Adam Johnson

🐦 @AdamChainz

Django and Web Security Headers

Web browsers support several HTTP headers to opt in to extra security features. I’ll explain then and show you how to get an A+ rating for these with the free checker SecurityHeaders.com, using built-in features and a few third-party packages.

The web browser is an evolving environment, but with massive backwards compatibility. Because of this, a lot of its security features are opt-in and incremental through headers such as Content-Security-Policy and Feature-Policy. I’ll walk through and explain the main headers recommended by Scott Helme’s SecurityHeaders.com , and how you can get your site to an A+ score, with a mix of built-in features and third party packages for the more cutting edge headers. Also I’ll briefly show some free and paid tools that can aid with deployment.