Home

Awesome

rack-secure_headers Build Status

Security related HTTP headers for Rack applications.

Description

Implements OWASP's List of useful HTTP headers.

Installation

Add this line to your application's Gemfile:

gem "rack-secure_headers"

And then execute:

$ bundle

Or install it yourself as:

$ gem install rack-secure_headers

Usage

# config.ru
require "rack/secure_headers"

use(Rack::SecureHeaders, options)

Options

This is a list of the supported options included by default. To disable any default, pass nil (e.g. option: nil).

OptionHeaderDefault
:hstsStrict-Transport-Security{ max_age: "31536000", include_subdomains: true }
:x_content_type_optionsX-Content-Type-Options"nosniff"
:x_frame_optionsX-Frame-Options"SAMEORIGIN"
:x_permited_cross_domainX-Permitted-Cross-Domain-Policies"none"
:x_xss_protectionX-XSS-Protection"1; mode=block"

Headers

This is a list of the supported HTTP headers:

Use https://securityheaders.io to asses the security related HTTP headers used by your site.

TODO

Contributing

Fork the project with:

$ git clone git@github.com:frodsan/rack-secure_headers.git

To install dependencies, use:

$ bundle install

To run the test suite, do:

$ rake test

For bug reports and pull requests use GitHub.

License

This gem is released under the MIT License.