π¦ This repository contains all the content of the OWASP Secure Headers Project (also named OSHP).
πΊοΈ The OSHP project is composed of the following projects:
- Main site: It is the core of the OSHP and provide the information about HTTP security headers.
- Called
mainsite. - Content is here.
- Called
- Validator: Venom tests suite to validate an HTTP security response headers configuration against OSHP recommendation.
- Called
validator. - Content is here.
- Called
- Statistics: Statistics about HTTP response security headers usage mentioned by the OSHP.
- Called
statistics. - Content is here.
- Called
- The base of the repository contains the main site.
- The other projects are stored in the folder subprojects: Each sub projects have it own folder.
- The project official logo is stored into the folder logo as well as into the OWASP Swag GitHub repository.
- The folder ci (CI for Continuous Integration) contains materials to generate or update content using GitHub actions workflows.
π The naming convention used is [project_call_name]_[action]_[target].yml where:
[project_call_name]is the project call name defined above.[action]can be(validate|monitor|generate).
π Health status:
| Status | File |
|---|---|
| π | |
| π | |
| π | |
| π | |
| π | |
| π | |
| π | |
| π | |
| π |
π¬ Both are handled using the following GitHub features:
π©βπ» Content editing is done with Visual Studio Code.
π¦ A workspace file is provided with recommended extensions.
π© This template is used to announce news on social media about OSHP update:
π‘ OWASP Secure Headers Project: [MESSAGE].
#appsec #appsecurity #owasp_shp
[PRINT_SCREEN_IN_PNG_FORMAT_WHEN_APPLICABLE]
π [LINK_TO_OSHP_SECTION]
π‘ Source used:
[LINK_TO_SOURCE_USED]
π§βπ» Ricardo Iramar
π§βπ» Dominique Righetto
π Contributors to OSHP, before the migration of the project to GitHub:
π Visit this page for updated information about the contributors since the migration of the project to GitHub.
π This project content is free to use. It is licensed under the Apache 2.0 License.
Caution
π The content is created by a human, and GenIA is used as an assistant.
π§βπ» We limit the usage of GenIA models to the following cases:
- Correcting spelling and grammar errors in English.
- Technical assistance with script development or proof-of-concepts (POCs).
- Brainstorming to generate ideas for the OSHP project.
- Searching for technical documentation.
- Validating our understanding of the technical aspects of a header.
β GenIA must never author or directly draft the technical description, security rationale, or recommended configuration text for a header that gets published on the site:
- A human must write and vouch for that content.
- GenIA may only help research or validate it.
- The claude code command
validate-md-contentwas created to help validating the content of a markdown file against predefined rules.- Usage from a claude session is
/validate-md-content [markdown-file-to-validate].
- Usage from a claude session is
