Modern security headers for Laravel — turn-key. Strict CSP with per-request nonces and 'strict-dynamic', Subresource Integrity with smart noise filtering, HSTS, Permissions-Policy. An interactive setup wizard asks which third parties you use (GTM, HubSpot, Stripe, reCAPTCHA, and a dozen more) and wires the right directives automatically. First-party violation reporting endpoints, Filament + Livewire + Vite friendly, Vapor-ready. Laravel 11, 12, 13 on PHP 8.2+.