Supported Frameworks

Framework Agnostic

Return Dictionary of Headers:
secure.Secure().headers()

Example:

csp = secure.ContentSecurityPolicy()
secure_headers = secure.Secure(csp=csp)
print(secure_headers.headers())

Printed Value:

{'Strict-Transport-Security': 'max-age=63072000; includeSubdomains', 'X-Frame-Options': 'SAMEORIGIN', 'X-XSS-Protection': '0', 'X-Content-Type-Options': 'nosniff', 'Content-Security-Policy': "script-src 'self'; object-src 'self'", 'Referrer-Policy': 'no-referrer, strict-origin-when-cross-origin', 'Cache-Control': 'no-store'}

aiohttp

secure_headers.framework.aiohttp(resp)

Example:

from aiohttp import web
from aiohttp.web import middleware
import secure

secure_headers = secure.Secure()

. . .

@middleware
async def set_secure_headers(request, handler):
    resp = await handler(request)
    secure_headers.framework.aiohttp(resp)
    return resp

. . .

app = web.Application(middlewares=[set_secure_headers])

. . .

Bottle

secure_headers.framework.bottle(response)

Example:

from bottle import route, run, response, hook
import secure

secure_headers = secure.Secure()

. . .

@hook("after_request")
def set_secure_headers():
    secure_headers.framework.bottle(response)

. . .

CherryPy

"tools.response_headers.headers": secure_headers.framework.cherrypy()

Example:

CherryPy Application Configuration:

import cherrypy
import secure

secure_headers = secure.Secure()

. . .

config = {
    "/": {
        "tools.response_headers.on": True,
        "tools.response_headers.headers": secure_headers.framework.cherrypy(),
    }
}

. . .

Django

secure_headers.framework.django(response)

Example:

Django Middleware Documentation:

# securemiddleware.py
import secure

secure_headers = secure.Secure()

. . .

def set_secure_headers(get_response):
    def middleware(request):
        response = get_response(request)
        secure_headers.framework.django(response)
        return response

    return middleware

. . .
# settings.py

...

MIDDLEWARE = [
    'app.securemiddleware.set_secure_headers'
]

...

FastAPI

secure_headers.framework.fastapi(resp)

Example:

from fastapi import FastAPI
import secure

secure_headers = secure.Secure()

. . .

@app.middleware("http")
async def set_secure_headers(request, call_next):
    response = await call_next(request)
    secure_headers.framework.fastapi(response)
    return response

. . .

Falcon

secure_headers.framework.falcon(resp)

Example:

import falcon
import secure

secure_headers = secure.Secure()

. . .

class SetSecureHeaders(object):
    def process_request(self, req, resp):
        secure_headers.framework.falcon(resp)

. . .

app = api = falcon.API(middleware=[SetSecureHeaders()])

. . .

Flask

secure_headers.framework.flask(response)

Example:

from flask import Flask, Response
import secure

secure_headers = secure.Secure()

app = Flask(__name__)

. . .

@app.after_request
def set_secure_headers(response):
    secure_headers.framework.flask(response)
    return response

. . .

hug

secure_headers.framework.hug(response)

Example:

import hug
import secure

secure_headers = secure.Secure()

 . . .

@hug.response_middleware()
def set_secure_headers(request, response, resource):
    secure_headers.framework.hug(response)

 . . .

Masonite

secure_headers.framework.masonite(self.request)

Example:

Masonite Middleware:

# SecureMiddleware.py

from masonite.request import Request

import secure

secure_headers = secure.Secure()

class SecureMiddleware:
    def __init__(self, request: Request):

        self.request = request

    def before(self):
        secure_headers.framework.masonite(self.request)

 . . .
 # middleware.py

 ...

HTTP_MIDDLEWARE = [
    SecureMiddleware,
]

 ...

Pyramid

Pyramid Tween:

def set_secure_headers(handler, registry):
    def tween(request):
        response = handler(request)
        secure_headers.framework.pyramid(response)
        return response

    return tween

Example:

from pyramid.config import Configurator
from pyramid.response import Response
import secure

secure_headers = secure.Secure()

. . .

def set_secure_headers(handler, registry):
    def tween(request):
        response = handler(request)
        secure_headers.framework.pyramid(response)
        return response

    return tween

. . .

config.add_tween(".set_secure_headers")

. . .

Quart

secure_headers.framework.quart(response)

Example:

from quart import Quart, Response
import secure

secure_headers = secure.Secure()

app = Quart(__name__)

. . .

@app.after_request
async def set_secure_headers(response):
    secure_headers.framework.quart(response)
    return response

. . .

Responder

secure_headers.framework.responder(resp)

Example:

import responder
import secure

secure_headers = secure.Secure()

api = responder.API()

. . .

@api.route(before_request=True)
def set_secure_headers(req, resp):
    secure_headers.framework.responder(resp)

. . .

You should use Responder’s built in HSTS and pass the hsts=False option.

Sanic

secure_headers.framework.sanic(response)

Example:

from sanic import Sanic
import secure

secure_headers = secure.Secure()

app = Sanic()

. . .

@app.middleware("response")
async def set_secure_headers(request, response):
    secure_headers.framework.sanic(response)

. . .

To set Cross Origin Resource Sharing (CORS) headers, please see sanic-cors .

Starlette

secure_headers.framework.starlette(response)

Example:

from starlette.applications import Starlette
import uvicorn
import secure

secure_headers = secure.Secure()

app = Starlette()

. . .

@app.middleware("http")
async def set_secure_headers(request, call_next):
    response = await call_next(request)
    secure_headers.framework.starlette(response)
    return response

. . .

Tornado

secure_headers.framework.tornado(self)

Example:

import tornado.ioloop
import tornado.web
import secure

secure_headers = secure.Secure()

. . .

class BaseHandler(tornado.web.RequestHandler):
    def set_default_headers(self):
        secure_headers.framework.tornado(self)

. . .