Skip to content

OWASP/www-project-secure-headers

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

652 Commits

.github

.github

 
 

.vscode

.vscode

 
 

assets

assets

 
 

ci

ci

 
 

logo

logo

 
 

.gitignore

.gitignore

 
 

Gemfile

Gemfile

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

_config.yml

_config.yml

 
 

index.md

index.md

 
 

info.md

info.md

 
 

leaders.md

leaders.md

 
 

markdown-link-check_config.json

markdown-link-check_config.json

 
 

monitoring_technical_references_dashboard.md

monitoring_technical_references_dashboard.md

 
 

project.code-workspace

project.code-workspace

 
 

tab_bestpractices.md

tab_bestpractices.md

 
 

tab_browsersupport.md

tab_browsersupport.md

 
 

tab_casestudies.md

tab_casestudies.md

 
 

tab_codesnippets.md

tab_codesnippets.md

 
 

tab_headers.md

tab_headers.md

 
 

tab_misc.md

tab_misc.md

 
 

tab_technical.md

tab_technical.md

 
 

tab_top.md

tab_top.md

 
 

Repository files navigation

OWASP Secure Headers Project

OWASP Lab External Links Validity Check Update headers reference JSON files Update monitoring technical references dashboard Perform_monitoring_oshp_site_references

🎯 The OWASP Secure Headers Project (also named OSHP) describes HTTP response headers that your application can use to increase the security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The OWASP Secure Headers Project intends to raise awareness and use of these headers.

Introduction

📚 HTTP headers are well known and also despised. Seeking a balance between usability and security, developers implement functionality through the headers that can make applications more versatile or secure. But in practice how are the headers being implemented? What sites follow the best implementation practices? Big companies, small, all or none?

Description

📚 We aim to publish reports on header usage stats, developments and changes, code libraries that make these headers easily accessible to developers on a range of platforms, and data sets concerning the general usage of these headers.

🌐 The OWASP Secure Headers Project was migrated to a new OWASP website.

📁 You can still access the old website here.

Logo

🎨 The project official logo is stored into the folder logo as well as into the OWASP Swag GitHub repository.

Issue and discussions

💬 Both are handled with this dedicated project:

Content editor

👩‍💻 Content editing is done with Visual Studio Code.

A workspace file is provided with recommended extensions.

Automatically generated content

🏭 The folder ci (CI for Continuous Integration) contains materials to generate the following content.

📝 Generate the both JSON files containing the header recommended to add and remove:

📝 Generate the markdown file with the update health state of all GitHub repositories mentioned in the tab named Technical:

Social media communication

📩 This template is used to announce news on social media about OSHP update:

📡 OWASP Secure Headers Project: [MESSAGE].

#appsec #appsecurity #http

[PRINT_SCREEN_IN_PNG_FORMAT_WHEN_APPLICABLE]

📖 [LINK_TO_OSHP_SECTION]

💡 Source used:

[LINK_TO_SOURCE_USED]

Contributors

💌 Contributors to OSHP, before the migration of the project to GitHub:

💌 Visit this page for updated information about the contributors since the migration of the project to GitHub.

Licensing

📑 This project content is free to use. It is licensed under the Apache 2.0 License.

About

The OWASP Secure Headers Project

owasp.org/www-project-secure-headers/

Topics

http owasp secure headers

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

123 stars

Watchers

17 watching

Forks

35 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 15

Languages