PHPackages guttmann/silverstripe-security-headers - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. guttmann/silverstripe-security-headers ActiveSilverstripe-module[Security](/categories/security) guttmann/silverstripe-security-headers ====================================== 1.0.4(8y ago)16.0k7[3 PRs](https://github.com/guttmann/silverstripe-security-headers/pulls)MITPHPPHP >=5.3.2 Since Mar 28Pushed 2y ago1 watchersCompare [ Source](https://github.com/guttmann/silverstripe-security-headers)[ Packagist](https://packagist.org/packages/guttmann/silverstripe-security-headers)[ RSS](/packages/guttmann-silverstripe-security-headers/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (7)Used By (0) SilverStripe security headers ============================= [](#silverstripe-security-headers) [![Build Status](https://camo.githubusercontent.com/f43d31c2692c9d73ab8a3edf90ebcf0db1b2c961ab66e9e97dfd2cb343c8e443/68747470733a2f2f7472617669732d63692e6f72672f677574746d616e6e2f73696c7665727374726970652d73656375726974792d686561646572732e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/guttmann/silverstripe-security-headers)[![Code Coverage](https://camo.githubusercontent.com/7006a7bac7bfa9ae3c503b04d2779d088e34b60906bf34ff67ed28f6650fd88f/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f677574746d616e6e2f73696c7665727374726970652d73656375726974792d686561646572732f6261646765732f636f7665726167652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/guttmann/silverstripe-security-headers/?branch=master)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/72ce3929bac5dc50688332945be9d83ec513e24e6ed7be019767fbe9328aa6e6/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f677574746d616e6e2f73696c7665727374726970652d73656375726974792d686561646572732f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/guttmann/silverstripe-security-headers/?branch=master) SilverStripe module for easily adding a selection of [useful HTTP headers](https://www.owasp.org/index.php/List_of_useful_HTTP_headers). Comes with a default set of headers configured, but can be used to add any headers you wish. Install ------- [](#install) Install via [composer](https://getcomposer.org): ``` composer require guttmann/silverstripe-security-headers 1.0.* ``` Usage ----- [](#usage) ### Apply the extension [](#apply-the-extension) Apply the `SecurityHeaderControllerExtension` to the controller of your choice. For example, add this to your `mysite/_config/config.yml` file: ``` Page_Controller: extensions: - Guttmann\SilverStripe\SecurityHeaderControllerExtension ``` ### Configure the headers [](#configure-the-headers) Configure header values to suit your site, it's important your config is loaded after the security-headers module's config. For example, your `mysite/_config/config.yml` file might look like this: ``` --- Name: mysite After: - 'framework/*' - 'cms/*' - 'security-headers/*' --- Guttmann\SilverStripe\SecurityHeaderControllerExtension: headers: Content-Security-Policy: "default-src 'self' *.google-analytics.com;" Strict-Transport-Security: "max-age=2592000" ``` Disclaimer ---------- [](#disclaimer) I am not a security expert - the default header values used in this module are based on advice I have received from a number of sources. They are not set in stone and if you see any issues please send me a pull request. ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community14 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 87.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~267 days Total 5 Last Release 3001d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/e0ecd07f8fb11e45afa3f1c323fb9cc3366e118fedf9715ef0e30e01d7de1b32?d=identicon)[guttmann](/maintainers/guttmann) --- Top Contributors [![tyrannosaurusjames](https://avatars.githubusercontent.com/u/3037783?v=4)](https://github.com/tyrannosaurusjames "tyrannosaurusjames (21 commits)")[![jgoodman-tec](https://avatars.githubusercontent.com/u/152564140?v=4)](https://github.com/jgoodman-tec "jgoodman-tec (2 commits)")[![sheadawson](https://avatars.githubusercontent.com/u/1166136?v=4)](https://github.com/sheadawson "sheadawson (1 commits)") ### Embed Badge ![Health badge](/badges/guttmann-silverstripe-security-headers/health.svg) ``` [![Health](https://phpackages.com/badges/guttmann-silverstripe-security-headers/health.svg)](https://phpackages.com/packages/guttmann-silverstripe-security-headers) ``` ### Alternatives [johnbillion/user-switching Instant switching between user accounts in WordPress and WooCommerce. 19768.3k2](/packages/johnbillion-user-switching)[bringyourownideas/silverstripe-composer-security-checker Provides information if your SilverStripe application uses dependencies with known vulnerabilities. 10103.9k2](/packages/bringyourownideas-silverstripe-composer-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)