Skip to main content

Module headers

actix_security::http::security

Module headers

Expand description

Security headers middleware for HTTP security.

§Spring Security Equivalent

HttpSecurity.headers() configuration

§Overview

Adds security-related HTTP headers to responses:

X-Content-Type-Options: nosniff - Prevents MIME-sniffing
X-Frame-Options: DENY - Prevents clickjacking
X-XSS-Protection: 0 - Disables XSS Auditor (deprecated but safe)
Strict-Transport-Security - Forces HTTPS (HSTS)
Content-Security-Policy - Controls resource loading
Referrer-Policy - Controls referrer information
Permissions-Policy - Controls browser features

§Usage

use actix_web::{App, HttpServer};
use actix_security_core::http::security::headers::SecurityHeaders;

HttpServer::new(|| {
    App::new()
        .wrap(SecurityHeaders::default())
        // ... routes
})

Structs§

SecurityHeaders: Security headers configuration.
SecurityHeadersMiddleware: Security headers middleware service.

Enums§

FrameOptions: Frame options for X-Frame-Options header.
ReferrerPolicy: Referrer policy options.