PHPackages basecom/magento2-csp-split-header - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. basecom/magento2-csp-split-header ActiveMagento2-module[Security](/categories/security) basecom/magento2-csp-split-header ================================= Magento 2 module to split oversized CSP headers into multiple headers. 1.0.7(1y ago)5274.8k—7.8%4[2 issues](https://github.com/basecom/magento2-csp-split-header/issues)MITPHPPHP ~8.1CI passing Since Aug 2Pushed 1y ago3 watchersCompare [ Source](https://github.com/basecom/magento2-csp-split-header)[ Packagist](https://packagist.org/packages/basecom/magento2-csp-split-header)[ RSS](/packages/basecom-magento2-csp-split-header/feed)WikiDiscussions main Synced 1w ago READMEChangelog (8)Dependencies (4)Versions (11)Used By (0) Basecom\_CspSplitHeader Magento 2 Module ======================================== [](#basecom_cspsplitheader-magento-2-module) [![Packagist](https://camo.githubusercontent.com/34eecb24e061072e1272c2eb84f2011446662462d13e3e63c10550f0b7aee419/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f62617365636f6d2f6d6167656e746f322d6373702d73706c69742d6865616465722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/basecom/magento2-csp-split-header)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Supported Magento Versions](https://camo.githubusercontent.com/2113b3a30955562f026a2b7dda3a09fee30d0c49aacbfce67193c5dc7b434617/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6d6167656e746f2d322e342d627269676874677265656e2e7376673f6c6f676f3d6d6167656e746f266c6f6e6743616368653d74727565267374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/2113b3a30955562f026a2b7dda3a09fee30d0c49aacbfce67193c5dc7b434617/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6d6167656e746f2d322e342d627269676874677265656e2e7376673f6c6f676f3d6d6167656e746f266c6f6e6743616368653d74727565267374796c653d666c61742d737175617265) --- Important As of Magento 2.4.7 it is no longer possible to deactivate the Magento CSP module. With a growing *Content Security Policies* (CSP) whitelist, the problem can arise that the headers `Content-Security-Policy-Report-Only` and/or `Content-Security-Policy` become so large that they exceed the maximum permitted size of a header field, causing the web server to not process the response any further. The CSP mechanism allows multiple policies to be specified for a resource, including via the `Content-Security-Policy`header, the `Content-Security-Policy-Report-Only` header and a `meta`element \[[MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#multiple_content_security_policies)\]. **Therefore, the headers can be specified more than once.** This is where the module comes into play. It implements an *after method plugin* for the method `Magento\Csp\Model\Policy\Renderer\SimplePolicyHeaderRenderer::render`, which replaces the existing CSP headers via the method `\Magento\Framework\App\Response\HttpInterface::setHeader`. The header is read, split so that the syntax remains valid, and replaced by the new headers. The result is a separate header for each directive, each of which should no longer exceed the maximum permitted length of the web server. Tip If the headers are too large even after splitting, try to identify unnecessary Magento modules and remove them. Installation ------------ [](#installation) 1. Install it into your Magento 2 project with composer: ``` composer require basecom/magento2-csp-split-header ``` 2. Enable module ``` bin/magento setup:upgrade ``` Configuration ------------- [](#configuration) ConfigDefault ValueDescription`basecom_csp_split_header/settings/header_splitting_enable`0 *(disabled)*enables (1) / disables (0) the splitting of the CSP header`basecom_csp_split_header/settings/max_header_size`8000maximum allowed header field sizeThese values can be updated in the system configuration under `Basecom -> Content Security Policy -> Enable`. Example ------- [](#example) 1. CSP splitting *disabled* ``` Content-Security-Policy: default-src 'self' https://example.com; connect-src 'none'; script-src https://example.com/; ``` 2. CSP splitting *enabled* ``` Content-Security-Policy: default-src 'self' https://example.com; Content-Security-Policy: connect-src 'none'; Content-Security-Policy: script-src https://example.com/; ``` Known Issues ------------ [](#known-issues) ### CSP header is not split correctly ([\#5](https://github.com/basecom/magento2-csp-split-header/issues/5)) [](#csp-header-is-not-split-correctly-5) Lower the maximum allowed header field size threshold in the config `basecom_csp_split_header/settings/max_header_size`. ### Varnish 503 error ([\#7](https://github.com/basecom/magento2-csp-split-header/issues/7)) [](#varnish-503-error-7) Increase the Varnish header size`http_resp_hdr_len`. The default value is 8kb. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security -------- [](#security) If you discover any security related issues, please email instead of using the issue tracker. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. Copyright --------- [](#copyright) © 2024 basecom GmbH & Co. KG ### Health Score 43 — FairBetter than 89% of packages Maintenance43 Moderate activity, may be stable Popularity44 Moderate usage in the ecosystem Community14 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 85.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~33 days Recently: every ~57 days Total 8 Last Release 442d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4a67758dd1f3d42f956d3954dd65c125cdb85d0750c2cea0afaa139d4d5f5acb?d=identicon)[basecom](/maintainers/basecom) --- Top Contributors [![lsiebels](https://avatars.githubusercontent.com/u/57572111?v=4)](https://github.com/lsiebels "lsiebels (18 commits)")[![mfickers](https://avatars.githubusercontent.com/u/12683535?v=4)](https://github.com/mfickers "mfickers (2 commits)")[![eneskirca](https://avatars.githubusercontent.com/u/39504888?v=4)](https://github.com/eneskirca "eneskirca (1 commits)") --- Tags magentomagento2magento2-extensionmagento2-extension-freemagento2-modulemagento2-plugin ### Embed Badge ![Health badge](/badges/basecom-magento2-csp-split-header/health.svg) ``` [![Health](https://phpackages.com/badges/basecom-magento2-csp-split-header/health.svg)](https://phpackages.com/packages/basecom-magento2-csp-split-header) ``` ### Alternatives [mollie/magento2 Mollie Payment Module for Magento 2 1131.8M12](/packages/mollie-magento2)[run-as-root/magento2-prometheus-exporter Magento2 Prometheus Exporter 68353.9k](/packages/run-as-root-magento2-prometheus-exporter)[loki/magento2-components Core module for defining Alpine.js components with advanced AJAX features 1010.0k22](/packages/loki-magento2-components)[fastly/magento2 Fastly CDN Module for Magento 2.4.x 1564.3M1](/packages/fastly-magento2)[adyen/module-payment Official Magento2 Plugin to connect to Payment Service Provider Adyen. 1673.1M10](/packages/adyen-module-payment)[baldwin/magento2-module-url-data-integrity-checker Magento 2 module which can find potential url related problems in your catalog data 282806.2k](/packages/baldwin-magento2-module-url-data-integrity-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)