PHPackages heimrichhannot/contao-csp-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. heimrichhannot/contao-csp-bundle ActiveContao-bundle[Security](/categories/security) heimrichhannot/contao-csp-bundle ================================ A Content Security Policy (CSP) bundle to Contao 4. 0.1.1(1y ago)132GPL-3.0-or-laterPHPPHP ^8.1 Since Sep 16Pushed 1y ago5 watchersCompare [ Source](https://github.com/heimrichhannot/contao-csp-bundle)[ Packagist](https://packagist.org/packages/heimrichhannot/contao-csp-bundle)[ RSS](/packages/heimrichhannot-contao-csp-bundle/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (4)Versions (3)Used By (0) Contao CSP Bundle ================= [](#contao-csp-bundle) This bundle backports parts of the Content Security Policy (CSP) implementation of Contao 5.3 to Contao 4.13. > This bundle has no handling for inline scripts and styles. You need to add `'unsafe-inline'` to your directives. [![Page settings](docs/screenshots/settings.png)](docs/screenshots/settings.png) Upgrade to contao 5 ------------------- [](#upgrade-to-contao-5) This bundle is just a backport. You can seamlessly upgrade to Contao 5.3 without touching your CSP configuration (you need to uninstall this bundle before upgrading). Afterwards you can also remove the `'unsafe-inline'` directive from your CSP configuration as contao 5.3 has support for handling inline scripts and styles for csp. Installation ------------ [](#installation) Install the bundle via composer or contao manager and update the database afterwards. ``` composer require heimrichhannot/contao-csp-bundle ``` Configuration ------------- [](#configuration) Go to the root page settings. There you find an option to enable CSP. If you enable it, you can configure the CSP directives. Read more --------- [](#read-more) [Offical documentation](https://docs.contao.org/manual/de/seitenstruktur/website-startseite/#content-security-policy) [Pull request](https://github.com/contao/contao/pull/6631) ### Health Score 26 — LowBetter than 43% of packages Maintenance42 Moderate activity, may be stable Popularity9 Limited adoption so far Community9 Small or concentrated contributor base Maturity39 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~139 days Total 2 Last Release 470d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/28ad3224d8727b622ebd229840eea6b9dbcb83eb0bd609e6ce65b614830ff538?d=identicon)[digitales@heimrich-hannot.de](/maintainers/digitales@heimrich-hannot.de) --- Top Contributors [![koertho](https://avatars.githubusercontent.com/u/12064642?v=4)](https://github.com/koertho "koertho (16 commits)") ### Embed Badge ![Health badge](/badges/heimrichhannot-contao-csp-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/heimrichhannot-contao-csp-bundle/health.svg)](https://phpackages.com/packages/heimrichhannot-contao-csp-bundle) ``` ### Alternatives [contao/manager-bundle Provides the Contao Managed Edition 181.3M61](/packages/contao-manager-bundle)[tilleuls/url-signer-bundle Create and validate signed URLs with a limited lifetime in Symfony 81340.1k](/packages/tilleuls-url-signer-bundle)[fritzmg/contao-file-access Contao extension that allows file access restrictions for frontend users. 105.1k](/packages/fritzmg-contao-file-access)[br/signed-request-bundle Symfony2 Bundle that provides request and response signing 161.7k](/packages/br-signed-request-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)