{"id":15911247,"url":"https://github.com/laactech/django-security-headers-example","last_synced_at":"2025-10-12T02:32:23.773Z","repository":{"id":41927297,"uuid":"214033077","full_name":"laactech/django-security-headers-example","owner":"laactech","description":"Example project to show the implementation of various security headers in Django.","archived":false,"fork":false,"pushed_at":"2023-04-21T20:39:04.000Z","size":24,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-12T02:32:22.952Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/laactech.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-09T22:03:40.000Z","updated_at":"2019-10-09T22:11:54.000Z","dependencies_parsed_at":"2024-10-28T13:17:08.994Z","dependency_job_id":"b74c0373-484d-465f-af29-8455b0929fba","html_url":"https://github.com/laactech/django-security-headers-example","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/laactech/django-security-headers-example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laactech%2Fdjango-security-headers-example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laactech%2Fdjango-security-headers-example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laactech%2Fdjango-security-headers-example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laactech%2Fdjango-security-headers-example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/laactech","download_url":"https://codeload.github.com/laactech/django-security-headers-example/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laactech%2Fdjango-security-headers-example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279009961,"owners_count":26084670,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-06T15:40:46.338Z","updated_at":"2025-10-12T02:32:23.728Z","avatar_url":"https://github.com/laactech.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Django Security Headers Example\n\nExample project to show the implementation of various security headers in Django.\n\n**Requirements**: Python 3.7+\n\n## Quick Start\n\n1. Clone the repository\n2. Create a new virtual environment: `python3 -m venv venv`\n3. Activate your new virtual environment\n4. Install the dependencies: `pip install -r requirements.txt`\n5. Run the development server: `./manage.py runserver`\n6. Make an HTTP request to `localhost:8000` to view the headers `curl -I localhost:8000`\n\n## Overview\n\nInside the `config/settings`, you'll see a `base.py` and a `prod.py`. The `base.py` is\nintended as local development settings, and the `prod.py` is intended as the production\nsettings.\n\nIn `base.py` starting on line 115, you will find the start of the security header\nconfiguration as well as links to the proper documentation.\n\n`prod.py` sets the security headers that depend on an HTTPS connection such as\n`Strict-Transport-Security`. Developing using `localhost` does not come with a valid TLS\ncertificate for an HTTPS connection. Keeping all settings that depend on an HTTPS connection\nin `prod.py` allows us to develop locally and still deploy with the correct settings for\nan HTTPS connection in production.\n\n\n## Python Packages\n\nDjango has built in support for a lot of the security headers. Additionally,\n[Django 3.0](https://docs.djangoproject.com/en/dev/releases/3.0/#security) adds support for\n`Referrer-Policy`. However, sending all of the headers requires a few additional packages\nand a custom middleware.\n\n* [django-csp](https://github.com/mozilla/django-csp) provides the `Content-Security-Policy`\n* [django-feature-policy](https://github.com/adamchainz/django-feature-policy) provides the\n`Feature-Policy`\n* The custom middleware in `django_security_headers_example/core/middleware.py` provides\n`Expect-CT` and `Referrer-Policy` for Django versions before 3.0","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaactech%2Fdjango-security-headers-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaactech%2Fdjango-security-headers-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaactech%2Fdjango-security-headers-example/lists"}