Document and Notice
March 17, 2026 ยท View on GitHub
Overall
- Each header in config file has a reference link in phpdoc, reading it will help you knowing what the header doing.
- If you want to disable a string type header, just set the value to
nullor empty string''.
Clear Site Data
- Clear Site Data only supports
httpsprotocol, it will not work inhttpprotocol.
HTTP Strict Transport Security
- After setting
hstsheader, you can visit https://hstspreload.org and submit request to add your domain topreload list.
Content Security Policy
You can find real world website examples in tests.
After setup csp, you should use CSP Evaluator to check up your setting.
-
If you want to allow specific protocol in directive:
'img-src' => [ 'schemes' => [ 'data:', 'https:', ], ], -
If you want to use
noncein blade template:using inject
@inject('headers', 'Bepsvpt\SecureHeaders\SecureHeaders') <style nonce="{{ $headers->nonce('style') }}"> // your css </style>or calling directly
<script nonce="{{ Bepsvpt\SecureHeaders\SecureHeaders::nonce('script') }}"> // your js </script>or using helper function
<script nonce="{{ csp_nonce('script') }}"> // your js </script>
Testing
If you want to run testing, make sure you have the corresponding package version and minimum php version.
| Laravel | Testbench | PHPUnit | Minimum PHP Version |
|---|---|---|---|
| 5.1 | 3.1 | 5.7 | 7.0 |
| 5.2 | 3.2 | 5.7 | 7.0 |
| 5.3 | 3.3 | 5.7 | 7.0 |
| 5.4 | 3.4 | 6.5 | 7.0 |
| 5.5 | 3.5 | 6.5 | 7.0 |
| 5.6 | 3.6 | 7.5 | 7.1.3 |
| 5.7 | 3.7 | 7.5 | 7.1.3 |
| 5.8 | 3.8 | 7.5 | 7.1.3 |
| 6.x | 4.x | 8.5 | 7.2.0 |
| 7.x | 5.x | 8.5 | 7.2.5 |
| 8.x | 6.x | 9.5 | 7.3 |
| 9.x | 7.x | 9.5 | 8.0 |
| 10.x | 8.x | 9.5 | 8.1 |
| 11.x | 9.x | 10.5 | 8.2 |
| 12.x | 10.x | 11.5 | 8.2 |
| 13.x | 11.x | 11.5 | 8.3 |