Modern security headers for Laravel — turn-key. Strict CSP with per-request nonces and 'strict-dynamic', Subresource Integrity with smart noise filtering, HSTS, Permissions-Policy. An interactive setup wizard asks which third parties you use (GTM, HubSpot, Stripe, reCAPTCHA, and a dozen more) and wires the right directives automatically. First-party violation reporting endpoints, Filament + Livewire + Vite friendly, Vapor-ready. Laravel 11, 12, 13 on PHP 8.2+.

Laravel middleware for comprehensive security headers including CSP with nonce support, HSTS, and Permissions-Policy

Client-side report handling for CSP and NEL for Laravel

Adds security related headers to HTTP response.

Adds security related headers to HTTP response.

Log browser errors to the server using W3C Reporting API

Add CSP headers to the responses of a Laravel app (Fork)

Add CSP headers to the responses of a Laravel app

Provides support for enforcing Content Security Policy with headers in Laravel 4 responses.