly reputable and functional platforms in the field of security monitoring. Here's a brief overview of each:<\/p>\n\n<p><strong>Sentry<\/strong><\/p>\n\n<p>Sentry is a well-known platform for monitoring and tracking errors and exceptions in applications. It provides comprehensive tools for logging and analyzing JavaScript errors, making it an excellent choice for monitoring Content Security Policy (CSP) violations. By integrating with Sentry, users can benefit from detailed error reports and proactive issue resolution.<\/p>\n\n<p><strong>Datadog<\/strong><\/p>\n\n<p>Datadog is a powerful platform for monitoring infrastructure, applications, and logs. It offers extensive capabilities for tracking security and performance metrics, including CSP violations. The integration with Datadog allows users to gain insights into the health and security of their websites, providing real-time monitoring and alerting features that are essential for maintaining a secure and performant environment.<\/p>\n\n<p><strong>Report URI<\/strong><\/p>\n\n<p>Report URI is a dedicated service for collecting and analyzing security violation reports, including CSP, HPKP, and other security headers. It is designed specifically to handle large volumes of security reports and provide detailed analytics and visualizations. By using Report URI, users can easily monitor and analyze CSP violations, helping them to quickly identify and mitigate potential security threats.<\/p>\n\n<p>Each of these platforms offers unique strengths and capabilities, making them ideal choices for comprehensive security monitoring and reporting. By integrating with these well-established services, we aim to provide users with reliable and effective tools to enhance the security of their WordPress websites.<\/p>\n\n<p><strong>URIports<\/strong><\/p>\n\n<p>URIports is a well-known platform for monitoring and tracking errors and exceptions in applications. It provides comprehensive tools for logging and analyzing JavaScript errors, making it an excellent choice for monitoring Content Security Policy (CSP) violations. By integrating with URIports, users can benefit from detailed error reports and proactive issue resolution.<\/p><\/dd>\n<dt id=\"can%20i%20view%20csp%20reports%20directly%20in%20sentry%3F\"><h3>Can I view CSP reports directly in Sentry?<\/h3><\/dt>\n<dd><p>Yes, all CSP reports will be sent to Sentry, where you can view and analyze them in the Sentry control panel.<\/p><\/dd>\n<dt id=\"how%20do%20you%20get%20an%20a%2B%20grade%3F\"><h3>How do you get an A+ grade?<\/h3><\/dt>\n<dd><p>To earn an A+ grade, your site must issue all HTTP response headers that we check. This indicates a high level of commitment to improving the security of your visitors.<\/p><\/dd>\n<dt id=\"what%20headers%20are%20recommended%3F\"><h3>What headers are recommended?<\/h3><\/dt>\n<dd><p>Over an HTTP connection we get Content-Security-Policy, X-Content-Type-Options, X-Frame-Options and X-XSS-Protection. Via an HTTPS connection, 2 additional headers are checked for presence which are Strict-Transport-Security and Public-Key-Pins.<\/p>\n\n<ul>\n<li>Once the plug-in is activated it performs a test (before and after): <a href=\"https:\/\/securityheaders.com\/\">https:\/\/securityheaders.com\/<\/a><\/li>\n<\/ul><\/dd>\n<dt id=\"can%20the%20plugin%20create%20slowdowns%3F\"><h3>Can the plugin create slowdowns?<\/h3><\/dt>\n<dd><p>No, Headers Security Advanced &amp; HSTS WP is Fast, Secure and does not affect the SEO and speed of your website.<\/p><\/dd>\n<dt id=\"content%20security%20policy%20%28csp%29%20%E2%80%93%20best%20practices\"><h3>Content Security Policy (CSP) \u2013 Best Practices<\/h3><\/dt>\n<dd><p>When writing your CSP directives in the plugin settings, please follow these rules to avoid invalid configurations:<\/p>\n\n<p><strong>1. Always use single quotes <code>'<\/code> for CSP keywords<\/strong><\/p>\n\n<p>CSP keywords must always use straight ASCII single quotes:<\/p>\n\n<ul>\n<li>'self'<\/li>\n<li>'none'<\/li>\n<li>'unsafe-inline'<\/li>\n<li>'unsafe-eval'<\/li>\n<li>'strict-dynamic'<\/li>\n<\/ul>\n\n<p>These are required by the CSP specification.<\/p>\n\n<p><strong>2. Never use double quotes <code>\"<\/code> inside the CSP<\/strong><\/p>\n\n<p>Double quotes are used only <em>outside<\/em> the policy (for example by Apache when setting headers), not inside the CSP syntax.