PHPackages duality-studio/lara-security - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. duality-studio/lara-security ActiveLibrary[Security](/categories/security) duality-studio/lara-security ============================ A straight implementation of security headers for Laravel v0.3.0(8mo ago)0980—0%MITPHPPHP ^8.2 Since Nov 26Pushed 8mo agoCompare [ Source](https://github.com/DualityStudio/lara-security)[ Packagist](https://packagist.org/packages/duality-studio/lara-security)[ RSS](/packages/duality-studio-lara-security/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (6)Dependencies (2)Versions (7)Used By (0) Lara Security ============= [](#lara-security) Simple way to add various security headers to a Laravel application. This project is WIP and could with cleanup, better implementation and some docs. Docs ==== [](#docs) TODO, the bellow is 5 minute notes. ### Install [](#install) ``` composer require duality-studio/lara-security php artisan vendor:publish --provider="DualityStudio\LaraSecurity\LaraSecurityServiceProvider" ``` In your `app/Http/Kernel.php` add the following to the `$middleware` array or as you see fit. ``` \DualityStudio\LaraSecurity\SecurityHeaders::class, ``` In your `config/lara-security.php` you can configure the headers you want to use, all are enabled by default. In the CSP header is broken into directives. ### Nonces [](#nonces) If you intend to use a nonce in your you will need to add a script or style directive for your static files. ``` window.addEventListener('load', function () { console.log(1); }); ``` ``` body { background: #fff; } ``` ### Usage with Vite [](#usage-with-vite) Set `use_vite` to true in the config file. This will automatically add the `nonce` to the script and style tags in the vite manifest. Usage of the package is problematic when using the vite dev server, so you can disable the package when in dev mode by adding the following to your .env ``` LARA_SECURITY_ENABLED=false ``` ### Usage with Inertia.JS [](#usage-with-inertiajs) If you are using Inertia.JS you will need to add the following to your `app.blade.php` file. ``` @routes(null, nonce(\DualityStudio\LaraSecurity\Directives::SCRIPT)) @viteReactRefresh @vite(['resources/js/app.jsx', "resources/js/Pages/{$page['component']}.jsx"]) @inertiaHead ``` ### Health Score 36 — LowBetter than 82% of packages Maintenance58 Moderate activity, may be stable Popularity18 Limited adoption so far Community6 Small or concentrated contributor base Maturity49 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~125 days Total 6 Last Release 267d ago PHP version history (2 changes)v0.1PHP ^8.1 v0.2PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/0ad54b5ea567c728fa20f9c1560ca552a940296013ce8aca81f85f83c8bb9737?d=identicon)[thomaspalmer94](/maintainers/thomaspalmer94) --- Top Contributors [![thomaspalmer](https://avatars.githubusercontent.com/u/2190634?v=4)](https://github.com/thomaspalmer "thomaspalmer (10 commits)") --- Tags datetimeheaderscsp ### Embed Badge ![Health badge](/badges/duality-studio-lara-security/health.svg) ``` [![Health](https://phpackages.com/badges/duality-studio-lara-security/health.svg)](https://phpackages.com/packages/duality-studio-lara-security) ``` ### Alternatives [spatie/laravel-csp Add CSP headers to the responses of a Laravel app 8519.6M19](/packages/spatie-laravel-csp)[aidantwoods/secureheaders A PHP class aiming to make the use of browser security features more accessible. 433689.3k2](/packages/aidantwoods-secureheaders)[mazedlx/laravel-feature-policy Add Feature-Policy headers to the responses of a Laravel app 17180.5k](/packages/mazedlx-laravel-feature-policy)[stevenmaguire/laravel-middleware-csp Provides support for enforcing Content Security Policy with headers in Laravel responses. 39107.6k](/packages/stevenmaguire-laravel-middleware-csp)[laragear/poke Keep your forms alive, avoid TokenMismatchException by gently poking your Laravel app 2211.5k](/packages/laragear-poke)[hyperia/yii2-secure-headers Secure headers for your Yii2 app 21189.5k](/packages/hyperia-yii2-secure-headers) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)