PHPackages dnadesign/silverstripe-securityheaders - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. dnadesign/silverstripe-securityheaders ActiveLibrary[Security](/categories/security) dnadesign/silverstripe-securityheaders ====================================== Enable setting of content security policy (CSP) 1.2(1y ago)2862↓33.3%[1 issues](https://github.com/rafaeldsousa/silverstripe-securityheaders/issues)BSD-3-ClausePHP Since May 1Pushed 11mo ago1 watchersCompare [ Source](https://github.com/rafaeldsousa/silverstripe-securityheaders)[ Packagist](https://packagist.org/packages/dnadesign/silverstripe-securityheaders)[ RSS](/packages/dnadesign-silverstripe-securityheaders/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (6)Used By (0) Silverstripe Security Headers Extension ======================================= [](#silverstripe-security-headers-extension) Security headers module for Silverstripe v4. Enable setting of content security policy (CSP). Setting CSP rules ----------------- [](#setting-csp-rules) You should set your own rules in your yml file. Below is just a basic usages example. The basic usage ``` DNADesign\SecurityHeaders\SecurityHeadersExtension: # Add exceptions per page type - Optional exceptions: - PageType headers: - ... whitelist: - ... ``` Add the adequate rules in your local \_config/.yml file ``` # CSP extended e.g DNADesign\SecurityHeaders\SecurityHeadersExtension: headers: Strict-Transport-Security: 'max-age=31536000; includeSubDomains' X-Frame-Options: 'SAMEORIGIN' Access-Control-Allow-Origin: 'self' X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: whitelist whitelist: default-src: data: - '''none''' script-src: data: - '''self''' - '''unsafe-inline''' - '''unsafe-eval''' style-src: data: - '''self''' - '''unsafe-inline''' font-src: data: - '''self''' img-src: data: - '''self''' - 'data:' - 'https://www.google.com' form-action: data: - '''self''' manifest-src: data: - '''self''' frame-src: data: - 'https://www.google.com' frame-ancestors: data: - '''self''' connect-src: data: - '''self''' - 'https://www.google.com' base-uri: data: - '''self''' ``` Testing ------- [](#testing) You can test your CSP rules with [CSP Evaluator](https://chrome.google.com/webstore/detail/csp-evaluator/fjohamlofnakbnbfjkohkbdigoodcejf) and [Caspr:Enforcer](https://chrome.google.com/webstore/detail/caspr-enforcer/fekcdjkhlbjngkimekikebfegbijjafd) References ---------- [](#references) This module was based on [guttmann/silverstripe-security-headers](https://github.com/guttmann/silverstripe-security-headers) [CSP docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) Disclaimer ---------- [](#disclaimer) I am not a security expert - there are no default header rules used in this module, you should do your on research and see if anything from the above example fits your needs. Please send me a pull request for any issues you spot or improvements that can be made. ### Health Score 34 — LowBetter than 77% of packages Maintenance36 Infrequent updates — may be unmaintained Popularity19 Limited adoption so far Community11 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~842 days Total 3 Last Release 524d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/efd88fa106982bcf2e3cd689e6a37d352c54308d14dedeac4ac477a47a432363?d=identicon)[DNADesign](/maintainers/DNADesign) ![](https://avatars.githubusercontent.com/u/984753?v=4)[Naomi Guyer](/maintainers/adrexia)[@adrexia](https://github.com/adrexia) --- Top Contributors [![alex-dna](https://avatars.githubusercontent.com/u/6982515?v=4)](https://github.com/alex-dna "alex-dna (1 commits)")[![djmattski](https://avatars.githubusercontent.com/u/3836638?v=4)](https://github.com/djmattski "djmattski (1 commits)")[![rafaeldsousa](https://avatars.githubusercontent.com/u/39249777?v=4)](https://github.com/rafaeldsousa "rafaeldsousa (1 commits)") ### Embed Badge ![Health badge](/badges/dnadesign-silverstripe-securityheaders/health.svg) ``` [![Health](https://phpackages.com/badges/dnadesign-silverstripe-securityheaders/health.svg)](https://phpackages.com/packages/dnadesign-silverstripe-securityheaders) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)