PHPackages amreljako/laravel-secure-headers - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. amreljako/laravel-secure-headers ActiveLibrary[HTTP & Networking](/categories/http) amreljako/laravel-secure-headers ================================ Laravel package to add essential HTTP Security Headers. v1.0.0(7mo ago)10MITPHPPHP >=8.0 Since Sep 15Pushed 7mo agoCompare [ Source](https://github.com/amreljako/laravel-secure-headers)[ Packagist](https://packagist.org/packages/amreljako/laravel-secure-headers)[ RSS](/packages/amreljako-laravel-secure-headers/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (1)Versions (2)Used By (0) Laravel Secure Headers ====================== [](#laravel-secure-headers) A lightweight Laravel package that automatically adds essential **HTTP Security Headers** to enhance your application's **security** and **performance**. --- Installation ------------ [](#installation) Require the package via Composer: ``` composer require amreljako/laravel-secure-headers ``` --- Publish Config -------------- [](#publish-config) Publish the configuration file to your application: ``` php artisan vendor:publish --provider="Amreljako\SecureHeaders\SecureHeadersServiceProvider" --tag=config ``` This will create the following file in your project: ``` config/secure-headers.php ``` --- Usage ----- [](#usage) Register the middleware in `app/Http/Kernel.php`: ``` protected $middleware = [ \Amreljako\SecureHeaders\Middleware\SecureHeadersMiddleware::class, ]; ``` Once registered, the middleware will automatically apply security headers to **all HTTP responses**. --- Configuration ------------- [](#configuration) You can customize the headers in `config/secure-headers.php`: ``` return [ 'X-Frame-Options' => 'DENY', 'X-Content-Type-Options' => 'nosniff', 'X-XSS-Protection' => '1; mode=block', 'Referrer-Policy' => 'no-referrer-when-downgrade', 'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload', 'Content-Security-Policy' => "default-src 'self'; img-src 'self' https://trusted-cdn.com; script-src 'self' https://apis.google.com", ]; ``` --- Example Response Headers ------------------------ [](#example-response-headers) After installation, each Laravel response will include headers such as: ``` X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Referrer-Policy: no-referrer-when-downgrade Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Security-Policy: default-src 'self' ``` --- Why Use Security Headers? ------------------------- [](#why-use-security-headers) - **X-Frame-Options** → Prevents Clickjacking attacks - **X-Content-Type-Options** → Blocks MIME type sniffing - **X-XSS-Protection** → Adds basic browser XSS protection (legacy) - **Referrer-Policy** → Controls what referrer information is sent with requests - **Strict-Transport-Security (HSTS)** → Enforces secure HTTPS connections - **Content-Security-Policy (CSP)** → Strong protection against XSS and data injection attacks --- License ------- [](#license) This package is open-sourced software licensed under the [MIT license](LICENSE). ### Health Score 29 — LowBetter than 60% of packages Maintenance62 Regular maintenance activity Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity40 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 238d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/402b06c86e2b864bfa76b7cb27c3d78072dacb43fd685c9f2987e53f5afc05ac?d=identicon)[amreljako](/maintainers/amreljako) --- Top Contributors [![amreljako](https://avatars.githubusercontent.com/u/101364453?v=4)](https://github.com/amreljako "amreljako (1 commits)") ### Embed Badge ![Health badge](/badges/amreljako-laravel-secure-headers/health.svg) ``` [![Health](https://phpackages.com/badges/amreljako-laravel-secure-headers/health.svg)](https://phpackages.com/packages/amreljako-laravel-secure-headers) ``` ### Alternatives [danharrin/livewire-rate-limiting Apply rate limiters to Laravel Livewire actions. 40423.1M27](/packages/danharrin-livewire-rate-limiting)[mateusjunges/laravel-kafka A kafka driver for laravel 7163.1M17](/packages/mateusjunges-laravel-kafka)[illuminate/http The Illuminate Http package. 11936.0M5.1k](/packages/illuminate-http)[ricorocks-digital-agency/soap A SOAP client that provides a clean interface for handling requests and responses. 4281.8M5](/packages/ricorocks-digital-agency-soap)[api-platform/laravel API Platform support for Laravel 59126.4k6](/packages/api-platform-laravel)[laravel-shift/curl-converter A command line tool to convert curl requests to Laravel HTTP requests. 935.3k](/packages/laravel-shift-curl-converter) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)