Supported Frameworks

Framework Agnostic

Return Dictionary of Headers:
secure_headers.headers()

Example:

secure_headers.headers(csp=True, feature=True)

Return Value:

{'Strict-Transport-Security': 'max-age=63072000; includeSubdomains', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '1; mode=block', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "script-src 'self'; object-src 'self'", 'Referrer-Policy': 'no-referrer, strict-origin-when-cross-origin', 'Cache-control': 'no-cache, no-store, must-revalidate', 'Pragma': 'no-cache', 'Feature-Policy': "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none';fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none';payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none';"}

aiohttp

Headers

secure_headers.aiohttp(resp)

Example:

from aiohttp import web
from aiohttp.web import middleware
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

@middleware
async def set_secure_headers(request, handler):
    resp = await handler(request)
    secure_headers.aiohttp(resp)
    return resp

. . .

app = web.Application(middlewares=[set_secure_headers])

. . .

Cookies

Cookies

secure_cookie.aiohttp(resp, name="spam", value="eggs")

Example:

from aiohttp import web
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

@routes.get("/secure")
async def set_secure_cookie(request):
    resp = web.Response(text="Secure")
    secure_cookie.aiohttp(resp, name="spam", value="eggs")
    return resp

. . .

Bottle

Headers

secure_headers.bottle(response)

Example:

from bottle import route, run, response, hook
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

@hook("after_request")
def set_secure_headers():
    secure_headers.bottle(response)

. . .

Cookies

secure_cookie.bottle(response, name="spam", value="eggs")

Example:

from bottle import route, run, response, hook
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

@route("/secure")
def set_secure_cookie():
    secure_cookie.bottle(response, name="spam", value="eggs")
    return "Secure"

. . .

CherryPy

Headers

"tools.response_headers.headers": secure_headers.cherrypy()

Example:

CherryPy Application Configuration:

import cherrypy
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

config = {
    "/": {
        "tools.response_headers.on": True,
        "tools.response_headers.headers": secure_headers.cherrypy(),
    }
}

. . .

Cookies

response_headers = cherrypy.response.headers
secure_cookie.cherrypy(response_headers, name="spam", value="eggs")

Example:

import cherrypy
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

class SetSecureCookie(object):
    @cherrypy.expose
    def set_secure_cookie(self):
        response_headers = cherrypy.response.headers
        secure_cookie.cherrypy(response_headers, name="spam", value="eggs")
        return "Secure"

. . .

Django

Headers

secure_headers.django(response)

Example:

Django Middleware Documentation:

# securemiddleware.py
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

def set_secure_headers(get_response):
    def middleware(request):
        response = get_response(request)
        secure_headers.django(response)
        return response

    return middleware

. . .
# settings.py

...

MIDDLEWARE = [
    'app.securemiddleware.set_secure_headers'
]

...

Cookies

secure_cookie.django(response, name="spam", value="eggs")

Example:

from django.http import HttpResponse
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

def set_secure_cookie(request):
    response = HttpResponse("Secure")
    secure_cookie.django(response, name="spam", value="eggs")
    return response

. . .

Falcon

Headers

secure_headers.falcon(resp)

Example:

import falcon
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

class SetSecureHeaders(object):
    def process_request(self, req, resp):
        secure_headers.falcon(resp)

. . .

app = api = falcon.API(middleware=[SetSecureHeaders()])

. . .

Cookies

secure_cookie.falcon(resp, name="spam", value="eggs")

Example:

import falcon
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

class SetSecureCookie(object):
    def on_get(self, req, resp):
        resp.body = "Secure"
        secure_cookie.falcon(resp, name="spam", value="eggs")

. . .

Flask

Headers

secure_headers.flask(response)

Example:

from flask import Flask, Response
from secure import SecureHeaders

secure_headers = SecureHeaders()

app = Flask(__name__)

. . .

@app.after_request
def set_secure_headers(response):
    secure_headers.flask(response)
    return response

. . .

Cookies

secure_cookie.flask(resp, name="spam", value="eggs")

Example:

from flask import Flask, Response
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

@app.route("/secure")
def set_secure_cookie():
    resp = Response("Secure")
    secure_cookie.flask(resp, name="spam", value="eggs")
    return resp

. . .

hug

Headers

secure_headers.hug(response)

Example:

import hug
from secure import SecureHeaders

secure_headers = SecureHeaders()

 . . .

@hug.response_middleware()
def set_secure_headers(request, response, resource):
    secure_headers.hug(response)

 . . .

Cookies

secure_cookie.hug(response, name="spam", value="eggs")

Example:

import hug
from secure import SecureCookie

secure_cookie = SecureCookie()

 . . .

@hug.get("/secure")
def set_secure_cookie(response):
  secure_cookie.hug(response, name="spam", value="eggs")
  return "Secure"

 . . .

Masonite

Headers

secure_headers.masonite(self.request)

Example:

Masonite Middleware:

# SecureMiddleware.py

from masonite.request import Request

from secure import SecureHeaders

secure_headers = SecureHeaders()

class SecureMiddleware:
    def __init__(self, request: Request):

        self.request = request

    def before(self):
        secure_headers.masonite(self.request)

 . . .
 # middleware.py

 ...

