PHPackages                             kenshodigital/kirby-csp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. kenshodigital/kirby-csp

ActiveKirby-plugin[Security](/categories/security)

kenshodigital/kirby-csp
=======================

Adds a strict CSP header to Kirby projects.

2.0.1(2w ago)013MITPHPPHP ^8.5

Since Mar 17Pushed 2w agoCompare

[ Source](https://github.com/kenshodigital/kirby-csp)[ Packagist](https://packagist.org/packages/kenshodigital/kirby-csp)[ RSS](/packages/kenshodigital-kirby-csp/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (5)Dependencies (6)Versions (8)Used By (0)

Kirby CSP
=========

[](#kirby-csp)

Adds a [strict CSP](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html#strict-policy) header to [Kirby](https://getkirby.com) projects.

General
-------

[](#general)

Uses Kirby’s native nonce feature (used for the panel) to add a strict [nonce-based](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html#nonce-based-strict-policy) content security policy header to HTML pages.

### Further reading

[](#further-reading)

- [`$kirby->nonce()`](https://getkirby.com/docs/reference/objects/cms/app/nonce)

Usage
-----

[](#usage)

### Installation

[](#installation)

```
composer require kenshodigital/kirby-csp ^2.0
```

### Setup

[](#setup)

The plugin is not configurable and just follows the latest [best practices](https://web.dev/articles/strict-csp).

```
script-src 'nonce-[…]' 'strict-dynamic'; object-src 'none'; base-uri 'none';

```

### Development

[](#development)

However, scripts in your frontend are expected to include a nonce, like this.

```
