HTTP Strict Transport Security IIS Module

  •        0

A module for IIS which enables HTTP Strict Transport Security compliant with the HSTS Draft Specification (RFC 6797).



Related Projects

IIS 6 Security Analyzer

IIS 6 Security Analyzer is an ASP.NET 2.0 web site that can be used to check the security of a IIS 6 server. This tool checks only the services related to IIS.


Github mirror of MediaWiki extension HSTS - our actual code is hosted with Gerrit (please see for contributing

IisShield - Application Layer Firewall

IisShield is an IIS ISAPI Filter preventing any known and unknown attacks from disrupting IIS. The preventive approach of IisShield is an added value preventing IIS from even trying to interpret requests trying to break-in. With a detailed logging engine, IisShield helps IIS a...

secureheaders - Manages application of security headers with many safe defaults

master represents the unreleased 4.x line. See the upgrading to 4.x doc for instructions on how to upgrade. Bug fixes should go in the 3.x branch for now.The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

Git-Web-Access - Smart-HTTP Git server on IIS—mirror of

Smart-HTTP Git server on IIS—mirror of


Quick and dirty script/website to view web security options the top 1000 websites opt-in to (e.g. HTTP headers, HSTS, etc.)

breadwallet - breadwallet - bitcoin wallet

mode, breadwallet connects directly to the bitcoin network with the fastperformance you need on a mobile device.**the next step in wallet security:**breadwallet is designed to protect you from malware, browser security holes,*even physical theft*. With AES hardware encryption, app sandboxing, keychainand code signatures, breadwallet represents a significant security advance overweb and desktop wallets, and other mobile platforms.**beautiful simplicity:**Simplicity is breadwallet's core design pr

IIS.Administration - REST API for managing IIS

There is a blog post to get up and running on Nano Server located at

IIS Secure Parameter Filter (SPF)

SPF is an application security module Microsoft IIS web servers. SPF provides instant out-of-the-box protection against Parameter Tampering, Cross-Site Scripting (XSS), URL Manipulation, Cross-Site Request Forgery (CSRF), and Session Hijacking/Replay attacks.

solr-scale-tk - Fabric-based framework for deploying and managing SolrCloud clusters in the cloud.

Setup========Make sure you're running Python 2.7 and have installed Fabric and boto dependencies. On the Mac, you can do:```sudo easy_install fabricsudo easy_install boto```For more information about fabric, see: the pysolr project from github and set it up as well:```git clone pysolrsudo python install```Note, you do not need to know any Python in order to use this framework.Local Setup========The framewor

does_hsts - Example Go program to determine whether sites support HSTS.

Example Go program to determine whether sites support HSTS.


Google Chrome HSTS Editor (Don't use this; just navigate to chrome://net-internals/#hsts instead)

Microsoft Web Protection Library

The Microsoft Web Protection Library offers AntiXSS, an encoding library, to protect your current applications from cross-site scripting attacks and the Security Runtime Engine to help protect your legacy applications.

security-cam - Unmaintained / SUPERSEDED BY:

Unmaintained / SUPERSEDED BY:

spring-rest-security - See Wiki:

See Wiki:

MSRC-Security-Research - Security Research from the Microsoft Security Response Center (MSRC)

This project hosts security research from the Microsoft Security Response Center (MSRC).At this time, this project does not accept external contributions, but we hope to do so in the future. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit

opsec_wikimo - OpSec pages on

OpSec pages on

Opa - Elegant language for Web

Opa is a concise and elegant language for writing scalable and distributed web applications. Opa pushes boundaries of the state of the art in web security by making its application immune to XSS attacks, SQL injections and more. Opa is designed to get you to your finished app faster, concentrating only on the interesting parts, without the hassle of writing the glue or of using a programming language against its original design.

DemoBundle - DemoBundle represent a front end web site on eZ Publish 5, for newer examples for eZ Platform see ezplatform-demo

Submitting bugs, improvements and stories is possible on If you discover a security issue, please see how to responsibly report such issues on