Welcome to Django Security Headers’s documentation!

Introduction

Security Headers is a simple app for Django 1.11-LTS and 2.2-LTS that adds some configurable security headers to all Django responses. It was originally inspired by Scott Helme’s securityheaders.com and works in parallel with the excellent Django-CSP package by Mozilla. It is self-tested using the Http Observatory (also by Mozilla).

For Django 1.11, it relies on the django-cookies-samesite package to add the samesite flag to session and csrf cookies. The goal of this package is to provide a basic framework for achieving an A+ grade from the Observatory.