|Last Updated|| ||Ratings|| ||Unique User Downloads|| ||Download Rankings|
|2018-06-03 (1 year ago) || 77%||Total: 660 This week: 1||All time: 4,793 This week: 370|
This class can generate CSP headers to prevent security attacks.
It can check the type of browser accessing the site and generate HTTP response headers according to configuration parameters that can help preventing security attacks like cross-site scripting.
Depending on the browser it can generate the headers Content-Security-Policy, Content-Security-Policy-Report-Only, X-Content-Security-Policy-Report-Only, X-Content-Security-Policy, X-WebKit-CSP-Report-Only, X-WebKit-CSP, X-Frame-Options, and X-XSS-Protection.
Prize: One book of choice by Packt
|Content Security Policy is a set of conventions that allows application Web servers tell browsers the sources of content that they should allow to load.
The idea is to avoid security attacks like cross-site scripting, caused by content loaded from foreign malicious sources.
This class makes it easier to implement a Content Security Policy for a site running PHP.
CSPGenerator is a singleton PHP Class to generate the Content Security Policy HTTP header,
and other security HTTP headers related to the Content Security Policy HTTP header supported by the user-agent.
The class will take care of sending the supported Content Security Policy HTTP header to the user-agent.
E.g. if the user-agent only supports the decreated X-Content-Security-Policy header because the visitor is using a old version of Firefox. The CSPGenerator class will make sure the only sends the X-Content-Security-Policy header with the supported Content Security Policy directives.
how to use the CSPGenerator?
Simply add the following line to the top of your file:
Then to generate the default restrictive Content Security Policy HTTP header
add the following line just before you sending any content to the client.
To learn more about how to add Content Security Policy directives to relax the default restrictive content security policy see the examples.
||Applications that use this package
No pages of applications that use this class were specified.
If you know an application of this package, send a message to the author to add a link here.