Configures security headers like content security policy

Installs: 140

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 7

Forks: 0

Open Issues: 0


v1.3.0 2023-04-25 08:56 UTC

This package is auto-updated.

Last update: 2023-11-25 10:14:46 UTC


TYPO3 11 TYPO3 12

TYPO3 Extension ls_security_headers

This extension offers configurable security headers for the frontend.


  1. Install the extension by using composer
  2. Create a "Security Headers" record on the root page and configure the desired headers
  3. Validate your configuration with


  • Security Headers that are defined in the .htaccess or in some other server configuration will not be overwritten.
  • If EXT:staticfilecache is used, you have to extend the validHtaccessHeaders extension setting.
  • Security Headers for the TYPO3 Backend can be defined in AdditionalConfiguration.php with the BE setting "HTTP".

Nonce support

This extension includes a TypoScript helper function for generating CSP nonces.
All the nonces generated by the function during the request will automatically be added to the Content-Security-Policy header at the end of the request.
Basic usage:

<style nonce="{f:cObject(typoscriptObjectPath: 'lib.cspNonce', data: {length: '32', policy: 'style'})}">

The policy argument defines the policy the nonce should be added to (style for style-src, script for script-src, ...).
The length argument defines the length of the nonce in bytes.


LIMESODA Website Security