PHPackages cloudgrayau/csp - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. cloudgrayau/csp ActiveCraft-plugin[Utility & Helpers](/categories/utility) cloudgrayau/csp =============== Content Security Policy manager for Craft CMS 1.3.0(1y ago)51.1k↓31.8%MITPHPPHP ^8.0|^8.2 Since May 23Pushed 1y ago1 watchersCompare [ Source](https://github.com/cloudgrayau/csp)[ Packagist](https://packagist.org/packages/cloudgrayau/csp)[ RSS](/packages/cloudgrayau-csp/feed)WikiDiscussions craft4 Synced 1mo ago READMEChangelog (9)Dependencies (2)Versions (10)Used By (0) CSP for Craft CMS 4/5 ===================== [](#csp-for-craft-cms-45) Content Security Policy manager for Craft CMS. [![Screenshot](resources/csp.png)](resources/csp.png) Requirements ------------ [](#requirements) This plugin requires Craft CMS 4.0.0 or later. Installation ------------ [](#installation) `composer require cloudgrayau/csp` CSP Overview ------------ [](#csp-overview) CSP is a Content Security Policy and HTTP Header Response manager for Craft CMS. ### SEOmatic Compatibility [](#seomatic-compatibility) This plugin is 100% compatible with any nonces generated by the `Automatic Render Enabled` setting inside `SEOmatic Plugin Settings (General)`. To ensure compatibility, please set the `Nonces for tags` to **`Response Headers`** inside the `SEOmatic Plugin Settings (Tags)`. *Please note; any `script-src` CSP tags set within SEOmatic will also be applied. The `Content-Security-Policy` HTTP Response Header applied by SEOMatic is automatically overridden and/or removed.* ### Blitz Compatibility [](#blitz-compatibility) To ensure the Content Security Policy remains compatible with Blitz Caching enabled, please ensure the `CSP Mode` is set to **`Meta Tags`** inside the `CSP Settings (Settings)`. Setup ----- [](#setup) The plugin can be configured via the `Craft CMS Settings` or by using the supplied `config/csp.php` file. Additional nonces can be configured in your templates as follows: ``` {# HTML #} {# CSS Twig tags #} {% do view.registerCssFile(url('scss/styles.scss'), { nonce: csp('style-src') }) %} {% do view.registerCss('background:red;', { nonce: csp('style-src') }) %} {# JS Twig tags #} {% do view.registerJsFile(url('js/site.js'), { nonce: csp('script-src') }) %} ``` ### Overriding Config [](#overriding-config) The CSP configuration can be updated in realtime via your templates with twig. This can be useful, for example to disable the CSP on XHR requests. ``` {% do craft.csp.config({'cspEnabled': false}) %} ``` Brought to you by [Cloud Gray Pty Ltd](https://cloudgray.com.au/) ### Health Score 35 — LowBetter than 80% of packages Maintenance35 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community7 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~60 days Recently: every ~69 days Total 9 Last Release 608d ago PHP version history (2 changes)1.0.0PHP ^8.0 1.1.0PHP ^8.0|^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/ac0122f7a7aab3787d35057daeb1ca626f9d27611e17af984b41fb0e288bd117?d=identicon)[cloudgrayau](/maintainers/cloudgrayau) --- Top Contributors [![cloudgrayau](https://avatars.githubusercontent.com/u/43738347?v=4)](https://github.com/cloudgrayau "cloudgrayau (16 commits)") --- Tags cmscspcontent-security-policyCraftcraftcmscraft-plugin ### Embed Badge ![Health badge](/badges/cloudgrayau-csp/health.svg) ``` [![Health](https://phpackages.com/badges/cloudgrayau-csp/health.svg)](https://phpackages.com/packages/cloudgrayau-csp) ``` ### Alternatives [verbb/navigation Create navigation menus for your site. 90683.7k17](/packages/verbb-navigation)[verbb/formie The most user-friendly forms plugin for Craft. 101372.9k40](/packages/verbb-formie)[verbb/comments Add comments to your site. 13753.1k](/packages/verbb-comments)[verbb/tablemaker Create customizable and user-defined table fields. 40168.8k1](/packages/verbb-tablemaker)[supercool/tablemaker Create customizable and user-defined table fields. 40141.7k](/packages/supercool-tablemaker)[verbb/vizy A flexible visual editor field for Craft. 4348.6k](/packages/verbb-vizy) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)