HTTP_MIDDLEWARE = [
    SecureMiddleware,
]

 ...

Cookies

secure_headers.masonite(self.request)

Example:

 . . .

def show(self, view: View, request: Request, response: Response):
    secure_cookie.masonite(request, name="spam", value="eggs")
    return response.view('Secure')

 . . .

Pyramid

Headers

Pyramid Tween:

def set_secure_headers(handler, registry):
    def tween(request):
        response = handler(request)
        secure_headers.pyramid(response)
        return response

    return tween

Example:

from pyramid.config import Configurator
from pyramid.response import Response
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

def set_secure_headers(handler, registry):
    def tween(request):
        response = handler(request)
        secure_headers.pyramid(response)
        return response

    return tween

. . .

config.add_tween(".set_secure_headers")

. . .

Cookies

response = Response("Secure")
secure_cookie.pyramid(response, name="spam", value="eggs")

Example:

from pyramid.config import Configurator
from pyramid.response import Response
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

def set_secure_cookie(request):
    response = Response("Secure")
    secure_cookie.pyramid(response, name="spam", value="eggs")
    return response

. . .

Quart

Headers

secure_headers.quart(response)

Example:

from quart import Quart, Response
from secure import SecureHeaders

secure_headers = SecureHeaders()

app = Quart(__name__)

. . .

@app.after_request
async def set_secure_headers(response):
    secure_headers.quart(response)
    return response

. . .

Cookies

secure_cookie.quart(resp, name="spam", value="eggs")

Example:

from quart import Quart, Response
from secure import SecureCookie

secure_cookie = SecureCookie()

app = Quart(__name__)

. . .

@app.route("/secure")
async def set_secure_cookie():
    resp = Response("Secure")
    secure_cookie.quart(resp, name="spam", value="eggs")
    return resp

. . .

Responder

Headers

secure_headers.responder(resp)

Example:

import responder
from secure import SecureHeaders

secure_headers = SecureHeaders()

api = responder.API()

. . .

@api.route(before_request=True)
def set_secure_headers(req, resp):
    secure_headers.responder(resp)

. . .

You should use Responder’s built in HSTS and pass the hsts=False option.

Cookies

secure_cookie.responder(resp, name="spam", value="eggs")

Example:

import responder
from secure import SecureCookie

secure_cookie = SecureCookie()

api = responder.API()

. . .

@api.route("/secure")
async def set_secure_cookie(req, resp):
    resp.text = "Secure"
    secure_cookie.responder(resp, name="spam", value="eggs")

. . .

Sanic

Headers

secure_headers.sanic(response)

Example:

from sanic import Sanic
from secure import SecureHeaders

secure_headers = SecureHeaders()

app = Sanic()

. . .

@app.middleware("response")
async def set_secure_headers(request, response):
    secure_headers.sanic(response)

. . .

Cookies

secure_cookie.sanic(response, name="spam", value="eggs")

Example:

from sanic import Sanic
from sanic.response import text
from secure import SecureCookie

secure_cookie = SecureCookie()

app = Sanic()

. . .

@app.route("/secure")
async def set_secure_cookie(request):
    response = text("Secure")
    secure_cookie.sanic(response, name="spam", value="eggs")
    return response

. . .

To set Cross Origin Resource Sharing (CORS) headers, please see sanic-cors .

Starlette

Headers

secure_headers.starlette(response)

Example:

from starlette.applications import Starlette
import uvicorn
from secure import SecureHeaders

secure_headers = SecureHeaders()

app = Starlette()

. . .

@app.middleware("http")
async def set_secure_headers(request, call_next):
    response = await call_next(request)
    secure_headers.starlette(response)
    return response

. . .

Cookies

secure_cookie.starlette(response, name="spam", value="eggs")

Example:

from starlette.applications import Starlette
from starlette.responses import PlainTextResponse
import uvicorn
from secure import SecureHeaders, SecureCookie

secure_cookie = SecureCookie()

app = Starlette()

. . .

@app.route("/secure")
async def set_secure_cookie(request):
    response = PlainTextResponse("Secure")
    secure_cookie.starlette(response, name="spam", value="eggs")
    return response

. . .

Tornado

Headers

secure_headers.tornado(self)

Example:

import tornado.ioloop
import tornado.web
from secure import SecureHeaders

secure_headers = SecureHeaders()

. . .

class BaseHandler(tornado.web.RequestHandler):
    def set_default_headers(self):
        secure_headers.tornado(self)

. . .

Cookies

secure_cookie.tornado(self, name="spam", value="eggs")

Example:

import tornado.ioloop
import tornado.web
from secure import SecureCookie

secure_cookie = SecureCookie()

. . .

class SetSecureCookie(BaseHandler):
    def get(self):
        secure_cookie.tornado(self, name="spam", value="eggs")
        self.write("Secure")

. . .