27 Repos
Configuration guides for security-focused response headers.
Distinguishing note: Focuses on browser-enforced security via HTTP headers.
Explore 27 awesome GitHub repositories matching security & cryptography · HTTP Security Headers. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Configures security-focused response headers to enforce protective browser policies.
This project is a lightweight Node.js web server and command-line tool designed for hosting static assets and delivering local files over HTTP. It functions as a static site host that provides a minimal environment for serving HTML, CSS, and JavaScript files to web browsers. The server includes built-in support for TLS encryption to enable secure HTTPS access and allows for the configuration of cross-origin resource sharing headers. It also features basic authentication to restrict folder access via username and password verification. The system manages content delivery through browser cache
Injects standard HTTP caching headers into responses based on user-defined expiration settings.
This project is a comprehensive library of reusable configuration patterns for the Apache web server. It provides a collection of server-side directives designed to manage security, performance, and request routing through decentralized configuration files. The repository serves as a reference for implementing server-level settings without requiring global restarts. It includes specialized patterns for enforcing secure connections, managing cross-origin resource sharing, and protecting sensitive system files from public exposure. Users can leverage these snippets to implement clickjacking pro
Serves as a reference for implementing security headers to mitigate common web vulnerabilities.
Helmet is an Express.js middleware library that sets a comprehensive collection of HTTP security headers to protect web applications from common vulnerabilities like cross-site scripting and clickjacking. At its core, it provides a configurable middleware system for injecting security headers into HTTP responses, with a primary focus on Content Security Policy configuration through custom directives and report-only testing modes. The library distinguishes itself through a flexible configuration surface that supports method chaining for composing multiple headers in a single expression, as wel
Sets a comprehensive set of HTTP response headers to harden web application security.
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Implements security-focused HTTP response headers and tightens TLS settings to reduce the attack surface.
This repository contains the HTML specification, which defines the core standards for web page structuring, content organization, and document rendering. It establishes the fundamental algorithms for state-machine-based tokenization, tree construction for the document object model, and origin-based security isolation. The specification provides a framework for defining custom elements with independent lifecycles and registries. It also details the requirements for cross-document communication, session history management, and the synchronization of interface properties with content attributes.
Uses HTTP response headers to enforce cross-origin policies and embedding restrictions.
Eve is a REST API framework that maps database collections to web resources through declarative configuration files. It functions as a database-to-API mapper, automatically exposing data as RESTful endpoints with built-in support for CRUD operations and schema-based request validation. The project distinguishes itself through a HATEOAS API engine that generates hypermedia links and resource schemas for dynamic client discovery. It also includes an automated Swagger documentation generator that produces interactive specifications for client SDK generation and testing. The framework provides a
Sets global and resource-specific HTTP cache control headers and expiration times to manage response revalidation.
cloudscraper is a Python library designed to bypass Cloudflare anti-bot protections by resolving JavaScript challenges and mimicking browser fingerprints. It functions as a specialized tool for accessing websites that employ automated security systems to block scripts and headless browsers. The project differentiates itself through the use of interchangeable JavaScript runtimes, such as Node.js or V8, to execute challenge code and obtain security clearance tokens. It employs a fingerprint rotation engine and HTTP request emulation to rotate browser headers and device identifiers, mimicking hu
Manipulates HTTP Host headers to control how the client identifies itself during network handshakes.
FileBrowser is an open-source, self-hosted file management interface that runs as a single binary with no external dependencies. It provides a web-based interface for browsing, uploading, editing, and sharing files on a remote server, with a core architecture built on JWT-based stateless authentication and a rule-based path permission engine that controls access at the directory level. The project distinguishes itself through a comprehensive access control system that supports multi-provider authentication including OIDC, LDAP, external JWT, and two-factor authentication, alongside granular p
Read the JWT token from a configurable HTTP header instead of a query parameter for more secure authentication.
Dragonfly is a peer-to-peer file distribution system designed to accelerate large-scale file and container image delivery across clusters. It splits files into small pieces that peers exchange independently, enabling parallel downloads from multiple sources while a central scheduler assigns parent peers based on real-time load metrics. The system integrates with existing tools through an HTTP proxy interface and uses gRPC for internal communication between peers and the scheduler. The system distinguishes itself through automatic integrity verification at the piece level, ensuring every downl
Accepts standard HTTP header fields to pass authentication credentials when fetching files from the source.