<br \/>\nUsing double quotes inside the policy may break the .htaccess configuration.<\/p>\n\n<p><strong>3. Do not use \u201csmart quotes\u201d or curly quotes (\u2018 \u2019 \u201c \u201d)<\/strong><\/p>\n\n<p>Smart quotes often appear when copying text from Word, Google Docs, PDFs, email clients, or mobile keyboards. These characters are invalid in CSP and may cause the browser to reject the policy or Apache to return HTTP 500 errors.<\/p>\n\n<p>The plugin automatically converts smart quotes to standard quotes, but it is recommended to avoid them when writing your policy.<\/p>\n\n<p><strong>5. What happens if a user enters an invalid CSP?<\/strong><\/p>\n\n<p>Starting from version 5.2.4, the plugin automatically:\n- Normalizes curly quotes to ASCII quotes\n- Replaces invalid double quotes inside the CSP\n- Prevents malformed CSP syntax from breaking .htaccess\n- Falls back to the built-in default CSP if the input is clearly invalid<\/p>\n\n<p>This ensures that even incorrect CSP input will not cause the site to crash.<\/p><\/dd>\n<dt id=\"what%20is%20hsts%20%28strict%20transport%20security%29%3F\"><h3>What is HSTS (Strict Transport Security)?<\/h3><\/dt>\n<dd><p>It was created as a solution to force the browser to use secure connections when a site is running on HTTPS. It is a security header that is added to the web server and reflected in the response header as Strict-Transport-Security. HSTS is important because it addresses the following anomalies:<\/p><\/dd>\n<dt id=\"check%20before%20and%20after%20using%20preload%20hsts\"><h3>Check before and after using Preload HSTS<\/h3><\/dt>\n<dd><p>This step is important to submit your website and\/or domain to an approved HSTS list. Google officially compiles this list and it is used by Chrome, Firefox, Opera, Safari, IE11 and Edge. You can forward your site to the official HSTS preload directory. ('https:\/\/hstspreload.org\/')<\/p><\/dd>\n<dt id=\"how%20to%20use%20http%20strict%20transport%20security%20%28hsts%29\"><h3>how to use HTTP Strict Transport Security (HSTS)<\/h3><\/dt>\n<dd><p>If you want to use Preload HSTS for your site, there are a few requirements before you can activate it.<\/p>\n\n<ul>\n<li>Have a valid SSL certificate. You can't do any of this anyway without it.<\/li>\n<li>You must redirect all HTTP traffic to HTTPS (recommended via permanent 301 redirects). This means that your site should be HTTPS only.<\/li>\n<li>You need to serve all subdomains in HTTPS as well. If you have subdomains, you will need an SSL certificate.<\/li>\n<\/ul>\n\n<p>The HSTS header on your base domain (for example: example.com) is already configured you just need to activate the plug-in.<\/p>\n\n<p>If you want to check the HSTS status of your site, you can do so here: <a href=\"https:\/\/hstspreload.org\/\">https:\/\/hstspreload.org\/<\/a><\/p><\/dd>\n<dt id=\"disable%20floc%2C%20google%27s%20advertising%20technology\"><h3>Disable FLoC, Google's advertising technology<\/h3><\/dt>\n<dd><p>FLoC is a mega tracker that monitors user activity on all sites, stores the information in the browser, and then uses machine learning to place users into cohorts with similar interests. This way, advertisers can target groups of people with similar interests. Plus, according to Google's own testing, FLoC achieves at least 95% more conversions than cookies.<\/p><\/dd>\n<dt id=\"who%20is%20disabling%20floc%20by%20google%3F\"><h3>Who is disabling FLoC by Google?<\/h3><\/dt>\n<dd><p>Scott Helme reported that as of May 3, already 967 of the first 1 million domains had disabled FLoC's interest-cohort in their Permissions-Policy header. That list included some big sites like The Guardian and IKEA.<\/p><\/dd>\n<dt id=\"do%20you%20use%20cloudflare%20and%20the%20headers%20security%20advanced%20%26%20hsts%20wp%20plugin%3F\"><h3>Do you use CloudFlare and the Headers Security Advanced &amp; HSTS WP plugin?<\/h3><\/dt>\n<dd><p>Are you experiencing any anomalies after a plugin update? If yes, please follow these instructions: clear the cache directly to the CloudFlare Client Area<\/p>\n\n<ul>\n<li>Log in to your Cloudflare dashboard, and select your account and domain.<\/li>\n<li>Select Caching &gt; Configuration.