Crate http_security_headers

Crate http_security_headers 

Source
Expand description

§http-security-headers

Type-safe, framework-agnostic HTTP security headers with Tower middleware support.

§Features

  • Type-safe configuration: Compile-time guarantees for header values
  • Builder pattern: Ergonomic, fluent API
  • Preset configurations: Strict, Balanced, and Relaxed security levels
  • Tower middleware: Framework-agnostic (works with Axum, Actix, Tonic, etc.)
  • Zero dependencies: Core library has minimal dependencies (only thiserror)

§Quick Start

use http_security_headers::{SecurityHeaders, Preset};
use std::time::Duration;

// Use a preset configuration
let headers = Preset::Strict.build();

// Or build a custom configuration
let headers = SecurityHeaders::builder()
    .strict_transport_security(Duration::from_secs(31536000), true, false)
    .x_frame_options_deny()
    .referrer_policy_no_referrer()
    .build()
    .unwrap();

§Using with Axum

Enable the middleware feature in your Cargo.toml:

[dependencies]
http-security-headers = { version = "0.1", features = ["middleware"] }

Then use the middleware layer:

use axum::{Router, routing::get};
use http_security_headers::{Preset, SecurityHeadersLayer};
use std::sync::Arc;

let headers = Arc::new(Preset::Strict.build());

let app = Router::new()
    .route("/", get(|| async { "Hello, World!" }))
    .layer(SecurityHeadersLayer::new(headers));

§Security Headers Supported

  • Content-Security-Policy (CSP): Prevents XSS and code injection attacks
  • Strict-Transport-Security (HSTS): Forces HTTPS connections
  • X-Frame-Options: Prevents clickjacking attacks
  • X-Content-Type-Options: Prevents MIME type sniffing
  • Referrer-Policy: Controls referrer information
  • Cross-Origin-Opener-Policy (COOP): Isolates browsing contexts
  • Cross-Origin-Embedder-Policy (COEP): Controls cross-origin resource loading
  • Cross-Origin-Resource-Policy (CORP): Controls resource sharing

Re-exports§

pub use policy::ContentSecurityPolicy;
pub use policy::CrossOriginEmbedderPolicy;
pub use policy::CrossOriginOpenerPolicy;
pub use policy::CrossOriginResourcePolicy;
pub use policy::ReferrerPolicy;
pub use policy::StrictTransportSecurity;
pub use policy::XFrameOptions;
pub use preset::Preset;

Modules§

policy
Security policy types.
preset
Preset security header configurations.

Structs§

SecurityHeaders
Main security headers configuration.
SecurityHeadersBuilder
Builder for SecurityHeaders.

Enums§

Error
Errors that can occur when working with security headers.

Type Aliases§

Result
Result type alias for operations that may fail with an Error.