Module security

HTTP Security Headers.

Specifications

• W3C Timing-Allow-Origin header

Example

use http_types_rs::{StatusCode, Response};

let mut res = Response::new(StatusCode::Ok);
http_types_rs::security::default(&mut res);

Structs

ContentSecurityPolicy

Build a Content-Security-Policy header.

ReportTo

Define report-to directive value

ReportToEndpoint

Define endpoints for report-to directive value

StrictTransportSecurity

Inform browsers that the site should only be accessed using HTTPS.

TimingAllowOrigin

Specify origins that are allowed to see values via the Resource Timing API.

Enums

FrameOptions

Set the frameguard level.

ReferrerOptions

Set the Referrer-Policy level

Source

Define source value

Functions

default

Apply a set of default protections.

dns_prefetch_control

Disable browsers’ DNS prefetching by setting the X-DNS-Prefetch-Control header.

frameguard

Mitigates clickjacking attacks by setting the X-Frame-Options header.

hsts

Sets the Strict-Transport-Security header to keep your users on HTTPS.

nosniff

Prevent browsers from trying to guess (“sniff”) the MIME type, which can have security implications.

powered_by

Removes the X-Powered-By header to make it slightly harder for attackers to see what potentially-vulnerable technology powers your site.

referrer_policy

Mitigates referrer leakage by controlling the referer[sic] header in links away from pages

xss_filter

Sets the X-XSS-Protection header to prevent reflected XSS attacks.