26 repository-uri
Configuration guides for security-focused response headers.
Distinguishing note: Focuses on browser-enforced security via HTTP headers.
Explore 26 awesome GitHub repositories matching security & cryptography · HTTP Security Headers. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Configures security-focused response headers to enforce protective browser policies.
This project is a lightweight Node.js web server and command-line tool designed for hosting static assets and delivering local files over HTTP. It functions as a static site host that provides a minimal environment for serving HTML, CSS, and JavaScript files to web browsers. The server includes built-in support for TLS encryption to enable secure HTTPS access and allows for the configuration of cross-origin resource sharing headers. It also features basic authentication to restrict folder access via username and password verification. The system manages content delivery through browser cache
Injects standard HTTP caching headers into responses based on user-defined expiration settings.
This project is a comprehensive library of reusable configuration patterns for the Apache web server. It provides a collection of server-side directives designed to manage security, performance, and request routing through decentralized configuration files. The repository serves as a reference for implementing server-level settings without requiring global restarts. It includes specialized patterns for enforcing secure connections, managing cross-origin resource sharing, and protecting sensitive system files from public exposure. Users can leverage these snippets to implement clickjacking pro
Serves as a reference for implementing security headers to mitigate common web vulnerabilities.
Helmet is an Express.js middleware library that sets a comprehensive collection of HTTP security headers to protect web applications from common vulnerabilities like cross-site scripting and clickjacking. At its core, it provides a configurable middleware system for injecting security headers into HTTP responses, with a primary focus on Content Security Policy configuration through custom directives and report-only testing modes. The library distinguishes itself through a flexible configuration surface that supports method chaining for composing multiple headers in a single expression, as wel
Sets a comprehensive set of HTTP response headers to harden web application security.
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Implements security-focused HTTP response headers and tightens TLS settings to reduce the attack surface.
This repository contains the HTML specification, which defines the core standards for web page structuring, content organization, and document rendering. It establishes the fundamental algorithms for state-machine-based tokenization, tree construction for the document object model, and origin-based security isolation. The specification provides a framework for defining custom elements with independent lifecycles and registries. It also details the requirements for cross-document communication, session history management, and the synchronization of interface properties with content attributes.
Uses HTTP response headers to enforce cross-origin policies and embedding restrictions.
Eve is a REST API framework that maps database collections to web resources through declarative configuration files. It functions as a database-to-API mapper, automatically exposing data as RESTful endpoints with built-in support for CRUD operations and schema-based request validation. The project distinguishes itself through a HATEOAS API engine that generates hypermedia links and resource schemas for dynamic client discovery. It also includes an automated Swagger documentation generator that produces interactive specifications for client SDK generation and testing. The framework provides a
Sets global and resource-specific HTTP cache control headers and expiration times to manage response revalidation.
cloudscraper is a Python library designed to bypass Cloudflare anti-bot protections by resolving JavaScript challenges and mimicking browser fingerprints. It functions as a specialized tool for accessing websites that employ automated security systems to block scripts and headless browsers. The project differentiates itself through the use of interchangeable JavaScript runtimes, such as Node.js or V8, to execute challenge code and obtain security clearance tokens. It employs a fingerprint rotation engine and HTTP request emulation to rotate browser headers and device identifiers, mimicking hu
Manipulates HTTP Host headers to control how the client identifies itself during network handshakes.
FileBrowser is an open-source, self-hosted file management interface that runs as a single binary with no external dependencies. It provides a web-based interface for browsing, uploading, editing, and sharing files on a remote server, with a core architecture built on JWT-based stateless authentication and a rule-based path permission engine that controls access at the directory level. The project distinguishes itself through a comprehensive access control system that supports multi-provider authentication including OIDC, LDAP, external JWT, and two-factor authentication, alongside granular p
Read the JWT token from a configurable HTTP header instead of a query parameter for more secure authentication.
Dragonfly is a peer-to-peer file distribution system designed to accelerate large-scale file and container image delivery across clusters. It splits files into small pieces that peers exchange independently, enabling parallel downloads from multiple sources while a central scheduler assigns parent peers based on real-time load metrics. The system integrates with existing tools through an HTTP proxy interface and uses gRPC for internal communication between peers and the scheduler. The system distinguishes itself through automatic integrity verification at the piece level, ensuring every downl
Accepts standard HTTP header fields to pass authentication credentials when fetching files from the source.
Tinyproxy este un daemon proxy HTTP și HTTPS ușor, conceput pentru sistemele de operare POSIX. Funcționează ca un proxy de rețea la nivel de sistem care gestionează traficul web cu un consum minim de resurse. Proiectul suportă moduri de rutare multiple, inclusiv reverse proxying pentru a redirecționa cererile către serverele backend și transparent proxying pentru a intercepta traficul de rețea fără configurare pe partea clientului. Include, de asemenea, un filtru de headere pentru a modifica sau bloca headere HTTP specifice pentru confidențialitate și securitate. Software-ul încorporează controlul accesului la rețea bazat pe subrețelele clientului și filtrarea protocolului. Pentru securitatea sistemului, implementează renunțarea la privilegii pentru a rula ca un utilizator fără privilegii după legarea la porturi. Capabilitățile suplimentare includ buffering-ul răspunsurilor pentru a gestiona disparitățile de viteză dintre servere și clienți, precum și o interfață la distanță pentru monitorizarea statisticilor proxy-ului.
Provides capabilities to add, remove, or modify HTTP request and response headers for privacy and security.
