title |
displaytext |
layout |
tab |
order |
tags |
technical |
Technical Resources |
|
true |
4 |
headers |
📚 This section provides a list of tools as well as documents to understand, analyze, develop and administer HTTP secure headers to help achieving more secure and trustworthy web systems.
Tool |
Description |
Ref |
hsecscan |
A security scanner for HTTP response headers. |
👩💻 |
humble |
A humble, and fast, security-oriented HTTP headers analyzer. |
👩💻 |
SecurityHeaders.com |
There are services out there that will analyze the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analysis provides huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web. |
🌎 |
Mozilla Observatory |
A Mozilla project designed to help developers, system administrators, and security professionals configure their sites safely and securely. |
🌎 / 👩💻 / 👩💻 |
testssl.sh |
Easy to use shell script which tests not only SSL/TLS encryption but also checks common headers and analyzes those. Output is screen, JSON, CSV and HTML. |
👩💻 |
DrHEADer |
DrHEADer helps with the audit of security headers received in response to a single request or a list of requests. |
👩💻 |
csp-evaluator |
NPM module allowing developers and security experts to check if a Content Security Policy serves as a strong mitigation against XSS attacks. |
👩💻 |
Library |
Description |
Ref |
Spring Security |
Spring Security's support for adding various security headers to the response. |
🌎 |
Library |
Description |
Ref |
NWebsec |
NWebsec consists of several security libraries for ASP.NET applications. |
🌎 |
NetEscapades.AspNetCore.SecurityHeaders |
Small package to allow adding security headers to ASP.NET Core websites. |
👩💻 |
OwaspHeaders.Core |
.NET Core middleware for injecting the OWASP recommended HTTP Headers for increased security |
👩💻 |
Library |
Description |
Ref |
secure_headers |
Security related headers all in one gem. |
👩💻 |
Library |
Description |
Ref |
SecureHeaders |
A PHP class aiming to make the use of browser security features more accessible. |
👩💻 |
secure-headers |
PHP Secure Headers for Laravel and non-Laravel projects. |
👩💻 |
Library |
Description |
Ref |
helmet |
Module to help secure Express apps with various HTTP headers. |
👩💻 |
ember-cli-content-security-policy |
This addon makes it easy to use Content Security Policy (CSP) in your project. It can be deployed either via a Content-Security-Policy header sent from the Ember CLI Express server, or as a meta tag in the index.html file. |
👩💻 |
blankie |
A CSP plugin for hapi. |
👩💻 |
Library |
Description |
Ref |
django-csp and django-security |
Content Security Policy for Django. A collection of models, views, middlewares, and forms to help secure a Django project. |
👩💻 / 👩💻 |
Secweb |
Secweb is a pack of security middlewares for fastApi and starlette server it includes CSP, HSTS, and many more. |
👩💻 |
Library |
Description |
Ref |
secure |
HTTP middleware for Go that facilitates some quick security wins. |
👩💻 |
Library |
Description |
Ref |
owasp-headers |
Best-practice OWASP HTTP response headers for Rust. |
🌎 |