{"id":18894100,"url":"https://github.com/trailofbits/http-security","last_synced_at":"2025-05-06T20:03:02.709Z","repository":{"id":21636096,"uuid":"24956708","full_name":"trailofbits/http-security","owner":"trailofbits","description":"Parse HTTP Security Headers","archived":false,"fork":false,"pushed_at":"2024-09-12T16:44:58.000Z","size":187,"stargazers_count":38,"open_issues_count":4,"forks_count":12,"subscribers_count":42,"default_branch":"master","last_synced_at":"2025-04-14T18:21:33.617Z","etag":null,"topics":["http","http-security"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-10-08T19:22:42.000Z","updated_at":"2025-04-04T04:44:47.000Z","dependencies_parsed_at":"2024-09-13T03:44:28.440Z","dependency_job_id":"3496b344-3a8f-400d-9e66-8119b2e42b66","html_url":"https://github.com/trailofbits/http-security","commit_stats":{"total_commits":168,"total_committers":4,"mean_commits":42.0,"dds":"0.34523809523809523","last_synced_commit":"26c715bb6d0a4c7b2d3d1d174444843bef2c7f1f"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fhttp-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fhttp-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fhttp-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fhttp-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/http-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252761120,"owners_count":21800123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http","http-security"],"created_at":"2024-11-08T08:17:56.699Z","updated_at":"2025-05-06T20:03:02.615Z","avatar_url":"https://github.com/trailofbits.png","language":"Ruby","readme":"# HTTP Security\n\n* [Source](https://github.com/trailofbits/http-security)\n* [Issues](https://github.com/trailofbits/http-security/issues)\n* [Documentation](https://rubydoc.info/gems/http-security/frames)\n\n[![Code Climate](https://codeclimate.com/github/trailofbits/http-security.png)](https://codeclimate.com/github/trailofbits/http-security) [![Build Status](https://travis-ci.org/trailofbits/http-security.svg)](https://travis-ci.org/trailofbits/http-security) [![Test Coverage](https://codeclimate.com/github/trailofbits/http-security/badges/coverage.svg)](https://codeclimate.com/github/trailofbits/http-security)\n\nSecurity Headers is a parser for security-relevant HTTP headers. Each header\nvalue is parsed and validated according to the syntax specified in its relevant \nRFC.\n\nSecurity Headers relies on [parslet] for constructing its parsing grammar.\n\nCurrently parsed security headers are:\n\n* `Cache-Control`\n* `Content-Security-Policy`\n* `Content-Security-Policy-Report-Only`\n* `Expires`\n* `Pragma`\n* `Public-Key-Pins`\n* `Public-Key-Pins-Report-Only`\n* `Set-Cookie`\n* `Strict-Transport-Security`\n* `X-Content-Type-Options`\n* `X-Frame-Options`\n* `X-Permitted-Cross-Domain-Policies`\n* `X-XSS-Protection`\n\n## Example\n\n    require 'net/https'\n    response = Net::HTTP.get_response(URI('https://twitter.com/'))\n\n    require 'http/security'\n    headers = HTTP::Security::Response.parse(response)\n\n    headers.cache_control\n    # =\u003e #\u003cHTTP::Security::Headers::CacheControl:0x00000002f65778 @private=nil, @max_age=nil, @no_cache=true\u003e\n\n    headers.content_security_policy\n    # =\u003e #\u003cHTTP::Security::Headers::ContentSecurityPolicy:0x00000002d8e238 @default_src=\"https:\"@12, @script_src=\"'unsafe-inline' 'unsafe-eval' https:\"@172, @object_src=\"https:\"@153, @style_src=\"'unsafe-inline' https:\"@220, @img_src=\"https: blob: data:\"@98, @media_src=\"https: blob:\"@128, @frame_src=\"https: twitter:\"@73, @font_src=\"https: data:\"@49, @connect_src=\"https:\"@32, @report_uri=[#\u003cURI::HTTPS:0x00000002d94250 URL:https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D\u0026ro=false;\u003e], @sandbox=nil\u003e\n\n    headers.expires\n    # =\u003e #\u003cHTTP::Security::HTTPDate: Tue, 31 Mar 1981 00:00:00 GMT ((2444695j,0s,0n),+0s,2299161j)\u003e\n\n    headers.pragma\n    # =\u003e #\u003cHTTP::Security::Headers::Pragma:0x00000002ccc5e8 @no_cache=true\u003e\n\n    headers.strict_transport_security\n    # =\u003e #\u003cHTTP::Security::Headers::StrictTransportSecurity:0x00000002c928c0 @max_age=631138519, @include_sub_domains=nil\u003e\n\n    headers.x_content_type_options\n    # =\u003e #\u003cHTTP::Security::Headers::XContentTypeOptions:0x00000002a46e40 @no_sniff=true\u003e\n\n    headers.x_frame_options\n    # =\u003e #\u003cHTTP::Security::Headers::XFrameOptions:0x000000028163c8 @deny=nil, @same_origin=true, @allow_from=nil, @allow_all=nil\u003e\n\n    headers.x_permitted_cross_domain_policies\n    # =\u003e nil\n\n    headers.x_xss_protection\n    # =\u003e #\u003cHTTP::Security::Headers::XXSSProtection:0x0000000297a408 @enabled=true, @mode=\"block\"@8, @report=nil\u003e\n\n## Requirements\n\n* [ruby] \u003e= 1.9.1\n* [parslet] ~\u003e 1.5\n\n## Install\n\n    $ gem install http-security\n\n## Testing\n\nTo run the RSpec tests:\n\n    $ rake spec\n\nTo test the parser against the Alexa Top 100:\n\n    $ rake spec:gauntlet\n\n## License\n\nSee the {file:LICENSE.txt} file.\n\n[ruby]: https://www.ruby-lang.org/\n[parslet]: http://kschiess.github.io/parslet/\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fhttp-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fhttp-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fhttp-security/lists"}