PHPackages jcaillot/laminas-owasp-headers - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. jcaillot/laminas-owasp-headers ActiveLibrary[HTTP & Networking](/categories/http) jcaillot/laminas-owasp-headers ============================== Laminas listener; adds Owasp headers to the HTTP response v1.0(4y ago)016MITPHPPHP ^7.3 || ~8.0.0 Since Oct 8Pushed 4y ago1 watchersCompare [ Source](https://github.com/jcaillot/laminas-owasp-headers)[ Packagist](https://packagist.org/packages/jcaillot/laminas-owasp-headers)[ RSS](/packages/jcaillot-laminas-owasp-headers/feed)WikiDiscussions main Synced yesterday READMEChangelog (1)Dependencies (7)Versions (2)Used By (0) jcaillot/laminas-owasp-headers ============================== [](#jcaillotlaminas-owasp-headers) ### OWASP headers Response Listener for the Laminas framework [](#owasp-headers-response-listener-for-the-laminas-framework) > Laminas MvcEvent::EVENT\_RENDER listener, adds OWASP recommended HTTP headers to the HTTP Response Installation ------------ [](#installation) `composer require jcaillot/laminas-owasp-headers` In <Your Module>/config/module.config.php, add the following declarations: ``` 'service_manager' => [ 'invokables' => [ ... \Chaman\Listener\OwaspHeadersListener::class => \Chaman\Listener\OwaspHeadersListener::class ], ], 'listeners' => [ ... \Chaman\Listener\OwaspHeadersListener::class ], 'owasp-headers' => [ # Browsers (or other complying user agents) should only interact with me using secure HTTPS connections: # see https://https.cio.gov/hsts/ 'Strict-Transport-Security' => 'max-age=31536000; includeSubDomains; preload', # Prevents the browser from interpreting files as something else than declared by the content type: 'X-Content-Type-Option' => 'nosniff', 'Content-Type' => 'text/html; charset=utf-8', # Enables the Cross-site scripting (XSS) filter in the browser: 'X-XSS-Protection' => '1; mode=block', # The browser must not display the transmitted content in frames: 'X-Frame-Options' => 'DENY', # No XML policy file( (for Flash or Acrobat) allowed: # see https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html 'X-Permitted-Cross-Domain-Policies' => 'none', # Referrer-Policy HTTP header governs which referrer information, sent in the Referer header, should be included: 'Referrer-Policy' => 'same-origin', # Content Security Policy (CSP) requires careful tuning # see https://csp-evaluator.withgoogle.com # suggested: 'Content-Security-Policy' => 'default-src \'self\'; img-src \'self\'; script-src \'self\'; frame-ancestors \'none\'', 'Content-Security-Policy' => 'frame-ancestors \'none\'', # Selectively enable and disable use of various browser features and APIs 'Feature-Policy' => 'camera: \'none\'; payment: \'none\'; microphone: \'none\'', ], ``` Open your browser console on the network tab and check the headers are added. About OWASP recommender headers ------------------------------- [](#about-owasp-recommender-headers) More infos on OWASP recommended headers can be found on the OWASP Secure Headers Project Wiki: [OWASP](https://wiki.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers) License ------- [](#license) [MIT](https://choosealicense.com/licenses/mit/) ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1676d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/55d128e145861bd2b84352101807005a5c1bca03fdced11b251c6c4e5855d102?d=identicon)[jcaillot](/maintainers/jcaillot) --- Top Contributors [![jcaillot](https://avatars.githubusercontent.com/u/22201753?v=4)](https://github.com/jcaillot "jcaillot (3 commits)") --- Tags laminasheadersowasp ### Code Quality Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/jcaillot-laminas-owasp-headers/health.svg) ``` [![Health](https://phpackages.com/badges/jcaillot-laminas-owasp-headers/health.svg)](https://phpackages.com/packages/jcaillot-laminas-owasp-headers) ``` ### Alternatives [laminas/laminas-diactoros PSR HTTP Message implementations 546105.8M965](/packages/laminas-laminas-diactoros)[amphp/hpack HTTP/2 HPack implementation. 1088.5M7](/packages/amphp-hpack)[laminas/laminas-httphandlerrunner Execute PSR-15 RequestHandlerInterface instances and emit responses they generate. 7017.9M205](/packages/laminas-laminas-httphandlerrunner)[laminas/laminas-http Provides an easy interface for performing Hyper-Text Transfer Protocol (HTTP) requests 3729.5M267](/packages/laminas-laminas-http)[laminas/laminas-router Flexible routing system for HTTP and console applications 3520.6M64](/packages/laminas-laminas-router)[laminas/laminas-stratigility PSR-7 middleware foundation for building and dispatching middleware pipelines 586.6M81](/packages/laminas-laminas-stratigility) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)