Weave Code
Laravel Csp Laravel Package
spatie/laravel-csp
Easily add Content Security Policy (CSP) headers to your Laravel app. Define and enforce CSP directives, report violations, and tighten what scripts, styles, and other resources can load or connect to—helping mitigate XSS and malicious third‑party code.
Product Decisions This Supports
- Security posture enhancement: Mitigates XSS attacks by enforcing strict resource loading policies, protecting user data from malicious scripts without requiring deep security expertise
- Compliance acceleration: Meets PCI-DSS, GDPR, and SOC 2 requirements for data protection by preventing unauthorized data exfiltration through third-party scripts
- Third-party integration simplification: Pre-built presets for services like Stripe, Google Analytics, and Cloudflare eliminate manual CSP rule creation (e.g., 15+ services covered out-of-the-box)
- Build vs. Buy: Avoids 2-3 weeks of custom middleware development; leverages a mature, battle-tested solution (849+ stars, active maintenance) instead of reinventing the wheel
- Roadmap efficiency: Enables immediate security implementation with zero runtime performance impact, freeing engineering capacity for core features
When to Consider This Package
- Adopt when:
- Building a Laravel application with third-party
Weaver
How can I help you explore Laravel packages today?