tab_technical.md

title	displaytext	layout	tab	order	tags
technical	Technical Resources		true	4	headers

Technical Resources

📚 This section provides a list of tools as well as documents to understand, analyze, develop and administer HTTP secure headers to help achieving more secure and trustworthy web systems.

• 📺 Presentations
• 🏭 Analysis Tools
• 👩‍💻 Development Libraries
  • DotNet
  • Go
  • Java
  • NodeJS
  • PHP
  • Python
  • Ruby
  • Rust

Presentations

• Trap bad guys in your browser with HTTP security headers.
• How the Content-Security-Policy HTTP response header can save your romantic evening?

Analysis Tools

Tool	Description	Ref
hsecscan	A security scanner for HTTP response headers.	👩‍💻
humble	A humble, and fast, security-oriented HTTP headers analyzer.	👩‍💻
Mozilla Observatory	A Mozilla project designed to help developers, system administrators, and security professionals configure their sites safely and securely.	🌎 / 👩‍💻 / 👩‍💻
testssl.sh	Easy to use shell script which tests not only SSL/TLS encryption but also checks common headers and analyzes those. Output is screen, JSON, CSV and HTML.	👩‍💻
DrHEADer	DrHEADer helps with the audit of security headers received in response to a single request or a list of requests.	👩‍💻
csp-evaluator	NPM module allowing developers and security experts to check if a Content Security Policy serves as a strong mitigation against XSS attacks.	👩‍💻

Development Libraries

Java

Library	Description	Ref
Spring Security	Spring Security's support for adding various security headers to the response.	🌎

DotNet

Library	Description	Ref
NWebsec	NWebsec consists of several security libraries for ASP.NET applications.	🌎
NetEscapades.AspNetCore.SecurityHeaders	Small package to allow adding security headers to ASP.NET Core websites.	👩‍💻
OwaspHeaders.Core	.NET Core middleware for injecting the OWASP recommended HTTP Headers for increased security	👩‍💻

Ruby

Library	Description	Ref
secure_headers	Security related headers all in one gem.	👩‍💻

PHP

Library	Description	Ref
SecureHeaders	A PHP class aiming to make the use of browser security features more accessible.	👩‍💻
secure-headers	PHP Secure Headers for Laravel and non-Laravel projects.	👩‍💻

NodeJS

Library	Description	Ref
helmet	Module to help secure Express apps with various HTTP headers.	👩‍💻
ember-cli-content-security-policy	This addon makes it easy to use Content Security Policy (CSP) in your project. It can be deployed either via a Content-Security-Policy header sent from the Ember CLI Express server, or as a meta tag in the index.html file.	👩‍💻
blankie	A CSP plugin for hapi.	👩‍💻

Python

Library	Description	Ref
django-csp and django-security	Content Security Policy for Django. A collection of models, views, middlewares, and forms to help secure a Django project.	👩‍💻 / 👩‍💻
Secweb	Secweb is a pack of security middlewares for fastApi and starlette server it includes CSP, HSTS, and many more.	👩‍💻
secure	Lightweight library to add security headers to Django, Flask, FastAPI, and more.	👩‍💻

Go

Library	Description	Ref
secure	HTTP middleware for Go that facilitates some quick security wins.	👩‍💻

Rust

Library	Description	Ref
owasp-headers	Best-practice OWASP HTTP response headers for Rust.	🌎