{"id":13508136,"url":"https://github.com/techgaun/plug_secex","last_synced_at":"2025-06-13T07:33:02.313Z","repository":{"id":56461499,"uuid":"59397385","full_name":"techgaun/plug_secex","owner":"techgaun","description":"Plug that adds various HTTP Headers to make Phoenix/Elixir app more secure","archived":false,"fork":false,"pushed_at":"2020-11-06T01:44:29.000Z","size":33,"stargazers_count":29,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-05-31T20:16:05.520Z","etag":null,"topics":["elixir","hex","hex-downloads","http-headers","phoenix","plug","plug-secex","security"],"latest_commit_sha":null,"homepage":"","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/techgaun.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-05-22T05:55:03.000Z","updated_at":"2024-04-12T14:40:10.000Z","dependencies_parsed_at":"2022-08-15T19:10:42.677Z","dependency_job_id":null,"html_url":"https://github.com/techgaun/plug_secex","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/techgaun/plug_secex","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fplug_secex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fplug_secex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fplug_secex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fplug_secex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/techgaun","download_url":"https://codeload.github.com/techgaun/plug_secex/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techgaun%2Fplug_secex/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259602297,"owners_count":22882958,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["elixir","hex","hex-downloads","http-headers","phoenix","plug","plug-secex","security"],"created_at":"2024-08-01T02:00:48.742Z","updated_at":"2025-06-13T07:33:02.273Z","avatar_url":"https://github.com/techgaun.png","language":"Elixir","readme":"# PlugSecex [![Hex version](https://img.shields.io/hexpm/v/plug_secex.svg \"Hex version\")](https://hex.pm/packages/plug_secex) ![Hex downloads](https://img.shields.io/hexpm/dt/plug_secex.svg \"Hex downloads\") [![Build Status](https://semaphoreci.com/api/v1/techgaun/plug_secex/branches/master/badge.svg)](https://semaphoreci.com/techgaun/plug_secex) [![Coverage Status](https://coveralls.io/repos/github/techgaun/plug_secex/badge.svg?branch=master)](https://coveralls.io/github/techgaun/plug_secex?branch=master)\n\n\u003e Plug that adds various HTTP Headers to make Phoenix/Elixir app more secure\n\n## Installation\n\nThe package can be installed from hex as:\n\nAdd plug_secex to your list of dependencies in `mix.exs`:\n\n```elixir\ndef deps do\n  [{:plug_secex, \"~\u003e 0.1.3\"}]\nend\n```\n\nOr you can directly install it from github:\n\n```elixir\ndef deps do\n  [{:plug_secex, github: \"techgaun/plug_secex\"}]\nend\n```\n\n## Example\n\nIf you are using phoenix, you can put the plug in `web/router.ex`.\n\n```elixir\npipeline :browser do\n  plug PlugSecex\nend\n```\n\nYou can also specify to override or disable particular set of headers.\n\n```elixir\npipeline :browser do\n  plug PlugSecex,\n    overrides: [\n      \"x-dns-prefetch-control\": \"on\",\n      \"x-frame-options\": \"DENY\",\n      \"custom-header\": \"value\"\n    ],\n    except: [\n      \"x-powered-by\"\n    ]\nend\n```\n\nIf you need to determine one of these at run time - for instance, in order to\nuse a content security policy that allows resources from a location\nconfigured in environment variables - you can pass a \"module, function,\narguments\" tuple; calling that function with those arguments must return a\nlist as shown in the previous example.\n\n```elixir\npipeline :browser do\n  plug PlugSecex,\n    overrides: {MyModule, :overrides, [arg1, arg2]},\n    except: {MyModule, :exceptions, [arg3]}\nend\n```\n\nThe supported headers and their values by default are:\n\n```\n\"x-content-type-options\": \"nosniff\",\n\"x-dns-prefetch-control\": \"off\",\n\"strict-transport-security\": \"max-age=31536000\",\n\"x-xss-protection\": \"1; mode=block\",\n\"x-frame-options\": \"SAMEORIGIN\",\n\"content-security-policy\": \"default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'\",\n\"cross-origin-window-policy\": \"deny\",\n\"x-download-options\": \"noopen\",\n\"x-permitted-cross-domain-policies\": \"none\"\n```\n\nThe headers that are removed by default are:\n\n```\n\"x-powered-by\",\n\"server\"\n```\n","funding_links":[],"categories":["Framework Components","Uncategorized"],"sub_categories":["Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechgaun%2Fplug_secex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechgaun%2Fplug_secex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechgaun%2Fplug_secex/lists"}