This document is for CakePHP's development version, which can be significantly different
from previous releases.
You may want to read
current stable release documentation instead.
Security Header Middleware¶
The SecurityHeaderMiddleware layer allows you to apply security related
headers to your application. Once setup the middleware can apply the following
headers to responses:
X-Content-Type-OptionsX-Download-OptionsX-Frame-OptionsReferrer-PolicyPermissions-Policy
This middleware is configured using a fluent interface before it is applied to your application’s middleware stack:
use Cake\Http\Middleware\SecurityHeadersMiddleware;
$securityHeaders = new SecurityHeadersMiddleware();
$securityHeaders
->setReferrerPolicy()
->setXFrameOptions()
->noOpen()
->noSniff();
$middlewareQueue->add($securityHeaders);
Here’s a list of common HTTP headers, and the Mozilla recommended settings for securing web applications.