TypeSpec is a language for defining cloud API shapes and generating OpenAPI, JSON Schema, and client/server code from a single source of truth. It functions as a protocol-agnostic API designer that models REST, gRPC, and other API protocols using a unified, extensible syntax, with a decorator-based metadata system for attaching metadata, validation rules, and lifecycle visibility to API models and operations. The compiler produces OpenAPI 3.0 specifications and other artifacts, and the tool supports declaring API versions and tracking changes to models, properties, and operations across releas
Provides a decorator-based system for configuring HTTP header parameter options in API definitions.
SpringSide 4 is an enterprise Java reference architecture and utility library built on the Spring Framework. It provides a pragmatic, best-practice application stack for building RESTful web services, web applications, and data access layers, along with a curated collection of high-performance utility classes for common operations like text, date, collection, reflection, concurrency, and I/O handling. The project distinguishes itself by combining a complete reference application scaffold with production-oriented infrastructure. It includes a JPA-based data access layer that automatically tran
Provides a utility for attaching authentication tokens to HTTP requests via a fluent client.
PartyKit is a serverless WebSocket backend platform for building real-time multiplayer applications. It provides a globally distributed edge computing runtime that runs stateful server code close to users, with automatic scaling and hibernation for idle rooms. The platform handles WebSocket connections, HTTP requests, and durable storage without requiring infrastructure management, and includes a client and server SDK with hooks, storage, and Yjs integration for building collaborative features. The platform distinguishes itself through per-room isolation using Durable Objects, where each uniq
Verifies user identity on incoming HTTP requests by checking a session token in an Authorization header.
django-cors-headers este un middleware pentru Django care gestionează headerele Cross-Origin Resource Sharing pentru a controla ce domenii externe pot accesa resursele serverului. Servește ca o componentă de securitate pentru impunerea politicilor de control al accesului prin validarea originii și gestionarea headerelor. Proiectul oferă capabilități pentru whitelisting-ul originilor folosind nume de host sau expresii regulate și suportă specificația Local Network Access pentru a permite cereri din rețele private. Permite control granular prin restricții bazate pe cale și validarea dinamică a originii condusă de un sistem de semnale. Software-ul acoperă domenii mai largi de securitate și performanță, inclusiv gestionarea credențialelor, filtrarea cererilor și controlul expunerii headerelor de răspuns. De asemenea, gestionează coordonarea cache-ului prin adăugarea originii la header-ul vary pentru a preveni coliziunile de conținut între diferite cereri cross-origin.
Prevents cache collisions between different cross-origin requests by adding the Origin header to the Vary response.
Medium Unlimited este o extensie de browser și un deblocator de conținut web conceput pentru a elimina restricțiile de membru și limitele de abonament de pe platformele de publicare. Funcționează ca un deblocator de articole bazat pe browser care permite citirea conținutului premium pe diverse domenii. Instrumentul utilizează integrarea cu motoarele de căutare pentru a identifica versiuni arhivate sau oglindite ale articolelor și pentru a automatiza redirecționările către link-uri cu text complet. Combină aceste redirecționări cu capacitatea de a localiza conținutul editorilor externi atunci când articolele originale sunt blocate. Proiectul obține accesul la conținut prin manipularea Document Object Model (DOM) pentru a ascunde overlay-urile de membru și modificarea header-ului cererii pentru a imita crawlerele motoarelor de căutare. Utilizează potrivirea bazată pe tipare a domeniilor și URL-urilor pentru a declanșa aceste fluxuri de lucru de bypass pe site-urile suportate.
Modifies HTTP request headers to mimic search engine crawlers and bypass server-side restrictions.
Acest proiect este un exportator de bibliotecă digitală și un generator de conținut EPUB conceput special pentru a descărca și converti cărți de pe platforma O'Reilly Learning în fișiere de publicație electronică pentru citire offline și stocare permanentă. Funcționează ca un scraper de conținut web care preia text și media restricționate pentru a facilita arhivarea bibliotecii digitale. Instrumentul gestionează autentificarea sesiunii folosind credențiale sau cookie-uri pentru a menține accesul continuu la conținut. Acesta preia cărțile prin identificatori unici și transformă materialul sursă în fișiere EPUB standardizate, incluzând optimizări de layout pentru a asigura compatibilitatea tabelelor și elementelor pe diverse dispozitive de e-reading.
Attaches authentication tokens to outgoing HTTP headers to ensure requests are authorized by the target platform.
Yii is a full-stack PHP web framework and component-based system designed for building dynamic websites and RESTful services. It operates as an MVC application framework that separates business logic from the user interface and includes a built-in object-relational mapper for interacting with databases. The project provides a comprehensive command line toolset for project bootstrapping, automated code generation, and the execution of background tasks. It utilizes a component-based architecture and a service locator to manage dependency injection and object lifecycles. The framework covers a
Manages browser caching behavior via standard HTTP headers to reduce redundant server rendering.
This is a JSON Web Token authentication package for the Django REST Framework that manages stateless user identities. It serves as an authentication provider and token manager used to issue and validate signed tokens to maintain user sessions across multiple requests. The project implements a dual-token lifecycle, issuing short-lived access tokens and long-lived refresh tokens to balance security with session persistence. It features token rotation to prevent replay attacks and a blacklisting system to invalidate compromised credentials. Additionally, it supports sliding-window expiration to
Configures the HTTP headers used to transmit authentication tokens in API requests.
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
Allows for the removal of specific headers and modification of Referrer and Content Security Policies.