PHPackages                             kronos/csp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. kronos/csp

ActiveLibrary[Security](/categories/security)

kronos/csp
==========

A Content-Security-Policy header builder

v2.4.0(2mo ago)1197.5k↑124.3%[1 issues](https://github.com/kronostechnologies/kronos-csp/issues)MITPHPPHP ^8.4 || ^8.5CI passing

Since Jan 11Pushed 1mo ago21 watchersCompare

[ Source](https://github.com/kronostechnologies/kronos-csp)[ Packagist](https://packagist.org/packages/kronos/csp)[ Docs](https://github.com/kronostechnologies/kronos-csp)[ RSS](/packages/kronos-csp/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (7)Dependencies (14)Versions (12)Used By (0)

kronos-csp
==========

[](#kronos-csp)

A PHP [Content-Security-Policy](https://developer.mozilla.org/docs/HTTP/Headers/Content-Security-Policy) header generator library.

Usage
-----

[](#usage)

### Using the `Builder`:

[](#using-the-builder)

```
$factory = new \Kronos\ContentSecurityPolicy\Factory();
$builder = $factory->createContentSecurityPolicyBuilder();

$builder->setDefaultSrc(\Kronos\ContentSecurityPolicy\Policy::FETCH_NONE);

$policy = $builder->getContentSecurityPolicy();

header($policy->getHeader());
```

### Using the `PolicyDirectorInterface`:

[](#using-the-policydirectorinterface)

Director class:

```
use Kronos\ContentSecurityPolicy\Factory;
use Kronos\ContentSecurityPolicy\Policy;
use Kronos\ContentSecurityPolicy\PolicyDirectorInterface;

class Director implements PolicyDirectorInterface
{

    /** @var Factory */
    protected $factory;

    ...

    /**
     * @param Factory $factory
     * ...
     */
    public function __construct(Factory $factory, ...)
    {
        $this->factory = $factory;
        ...
    }

    public function buildContentSecurityPolicy()
    {
        $builder = $this->factory->createContentSecurityPolicyBuilder();

        $builder->setDefaultSrc([Policy::FETCH_NONE]);
        $builder->setObjectSrc([Policy::FETCH_NONE]);
        $builder->setStyleSrc([
            'mysite.example/css',
            'fonts.googleapis.com',
            'fonts.gstatic.com',
            Policy::FETCH_UNSAFE_INLINE
        ]);
        $builder->setFontSrc([
            'mysite.example/fonts',
            'fonts.googleapis.com',
            Policy::FETCH_UNSAFE_INLINE
        ]);
        $builder->setFrameAncestors([Policy::FETCH_NONE]);

        $builder->setReportUri('mysite.example/api/csp-report/');
        $builder->setReportOnly();

        return $builder->getContentSecurityPolicy();
    }

}
```

Code:

```
$factory = new \Kronos\ContentSecurityPolicy\Factory();
$director = new Director($factory);

$policy = $director->buildContentSecurityPolicy();

header($policy->getHeader());
```

###  Health Score

56

—

FairBetter than 98% of packages

Maintenance67

Regular maintenance activity

Popularity34

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity87

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 68.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~296 days

Recently: every ~339 days

Total

11

Last Release

81d ago

Major Versions

v0.3.0 → v1.0.02021-05-20

v1.0.0 → v2.0.02022-05-30

PHP version history (5 changes)0.1.0PHP &gt;=5.6

v2.0.0PHP ^7.4 || ^8.1

v2.1.0PHP ^8.3

v2.3.0PHP ^8.4

v2.4.0PHP ^8.4 || ^8.5

### Community

Maintainers

![](https://www.gravatar.com/avatar/6a276bdbe1c5805dd2b3b437f07e004f21dd89dfaeaed95765dc657c79cefc24?d=identicon)[antoinedeschenes](/maintainers/antoinedeschenes)

---

Top Contributors

[![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (263 commits)")[![GTony](https://avatars.githubusercontent.com/u/6396422?v=4)](https://github.com/GTony "GTony (95 commits)")[![toby-daigle](https://avatars.githubusercontent.com/u/9417862?v=4)](https://github.com/toby-daigle "toby-daigle (7 commits)")[![etremblay](https://avatars.githubusercontent.com/u/617714?v=4)](https://github.com/etremblay "etremblay (5 commits)")[![jbreton](https://avatars.githubusercontent.com/u/617954?v=4)](https://github.com/jbreton "jbreton (4 commits)")[![christian-roy](https://avatars.githubusercontent.com/u/6309095?v=4)](https://github.com/christian-roy "christian-roy (4 commits)")[![melquisoft](https://avatars.githubusercontent.com/u/207942996?v=4)](https://github.com/melquisoft "melquisoft (2 commits)")[![meriouma](https://avatars.githubusercontent.com/u/1082552?v=4)](https://github.com/meriouma "meriouma (2 commits)")[![antoinedeschenes](https://avatars.githubusercontent.com/u/6216119?v=4)](https://github.com/antoinedeschenes "antoinedeschenes (2 commits)")[![Chris-V](https://avatars.githubusercontent.com/u/1116964?v=4)](https://github.com/Chris-V "Chris-V (1 commits)")

---

Tags

cspcontent-security-policykronos

###  Code Quality

TestsPHPUnit

Static AnalysisPsalm

Code StylePHP\_CodeSniffer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/kronos-csp/health.svg)

```
[![Health](https://phpackages.com/badges/kronos-csp/health.svg)](https://phpackages.com/packages/kronos-csp)
```

###  Alternatives

[spatie/laravel-csp

Add CSP headers to the responses of a Laravel app

8569.6M19](/packages/spatie-laravel-csp)[aidantwoods/secureheaders

A PHP class aiming to make the use of browser security features more accessible.

433689.3k2](/packages/aidantwoods-secureheaders)[bepsvpt/secure-headers

Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration.

5484.7M9](/packages/bepsvpt-secure-headers)[paragonie/csp-builder

Easily add and update Content-Security-Policy headers for your project

5412.8M18](/packages/paragonie-csp-builder)[stevenmaguire/laravel-middleware-csp

Provides support for enforcing Content Security Policy with headers in Laravel responses.

39107.6k](/packages/stevenmaguire-laravel-middleware-csp)[born05/craft-csp

Content Security Policy (or CSP) generator using nonces.

1110.2k](/packages/born05-craft-csp)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)