SecureHeaders - A PHP library aiming to make the use of browser security features more accessible.

  •        5

A PHP class aiming to make the use of browser security features more accessible. For full documentation, please see the Wiki.

https://github.com/aidantwoods/SecureHeaders

Tags
Implementation
License
Platform

   




Related Projects

secureheaders - Manages application of security headers with many safe defaults

  •    Ruby

master represents the unreleased 4.x line. See the upgrading to 4.x doc for instructions on how to upgrade. Bug fixes should go in the 3.x branch for now.The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

secure_headers - Manages application of security headers with many safe defaults

  •    Ruby

master represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

csp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)

  •    PHP

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

airship - Secure Content Management for the Modern Web - "The sky is only the beginning"

  •    PHP

The sky is only the beginning. CMS Airship is a secure-by-default content management system, blog engine, and application development framework written for PHP 7.2 and above.


cookie - Cookie authentication plugin

  •    Javascript

Cookie authentication provides simple cookie-based session management. The user has to be authenticated via other means, typically a web form, and upon successful authentication the browser receives a reply with a session cookie. The cookie uses Iron to encrypt and sign the session content. Subsequent requests containing the session cookie are authenticated and validated via the provided validateFunc in case the cookie's encrypted content requires validation on each request.

laravel-cookie-consent - Make your Laravel app comply with the crazy EU cookie law

  •    PHP

All sites owned by EU citizens or targeted towards EU citizens must comply with a crazy EU law. This law requires a dialog to be displayed to inform the users of your websites how cookies are being used. You can read more info on the legislation on the site of the European Commission. This package provides an easily configurable view to display the message. Also included is JavaScript code to set a cookie when a user agrees with the cookie policy. The package will not display the dialog when that cookie has been set.

Opera

  •    Freeware

Opera is fast secure and easy to use. It could be used in PC, Mobile and devices. The browser is free but the SDK and its addons are <A HREF="http://dev.opera.com/" target="_blank">open source BSD license.</A>

Themis - Crypto library for storage and messaging for ObjC, Android, C++, JS, Python, Ruby and PHP

  •    C

Themis is open-source high-level cryptographic services library for mobile and server platforms, providing secure messaging and secure data storage. Themis provides three important cryptographic services Secure messaging, Secure session and Secure storage.

SecureCookieHttpModule

  •    ASPNET

Secure your session cookie (and other session-based) cookies for replay attacks using this easy to use ASP.NET HttpModule.

rikitiki

  •    C++

Build C++ web server modules that allow easy routing and deployment.

Peergos - A decentralised, secure file storage and social network

  •    Java

Peergos is a peer-to-peer encrypted filesystem with secure sharing of files designed to be resistant to surveillance of data content or friendship graphs. It will have a secure email replacement, with some interoperability with email. There will also be a totally private and secure social network, where users are in control of who sees what (executed cryptographically). The name Peergos comes from the Greek word Πύργος (Pyrgos), which means stronghold or tower, but phonetically spelt with the nice connection to being peer-to-peer. Pronuniation: peer-goss (as in gossip).

quick-secure - Quickly secure UNIX/Linux systems

  •    Shell

Quick NIX Secure Script is used to harden and secure basic permissions and ownership on the fly. This script can be used during boot up, cron, bootstrapping, kickstart, jumpstart and during other system deployments. I recommend using CM tools like Puppet or Ansible, but this is still nice. Many times in (prod)uction world prior admins harden without automation or towards an industry baseline. This is to help get to a point of standardization and quickly set or reset basic system security.

session - Simple session middleware for koa

  •    Javascript

Simple session middleware for Koa. Defaults to cookie-based sessions and supports external stores. The cookie name is controlled by the key option, which defaults to "koa:sess". All other options are passed to ctx.cookies.get() and ctx.cookies.set() allowing you to control security, domain, path, and signing among other settings.

cookie-banner - JavaScript based cookie-info banner for complying with EU cookie law

  •    Javascript

Cookie Banner is a super-easy way to ensure you're complying with the EU cookie law. Just reference the cookiebanner.min.js script from your page and you're done. Cookie Banner script is very lightweight and depends on no JavaScript libraries, css files or images.

cookie-parser - Parse HTTP request cookies

  •    Javascript

Parse Cookie header and populate req.cookies with an object keyed by the cookie names. Optionally you may enable signed cookie support by passing a secret string, which assigns req.secret so it may be used by other middleware. Parse a cookie value as a JSON cookie. This will return the parsed JSON value if it was a JSON cookie, otherwise it will return the passed value.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.

securecookie - Package gorilla/securecookie encodes and decodes authenticated and optionally encrypted cookie values for Go web applications

  •    SuperCollider

securecookie encodes and decodes authenticated and optionally encrypted cookie values.Secure cookies can't be forged, because their values are validated using HMAC. When encrypted, the content is also inaccessible to malicious eyes. It is still recommended that sensitive data not be stored in cookies, and that HTTPS be used to prevent cookie replay attacks.

tough-cookie - RFC6265 Cookies and CookieJar for Node.js

  •    Javascript

``` javascriptvar tough = require('tough-cookie'); // note: not 'cookie', 'cookies' or 'node-cookie'var Cookie = tough.Cookie;var cookie = Cookie.parse(header);cookie.value = 'somethingdifferent';header = cookie.toString();var cookiejar = new tough.CookieJar();cookiejar.setCookie(cookie, 'http://currentdomain.example.com/path', cb);// ...cookiejar.getCookies('http://example.com/otherpath',function(err,cookies) { res.headers['cookie'] = cookies.join('; ');});```

secure - HTTP middleware for Go that facilitates some quick security wins.

  •    Go

Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many frameworks or directly with Go's net/http package.Be sure to include the Secure middleware as close to the top (beginning) as possible (but after logging and recovery). It's best to do the allowed hosts and SSL check before anything else.