SilverStripe module for easily adding a selection of useful HTTP headers.
Comes with a default set of headers configured, but can be used to add any headers you wish.
Install via composer:
composer require guttmann/silverstripe-security-headers 1.0.*
SecurityHeaderControllerExtension to the controller of your choice.
For example, add this to your
Page_Controller: extensions: - Guttmann\SilverStripe\SecurityHeaderControllerExtension
Configure header values to suit your site, it's important your config is loaded
after the security-headers module's config.
For example, your
mysite/_config/config.yml file might look like this:
--- Name: mysite After: - 'framework/*' - 'cms/*' - 'security-headers/*' --- Guttmann\SilverStripe\SecurityHeaderControllerExtension: headers: Content-Security-Policy: "default-src 'self' *.google-analytics.com;" Strict-Transport-Security: "max-age=2592000"
I am not a security expert - the default header values used in this module are
based on advice I have received from a number of sources.
They are not set in stone and if you see any issues please send me a pull request.
Module rating system helping users find modules that are well supported. For more on how the rating system works visit Module standards
Score not correct? Let us know there is a problem