<\/li>\n<li>Under Cache Purge, select Custom Purge. The custom purge window will be displayed.<\/li>\n<li>Under Purge by, select URL.<\/li>\n<li>Enter the appropriate values in the text field using the format shown in the example.<\/li>\n<li>Run through the additional instructions to complete the form.<\/li>\n<li>Review the data entered.<\/li>\n<li>Click Delete.<\/li>\n<\/ul>\n\n<p>This will cause the <a href=\"https:\/\/developers.cloudflare.com\/cache\/how-to\/purge-cache\/\">cloudFlare<\/a><\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>5.3.2<\/h4>\n\n<p>This update introduces <strong>Shield<\/strong> \u2014 optional advanced tools for professionals who need deeper security monitoring. Every existing feature remains completely free, forever.<\/p>\n\n<ul>\n<li>New: Shield tab-based interface (Settings, Dashboard, CSP, Notifications, Export\/Import, License, Free vs Shield, FAQ)<\/li>\n<li>New: Security Advisor with personalized recommendations<\/li>\n<li>New: Security Score Dashboard (A+ to F grading, 10 header status overview)<\/li>\n<li>New: CSP Guide with recommended tools (Csper.io, Google CSP Evaluator, Report URI, URIports)<\/li>\n<li>New: CSP violation analytics (top blocked domains, directives, trends)<\/li>\n<li>New: Email alerts when security score drops or headers change<\/li>\n<li>New: Webhook notifications (Slack, Discord, Microsoft Teams, custom JSON endpoint)<\/li>\n<li>New: Export\/Import settings for agencies managing multiple sites<\/li>\n<li>New: Weekly automated scans with history tracking<\/li>\n<li>New: Comprehensive FAQ with search and category filters<\/li>\n<li>New: Free vs Shield comparison with transparent pricing<\/li>\n<li>Improved: Clean uninstall (license auto-deactivated, all options removed)<\/li>\n<\/ul>\n\n<h4>5.2.5<\/h4>\n\n<p>I don't want to tell you what to do, but here's the thing: When you update the Headers Security Advanced &amp; HSTS WP plugin, you don't just click a button, you enter a world of enhanced security and performance.<\/p>\n\n<p>With version 5.2.5, I have gone above and beyond to ensure that your experience is nothing short of exceptional. I have eliminated numerous bugs, improved annoying pixels, and updated the graphics in a sleek and modern way. The result? A plugin that not only looks great, but works even better.<\/p>\n\n<p>But that's not all. This update brings seamless integration with the industry's leading security monitoring platforms-Sentry, Datadog, and Report URI. These integrations offer enhanced reporting capabilities, providing detailed information on content security policy (CSP) violations and improving site security.<\/p>\n\n<ul>\n<li>Update: Code optimization for better compatibility with WordPress version 6.9.<\/li>\n<li>Fixed: Improved compatibility with WordPress 6.9 plugin list rendering<\/li>\n<li>Fixed: Resolved edge case where plugin list could stop rendering when other plugins return unexpected values from the <code>plugin_action_links<\/code> filter<\/li>\n<li>Hardened: Added defensive type checking for better interoperability with third-party plugins<\/li>\n<\/ul>\n\n<p>By updating to 5.2.5, you\u2019re not just improving your site\u2019s security \u2013 you\u2019re optimizing it with the best tools available. Our goal is to provide you with the most beautiful, fastest, and most impressive plugin experience around. So, shall we get started? Hit \"update\" and step into a new era of security and performance with Headers Security Advanced &amp; HSTS WP. Enjoy the upgrade!<\/p>","raw_excerpt":"Best all-in-one WordPress security plugin, uses HTTP &amp; HSTS response headers to avoid vulnerabilities: XSS, injection, clickjacking. Force HTTP\/HTTPS.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/146604","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=146604"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/unicorn03"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=146604"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=146604"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=146604"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=146604"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=146604"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=146604"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}