PHPackages jcaillot/owasp-listener - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. jcaillot/owasp-listener ArchivedLibrary[Security](/categories/security) jcaillot/owasp-listener ======================= Symfony Response Event Listener for OWASP headers v1.0.1(4y ago)010MITPHPPHP ^7.4 || ^8.0 Since Sep 30Pushed 4y ago1 watchersCompare [ Source](https://github.com/jcaillot/owasp-listener)[ Packagist](https://packagist.org/packages/jcaillot/owasp-listener)[ RSS](/packages/jcaillot-owasp-listener/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (2)Used By (0) jcaillot/owasp-listener ======================= [](#jcaillotowasp-listener) ### OWASP header Response EventListener for the Symfony framework [](#owasp-header-response-eventlistener-for-the-symfony-framework) > Symfony Response event listener, adds OWASP recommended HTTP headers Prerequisites ------------- [](#prerequisites) Symfony >= 4 Installation ------------ [](#installation) ``` `composer require jcaillot/owasp-listener` ``` In config/services.yaml add the following: ``` Chaman\EventListener\OwaspHeaderListener: tags: - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse } arguments: - { #'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains', 'Content-Type': 'text/html; charset=utf-8', 'X-Content-Type-Option': 'nosniff', 'X-XSS-Protection': '1; mode=block', 'X-Frame-Options': 'DENY', 'X-Permitted-Cross-Domain-Policies': 'none', 'Referrer-Policy': 'same-origin', 'Content-Security-Policy': 'frame-ancestors ''none''', 'Feature-Policy': 'camera: ''none''; payment: ''none''; microphone: ''none''' } ``` About OWASP recommender headers ------------------------------- [](#about-owasp-recommender-headers) More infos on OWASP recommended headers can be found on the OWASP Secure Headers Project Wiki: [OWASP](https://wiki.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Headers) License ------- [](#license) [MIT](https://choosealicense.com/licenses/mit/) ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity5 Limited adoption so far Community7 Small or concentrated contributor base Maturity55 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1682d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/55d128e145861bd2b84352101807005a5c1bca03fdced11b251c6c4e5855d102?d=identicon)[jcaillot](/maintainers/jcaillot) --- Top Contributors [![jcaillot](https://avatars.githubusercontent.com/u/22201753?v=4)](https://github.com/jcaillot "jcaillot (2 commits)") --- Tags symfonyowaspresponse headers ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/jcaillot-owasp-listener/health.svg) ``` [![Health](https://phpackages.com/badges/jcaillot-owasp-listener/health.svg)](https://phpackages.com/packages/jcaillot-owasp-listener) ``` ### Alternatives [tilleuls/url-signer-bundle Create and validate signed URLs with a limited lifetime in Symfony 81340.1k](/packages/tilleuls-url-signer-bundle)[owasp/csrf-protector-php CSRF protector php, a standalone php library for csrf mitigation in web applications. Easy to integrate in any php web app. 222348.3k3](/packages/owasp-csrf-protector-php) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)