PHPackages                             middlewares/csp - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. middlewares/csp

ActiveLibrary[HTTP &amp; Networking](/categories/http)

middlewares/csp
===============

Middleware to add the Content-Security-Policy header to the response

v3.2.0(1y ago)1524.0k↑16.3%MITPHPPHP ^7.2 || ^8.0CI failing

Since Oct 9Pushed 1y ago1 watchersCompare

[ Source](https://github.com/middlewares/csp)[ Packagist](https://packagist.org/packages/middlewares/csp)[ Docs](https://github.com/middlewares/csp)[ RSS](/packages/middlewares-csp/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (10)Dependencies (9)Versions (16)Used By (0)

middlewares/csp
===============

[](#middlewarescsp)

[![Latest Version on Packagist](https://camo.githubusercontent.com/1d877b30551bd9dfd03ddd6d2eb49d2aad9c9fe236c1b9f9ba7c0a9692a409c3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6964646c6577617265732f6373702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/middlewares/csp)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Testing](https://github.com/middlewares/csp/workflows/testing/badge.svg)](https://github.com/middlewares/csp/workflows/testing/badge.svg)[![Total Downloads](https://camo.githubusercontent.com/c66d1ac468b5db452e5d130b2d36dde59f1290fbd4e01ca87309f66d423dcbaf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6964646c6577617265732f6373702e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/middlewares/csp)

Middleware to add the [Content-Security-Policy](https://content-security-policy.com/) header to the response using [paragonie/csp-builder](https://github.com/paragonie/csp-builder) library.

Requirements
------------

[](#requirements)

- PHP &gt;= 7.2
- A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)
- A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)

Installation
------------

[](#installation)

This package is installable and autoloadable via Composer as [middlewares/csp](https://packagist.org/packages/middlewares/csp).

```
composer require middlewares/csp
```

Example
-------

[](#example)

```
use ParagonIE\CSPBuilder\CSPBuilder;

$csp = CSPBuilder::fromFile('/path/to/source.json');

Dispatcher::run([
    new Middlewares\Csp($csp)
]);
```

Usage
-----

[](#usage)

Set the CSP builder to the constructor. See [paragonie/csp-builder](https://github.com/paragonie/csp-builder) for more info. If it's not provided, create a generic one with restrictive directives.

### legacy

[](#legacy)

To generate legacy CSP headers for old browsers (`X-Content-Security-Policy` and `X-Webkit-CSP`). By default is `true` but you can disabled it:

```
$middleware = (new Middlewares\Csp($csp))->legacy(false);
```

Helpers
-------

[](#helpers)

### createFromFile

[](#createfromfile)

Shortcut to create instances using a json file:

```
Dispatcher::run([
    Middlewares\Csp::createFromFile(__DIR__.'/csp-config.json')
]);
```

### createFromData

[](#createfromdata)

Shortcut to create instances using an array with data:

```
Dispatcher::run([
    Middlewares\Csp::createFromData([
        'script-src' => ['self' => true],
        'object-src' => ['self' => true],
        'frame-ancestors' => ['self' => true],
    ])
]);
```

---

Please see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.

The MIT License (MIT). Please see [LICENSE](LICENSE) for more information.

###  Health Score

45

—

FairBetter than 91% of packages

Maintenance42

Moderate activity, may be stable

Popularity34

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity76

Established project with proven stability

 Bus Factor1

Top contributor holds 96.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~220 days

Recently: every ~605 days

Total

15

Last Release

468d ago

Major Versions

v0.6.0 → v1.0.02018-01-26

v1.0.1 → v2.0.02018-08-04

v2.0.0 → v3.0.02019-12-01

PHP version history (4 changes)v0.1.0PHP ^5.6 || ^7.0

v0.6.0PHP ^7.0

v3.0.0PHP ^7.2

v3.1.1PHP ^7.2 || ^8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/e99df56b617f4af8cf0556a51a0ca20c7420104920c57d7e9eab093f92bb744f?d=identicon)[oscarotero](/maintainers/oscarotero)

![](https://www.gravatar.com/avatar/42e0d72f42eb7d84f67e20d28606da42e5a3248ca908b1eadb4366aafeae2561?d=identicon)[filisko](/maintainers/filisko)

---

Top Contributors

[![oscarotero](https://avatars.githubusercontent.com/u/377873?v=4)](https://github.com/oscarotero "oscarotero (54 commits)")[![filisko](https://avatars.githubusercontent.com/u/8798694?v=4)](https://github.com/filisko "filisko (2 commits)")

---

Tags

csphttpmiddlewarepsr-15securityhttppsr-7middlewaresecuritypsr-15cspcontent-security-policy

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/middlewares-csp/health.svg)

```
[![Health](https://phpackages.com/badges/middlewares-csp/health.svg)](https://phpackages.com/packages/middlewares-csp)
```

###  Alternatives

[mezzio/mezzio

PSR-15 Middleware Microframework

3923.8M125](/packages/mezzio-mezzio)[laminas/laminas-stratigility

PSR-7 middleware foundation for building and dispatching middleware pipelines

587.2M101](/packages/laminas-laminas-stratigility)[middlewares/firewall

Middleware to provide IP filtering

12320.3k2](/packages/middlewares-firewall)[mezzio/mezzio-authentication

Authentication middleware for Mezzio and PSR-7 applications

131.7M39](/packages/mezzio-mezzio-authentication)[middlewares/cors

Middleware to implement Cross-Origin Resource Sharing (CORS)

1375.0k3](/packages/middlewares-cors)[middlewares/referrer-spam

Middleware to block referrer spammers

1159.8k4](/packages/middlewares-referrer-spam)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
