OWASP Secure Headers Project

Revision as of 15:51, 18 April 2014 by Samantha Groves (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

OWASP Project Header.jpg

OWASP Secure Headers Project

OWASP Secure Headers Project invovles setting headers from the server is easy and often doesn't require any code changes. Once set, they can restrict modern browsers from running into easily preventable vulnerabilities. Secure Headers intends to raise awareness and use of these headers.


Write a short introduction


We aim to publish reports on header usage stats, developments and changes. Code libraries that make these headers easily accessible to developers on a range of platforms. Data sets concerning the general usage of these headers.


OWASP Secure Headers is free to use. It is licensed under the Apache 2.0 license.

What is the OWASP Secure Headers Project?

OWASP Secure Headers provides:

  • xxx
  • xxx


Link to presentation

Project Leader

Josh Matz

Related Projects

Quick Download

  • Link to page/download

Email List

Project Email List

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1

In Print

This project can be purchased as a print on demand book from Lulu.com


New projects.png Owasp-builders-small.png
Project Type Files CODE.jpg



Secure Headers is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • Jim Manico
  • xxx


  • xxx
  • xxx

As of April 2014, the priorities are:

Secure Headers intends to raise awareness and usage of headers sent by the server that can increase security. We'll aim to bring this about by:

1. Producing open source, easily implemented, well documented code libraries that enable these headers for a variety of platforms. We'll prioritize creating and publicizing Node.JS, PHP, Ruby, and Java, but will eventually reach out towards edge cases like Go, Python and others. The key is to make this accessible as possible to developers.

2. Creating a tool that allows the public to scan websites and view stats regarding these headers. The tool will feature: automated scanning of the top 1m sites on the web; filtering of said sites to view stats across industries and countries; published database dumps for public consumption/tools; scanning of individual sites; comparing multiple scanned sites.

3. Consistent reports regarding this secure headers, their usage, any changes to existing headers.

Involvement in the development and promotion of Secure Headers is actively encouraged! You do not have to be a security expert in order to contribute.

Some of the ways you can help:

  • xxx
  • xxx