Tinyproxy ist ein leichtgewichtiger HTTP- und HTTPS-Proxy-Daemon für POSIX-Betriebssysteme. Er fungiert als systemweiter Netzwerk-Proxy, der Web-Traffic mit minimalem Ressourcen-Overhead verwaltet. Das Projekt unterstützt mehrere Routing-Modi, einschließlich Reverse-Proxying zur Weiterleitung von Anfragen an Backend-Server und transparentem Proxying zum Abfangen von Netzwerkverkehr ohne clientseitige Konfiguration. Es enthält zudem einen Header-Filter zum Modifizieren oder Blockieren spezifischer HTTP-Header für Datenschutz und Sicherheit. Die Software integriert Netzwerkkontrolle basierend auf Client-Subnetzen und Protokollfilterung. Für die Systemsicherheit implementiert sie Privilege-Dropping, um nach dem Binden an Ports als nicht-privilegierter Benutzer zu laufen. Zusätzliche Funktionen umfassen Response-Buffering zur Verwaltung von Geschwindigkeitsunterschieden zwischen Servern und Clients sowie ein Remote-Interface zur Überwachung von Proxy-Statistiken.
Provides capabilities to add, remove, or modify HTTP request and response headers for privacy and security.
TypeSpec is a language for defining cloud API shapes and generating OpenAPI, JSON Schema, and client/server code from a single source of truth. It functions as a protocol-agnostic API designer that models REST, gRPC, and other API protocols using a unified, extensible syntax, with a decorator-based metadata system for attaching metadata, validation rules, and lifecycle visibility to API models and operations. The compiler produces OpenAPI 3.0 specifications and other artifacts, and the tool supports declaring API versions and tracking changes to models, properties, and operations across releas
Provides a decorator-based system for configuring HTTP header parameter options in API definitions.
SpringSide 4 is an enterprise Java reference architecture and utility library built on the Spring Framework. It provides a pragmatic, best-practice application stack for building RESTful web services, web applications, and data access layers, along with a curated collection of high-performance utility classes for common operations like text, date, collection, reflection, concurrency, and I/O handling. The project distinguishes itself by combining a complete reference application scaffold with production-oriented infrastructure. It includes a JPA-based data access layer that automatically tran
Provides a utility for attaching authentication tokens to HTTP requests via a fluent client.
PartyKit is a serverless WebSocket backend platform for building real-time multiplayer applications. It provides a globally distributed edge computing runtime that runs stateful server code close to users, with automatic scaling and hibernation for idle rooms. The platform handles WebSocket connections, HTTP requests, and durable storage without requiring infrastructure management, and includes a client and server SDK with hooks, storage, and Yjs integration for building collaborative features. The platform distinguishes itself through per-room isolation using Durable Objects, where each uniq
Verifies user identity on incoming HTTP requests by checking a session token in an Authorization header.
django-cors-headers ist eine Middleware für Django, die Cross-Origin Resource Sharing-Header verwaltet, um zu steuern, welche externen Domains auf Serverressourcen zugreifen können. Sie dient als Sicherheitskomponente zur Durchsetzung von Zugriffskontrollrichtlinien durch Ursprungsvalidierung und Header-Management. Das Projekt bietet Funktionen für Origin-Whitelisting unter Verwendung von Hostnamen oder regulären Ausdrücken und unterstützt die Local Network Access-Spezifikation, um Anfragen aus privaten Netzwerken zuzulassen. Es ermöglicht eine granulare Steuerung über pfadbasierte Einschränkungen und eine dynamische Ursprungsvalidierung, die durch ein Signalsystem gesteuert wird. Die Software deckt breitere Sicherheits- und Leistungsbereiche ab, einschließlich Credential-Management, Request-Filtering und die Steuerung der Offenlegung von Antwort-Headern. Sie verwaltet zudem die Cache-Koordinierung, indem sie den Ursprung zum Vary-Header hinzufügt, um Inhaltskollisionen zwischen verschiedenen Cross-Origin-Anfragen zu verhindern.
Prevents cache collisions between different cross-origin requests by adding the Origin header to the Vary response.
