Adds configurable security headers to HTTP responses via middleware.

Installs: 6 513

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 12

Forks: 2

Open Issues: 0


2.1.4 2023-07-11 04:43 UTC


Build Status Scrutinizer Code Quality

SilverStripe security headers

Inspired by Guttmann/silverstripe-security-headers.

SilverStripe module for easily adding a selection of useful HTTP headers.

Additionally provides a report of Content Security Policy violations.

Comes with a default set of headers configured, but can be used to add any headers you wish (as well as overriding or removing the default headers).


For SilverStripe 3, see the appropriate branch

Install via composer:

composer require signify-nz/silverstripe-security-headers


For information on how to setup and use this module, please refer to the documentation.


If you would like to contribute either via code fixes, enhancements, or localisations, please see the contributing guidelines.

CSS/JS Development


For development you will need Node.js and yarn installed.

Next, you need to install the required npm packages.

yarn install

Compiling assets

You can compile assets using yarn watch.

Produce minified (production) files using yarn package.


Check over your JavaScript and SASS source code individually:

yarn lint-js
yarn lint-sass

You can also lint both in a single command:

yarn lint