#header #http-header #http #security #owasp #response-headers #best-practices

owasp-headers

best-practice OWASP HTTP response headers ( https://owasp.org/www-project-secure-headers/ ) for Rust

3 releases

0.1.2 Nov 26, 2021
0.1.1 Nov 25, 2021
0.1.0 Nov 25, 2021

#1092 in HTTP server

MIT license

10KB
106 lines

owasp-headers-rs Status Gitlab pipeline status Crates.io docs.rs

best-practice OWASP HTTP response headers ( https://owasp.org/www-project-secure-headers/ ) for Rust

headers

HTTP-Strict-Transport-Security = "max-age=31536000 ; includeSubDomains"
X-Frame-Options = "deny"
X-Content-Type-Options = "nosniff"
Content-Security-Policy = "default-src 'self'; object-src 'none'; child-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content"
X-Permitted-Cross-Domain-Policies = "none"
Referrer-Policy = "no-referrer"
Clear-Site-Data = "\"cache\",\"cookies\",\"storage\""
Cross-Origin-Embedder-Policy = "require-corp"
Cross-Origin-Opener-Policy = "same-origin"
Cross-Origin-Resource-Policy = "same-origin"
Permissions-Policy = "accelerometer=(),autoplay=(),camera=(),display-capture=(),document-domain=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=()"
Cache-Control = "no-store, max-age=0"
Pragma = "no-cache"

see also

Dependencies

~590KB