PHPackages                             area17/twill-security-headers - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. area17/twill-security-headers

ActiveLibrary[Security](/categories/security)

area17/twill-security-headers
=============================

A Twill Capsule to add and handle Security Headers

v2.1.1(1y ago)44.0k—8.9%Apache-2.0PHPPHP &gt;=8.0

Since Jan 19Pushed 1y ago4 watchersCompare

[ Source](https://github.com/area17/twill-security-headers)[ Packagist](https://packagist.org/packages/area17/twill-security-headers)[ Docs](https://github.com/area17/twill-security-headers)[ GitHub Sponsors](https://github.com/area17)[ RSS](/packages/area17-twill-security-headers/feed)WikiDiscussions 2.x Synced 2d ago

READMEChangelogDependencies (6)Versions (16)Used By (0)

Security Headers Twill Capsule
==============================

[](#security-headers-twill-capsule)

This Twill Capsule is intended to enable developers add Security Headers configuration to applications, giving users a friendly dashboard to configure these headers:

Screenshots
-----------

[](#screenshots)

### CMS configuration

[](#cms-configuration)

[![screenshot 1](docs/screenshot01.png)](docs/screenshot01.png)

[![screenshot 2](docs/screenshot02.png)](docs/screenshot02.png)

### [Mozilla Observatory](https://observatory.mozilla.org) security headers check

[](#mozilla-observatory-security-headers-check)

[![screenshot 2](docs/screenshot03.png)](docs/screenshot03.png)

Supported Headers
-----------------

[](#supported-headers)

- [CSP (Content Security Policy)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)
- [HSTS (Strict-Transport-Security)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security)
- [Permissions-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy)
- [Referrer-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy)
- [X-Content-Type-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options)
- [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options)
- [Expect-CT](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT) (deprecated by most browsers)
- [X-XSS-Protection](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) (non-standard, not for production)

Unwanted headers
----------------

[](#unwanted-headers)

This capsule also has an option for removing any unwanted headers from the response. Update the `config/twill-security-headers.php` file to add any unwanted headers from the response:

```
'unwanted-headers' => ['X-Powered-By', 'server', 'Server'],
```

Installing
----------

[](#installing)

Supported Versions
------------------

[](#supported-versions)

Composer will manage this automatically for you, but these are the supported versions between Twill and this package.

Twill VersionHTTP Basic Auth Capsule3.x2.x2.x1.x### Require the Composer package:

[](#require-the-composer-package)

```
composer require area17/twill-security-headers
```

### Publish the configuration

[](#publish-the-configuration)

```
php artisan vendor:publish --provider="A17\TwillSecurityHeaders\ServiceProvider"
```

### Migrate the database to create package tables

[](#migrate-the-database-to-create-package-tables)

```
php artisan migrate
```

### Usage

[](#usage)

It's pretty straightforward, once installed you will have access to the menu option `Twill Security Headers`, which is a single page having all the supported headers that you can enable, disable and edit the properties to sent with the response.

### Menu

[](#menu)

If you are clearing the Twill menu in order to create a new one yourself, you will need to add it manually:

```
TwillNavigation::clear();

...

TwillNavigation::addLink(
    NavigationLink::make()
        ->forModule('TwillSecurityHeaders')
        ->title('Security headers')
);
```

### CSP config

[](#csp-config)

Creating CSP policies usually takes time and it's hard to write them manually. You can make use if [Report URI](https://report-uri.com/home/generate), a great tool that allows you to paste your current policy, edit and generate a new string to be pasted on the package.

Disabling
---------

[](#disabling)

This package is enabled and injects itself automatically. To disable it you just need to add to `.env`:

```
TWILL_SECURITY_HEADERS_ENABLED=false
```

Contribute
----------

[](#contribute)

Please contribute to this project by submitting pull requests.

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance37

Infrequent updates — may be unmaintained

Popularity26

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~45 days

Total

16

Last Release

578d ago

Major Versions

v1.0.7 → v2.0.82024-05-03

v1.0.8 → v2.0.92024-05-03

### Community

Maintainers

![](https://www.gravatar.com/avatar/d9421a69d192db597169ec3519ad3efc6a35a660e4525e2ed08f6c753b908e86?d=identicon)[AntonioCarlosRibeiro](/maintainers/AntonioCarlosRibeiro)

![](https://avatars.githubusercontent.com/u/13578874?v=4)[twill](/maintainers/twill)[@twill](https://github.com/twill)

---

Top Contributors

[![antonioribeiro](https://avatars.githubusercontent.com/u/3182864?v=4)](https://github.com/antonioribeiro "antonioribeiro (1 commits)")

###  Code Quality

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/area17-twill-security-headers/health.svg)

```
[![Health](https://phpackages.com/badges/area17-twill-security-headers/health.svg)](https://phpackages.com/packages/area17-twill-security-headers)
```

###  Alternatives

[mews/purifier

Laravel 5/6/7/8/9/10 HtmlPurifier Package

2.0k18.7M143](/packages/mews-purifier)[paragonie/ecc

PHP Elliptic Curve Cryptography library

24820.0k38](/packages/paragonie-ecc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
