Crate armor

HTTP Security Headers.

Adapted from helmetjs.

Example

let mut headers = http::HeaderMap::new();
armor::armor(&mut headers);
assert_eq!(headers["X-Content-Type-Options"], "nosniff");
assert_eq!(headers["X-XSS-Protection"], "1; mode=block");

Modules

csp

Apply Content-Security-Policy headers.

Enums

FrameOptions

Set the frameguard level.

ReferrerOptions

Set the Referrer-Policy level

Functions

armor

Apply all protections.

dns_prefetch_control

Disable browsers’ DNS prefetching by setting the X-DNS-Prefetch-Control header.

dont_sniff_mimetype

Prevent browsers from trying to guess (“sniff”) the MIME type, which can have security implications.

frameguard

Mitigates clickjacking attacks by setting the X-Frame-Options header.

hide_powered_by

Removes the X-Powered-By header to make it slightly harder for attackers to see what potentially-vulnerable technology powers your site.

hsts

Sets the Strict-Transport-Security header to keep your users on HTTPS.

referrer_policy

Mitigates referrer leakage by controlling the referer[sic] header in links away from pages

xss_filter

Sets the X-XSS-Protection header to prevent reflected XSS attacks.