Adds configurable security headers to HTTP responses via middleware.
Inspired by Guttmann/silverstripe-security-headers.
SilverStripe module for easily adding a selection of useful HTTP headers.
Additionally provides a report of Content Security Policy violations.
Comes with a default set of headers configured, but can be used to add any headers you wish (as well as overriding or removing the default headers).
For SilverStripe 3, see the appropriate branch
Install via composer:
composer require signify-nz/silverstripe-security-headers
For information on how to setup and use this module, please refer to the documentation.
If you would like to contribute either via code fixes, enhancements, or localisations, please see the contributing guidelines.
For development you will need Node.js and yarn installed.
Next, you need to install the required npm packages.
You can compile assets using
Produce minified (production) files using
yarn lint-js yarn lint-sass
You can also lint both in a single command: