Security Headers Manager

The Security Headers Manager provides comprehensive HTTP security header management following OWASP best practices.

---

Class Reference

from djangoapi_guard import SecurityHeadersManager
security_headers_manager = SecurityHeadersManager()

Methods: configure(), get_headers(), get_cors_headers(), validate_csp_report(), reset()

---

Default Headers

Header	Default Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-XSS-Protection	1; mode=block
Referrer-Policy	strict-origin-when-cross-origin
Permissions-Policy	geolocation=(), microphone=(), camera=()

---

Example Usage

# settings.py
GUARD_SECURITY_CONFIG = SecurityConfig(
    security_headers={
        "enabled": True,
        "hsts": {"max_age": 31536000, "include_subdomains": True},
        "frame_options": "DENY",
    }
)

---

See Also

• HTTP Security Headers Tutorial
• Security Configuration