Medium Unlimited ist eine Browser-Erweiterung und ein Web-Content-Unblocker, der darauf ausgelegt ist, Mitgliedschaftsbeschränkungen und Abonnementlimits von Publishing-Plattformen zu entfernen. Er fungiert als browserbasierter Artikel-Unlocker, der das Lesen von Premium-Inhalten über verschiedene Domains hinweg ermöglicht. Das Tool nutzt Suchmaschinen-Integration, um archivierte oder gespiegelte Versionen von Artikeln zu identifizieren und Weiterleitungen zu Volltext-Links zu automatisieren. Es kombiniert diese Weiterleitungen mit der Fähigkeit, externe Publisher-Inhalte zu finden, wenn Originalartikel gesperrt sind. Das Projekt erreicht den Inhaltszugriff durch Manipulation des Document Object Models, um Mitgliedschafts-Overlays auszublenden, und durch Modifikation von Request-Headern, um Suchmaschinen-Crawler zu imitieren. Es verwendet musterbasiertes Domain- und URL-Matching, um diese Bypass-Workflows auf unterstützten Websites auszulösen.
Modifies HTTP request headers to mimic search engine crawlers and bypass server-side restrictions.
This project is a digital library exporter and EPUB content generator specifically designed to download and convert books from the O'Reilly Learning platform into electronic publication files for offline reading and permanent storage. It functions as a web content scraper that retrieves restricted text and media to facilitate digital library archiving. The tool manages session authentication using credentials or cookies to maintain continuous access to content. It retrieves books via unique identifiers and transforms the source material into standardized EPUB files, including layout optimizat
Attaches authentication tokens to outgoing HTTP headers to ensure requests are authorized by the target platform.
Yii ist ein Full-Stack-PHP-Webframework und ein komponenten-basiertes System, das für den Aufbau dynamischer Websites und RESTful-Services entwickelt wurde. Es arbeitet als MVC-Anwendungsframework, das Geschäftslogik von der Benutzeroberfläche trennt, und enthält einen integrierten Object-Relational-Mapper (ORM) für die Interaktion mit Datenbanken. Das Projekt bietet ein umfassendes CLI-Toolset für Projekt-Bootstrapping, automatisierte Codegenerierung und die Ausführung von Hintergrundaufgaben. Es nutzt eine komponenten-basierte Architektur und einen Service-Locator, um Dependency Injection und Objektlebenszyklen zu verwalten. Das Framework deckt ein breites Spektrum an Funktionsbereichen ab, einschließlich Schema-Migration und Versionierung, rollenbasiertem Identitätsmanagement und Inhaltslokalisierung. Es bietet zudem eine Vielzahl von Caching-Strategien wie Fragment-, Query- und Full-Page-Caching mit abhängigkeitsbasierter Invalidierung. Zusätzliche System-Tools umfassen ein Software-Test-Framework, Event-Logging und Request-Rate-Limiting.
Manages browser caching behavior via standard HTTP headers to reduce redundant server rendering.
Dies ist ein JSON Web Token-Authentifizierungspaket für das Django REST Framework, das zustandslose Benutzeridentitäten verwaltet. Es dient als Authentifizierungsanbieter und Token-Manager, der signierte Tokens ausstellt und validiert, um Benutzersitzungen über mehrere Anfragen hinweg aufrechtzuerhalten. Das Projekt implementiert einen Dual-Token-Lebenszyklus, der kurzlebige Access-Tokens und langlebige Refresh-Tokens ausstellt, um Sicherheit und Sitzungspersistenz in Einklang zu bringen. Es bietet Token-Rotation zur Verhinderung von Replay-Angriffen und ein Blacklisting-System zur Invalidierung kompromittierter Anmeldedaten. Zudem unterstützt es Sliding-Window-Ablaufzeiten, um aktive Sitzungen automatisch zu verlängern, und erlaubt benutzerdefinierte Identitäts-Claims, um Benutzermetadaten direkt in Token-Payloads einzubetten. Das System bietet umfassende Funktionen für die Token-Signierung unter Verwendung symmetrischer und asymmetrischer Algorithmen sowie kryptografische Validierung zur Identitätsprüfung ohne Datenbankabfragen. Es enthält zudem eine Integration für OpenAPI-Sicherheitsschemata zur Dokumentation tokenbasierter Authentifizierungsanforderungen sowie Tools zur Datenbankbereinigung abgelaufener Tokens.
Configures the HTTP headers used to transmit authentication tokens in API requests.
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
Allows for the removal of specific headers and modification of Referrer and Content Security Policies.