HTTP Security Headers

DjangoAPI Guard provides comprehensive HTTP security header management following OWASP best practices.

---

Quick Start

GUARD_SECURITY_CONFIG = SecurityConfig(
    security_headers={
        "enabled": True  # Uses secure defaults
    }
)

This automatically adds: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy, and additional cross-origin policies.

---

Content Security Policy (CSP)

GUARD_SECURITY_CONFIG = SecurityConfig(
    security_headers={
        "csp": {
            "default-src": ["'self'"],
            "script-src": ["'self'", "https://cdn.jsdelivr.net"],
            "style-src": ["'self'", "'unsafe-inline'"],
        }
    }
)

---

HTTP Strict Transport Security (HSTS)

GUARD_SECURITY_CONFIG = SecurityConfig(
    security_headers={
        "hsts": {
            "max_age": 31536000,
            "include_subdomains": True,
            "preload": False
        }
    }
)

---

Tools and Resources

• Security Headers Scanner
• CSP Evaluator
• Mozilla Observatory
• OWASP Secure Headers Project

---

Next Steps

• API Reference - Detailed API documentation
• Configuration - Complete configuration options