tab_technical.md

title	technical
displaytext	Technical Resources
layout
tab	true
order	4
tags	headers

Technical Resources

📚 This section provides a list of tools as well as documents to understand, analyze, develop and administer HTTP secure headers to help achieving more secure and trustworthy web systems.

• 📺 Presentations
• 🏭 Analysis Tools
• 👩‍💻 Development Libraries
  • DotNet
  • Go
  • Java
  • NodeJS
  • PHP
  • Python
  • Ruby
  • Swift
  • Rust

Presentations

• Trap bad guys in your browser with HTTP security headers.
• How the Content-Security-Policy HTTP response header can save your romantic evening?

Analysis Tools

Tool	Description	Ref
hsecscan	A security scanner for HTTP response headers.	👩‍💻
humble	A humble, and fast, security-oriented HTTP headers analyzer.	👩‍💻
testssl.sh	Easy to use shell script which tests not only SSL/TLS encryption but also checks common headers and analyzes those. Output is screen, JSON, CSV and HTML.	👩‍💻
DrHEADer	DrHEADer helps with the audit of security headers received in response to a single request or a list of requests.	👩‍💻
csp-evaluator	NPM module allowing developers and security experts to check if a Content Security Policy serves as a strong mitigation against XSS attacks.	👩‍💻
mdn-http-observatory	Service by Mozilla that checks web sites for security-relevant headers.	👩‍💻
shcheck	A basic tool to check security headers of a website.	👩‍💻

Development Libraries

Java

Library	Description	Ref
Spring Security	Spring Security's support for adding various security headers to the response.	🌎

DotNet

Library	Description	Ref
NetEscapades.AspNetCore.SecurityHeaders	Small package to allow adding security headers to ASP.NET Core websites.	👩‍💻
OwaspHeaders.Core	.NET Core middleware for injecting the OWASP recommended HTTP Headers for increased security	👩‍💻

Ruby

Library	Description	Ref
secure_headers	Security related headers all in one gem.	👩‍💻

PHP

Library	Description	Ref
secure-headers	PHP Secure Headers for Laravel and non-Laravel projects.	👩‍💻
laravel-csp	Package to set content security policy headers in a Laravel app.	👩‍💻
security-headers	Provides an implementation for configuring HTTP security headers in web applications developed in PHP (Spanish).	👩‍💻

NodeJS

Library	Description	Ref
helmet	Module to help secure Express apps with various HTTP headers.	👩‍💻
ember-cli-content-security-policy	This addon makes it easy to use Content Security Policy (CSP) in your project. It can be deployed either via a Content-Security-Policy header sent from the Ember CLI Express server, or as a meta tag in the index.html file.	👩‍💻
Next.js	Next.js's support for adding various security headers to the response.	🌎

Python

Library	Description	Ref
django-csp and django-security	Content Security Policy for Django. A collection of models, views, middlewares, and forms to help secure a Django project.	👩‍💻 / 👩‍💻
Secweb	Secweb is a pack of security middlewares for fastApi and starlette server it includes CSP, HSTS, and many more.	👩‍💻
secure	Lightweight library to add security headers to Django, Flask, FastAPI, and more.	👩‍💻

Go

Library	Description	Ref
secure	HTTP middleware for Go that facilitates some quick security wins.	👩‍💻

Swift

Library	Description	Ref
VaporSecurityHeaders	A Middleware library for adding security headers to your Vapor application.	👩‍💻

Rust

Library	Description	Ref
rust-helmet	HTTP security headers middleware for multiple Rust web frameworks.	👩‍💻