Module http_types::security

HTTP Security Headers.

Specifications

• W3C Timing-Allow-Origin header

Example

use http_types::{StatusCode, Response};

let mut res = Response::new(StatusCode::Ok);
http_types::security::default(&mut res);

Structs

ContentSecurityPolicy	Build a Content-Security-Policy header.
ReportTo	Define report-to directive value
ReportToEndpoint	Define endpoints for report-to directive value
TimingAllowOrigin	Specify origins that are allowed to see values via the Resource Timing API.

Enums

FrameOptions	Set the frameguard level.
ReferrerOptions	Set the Referrer-Policy level
Source	Define source value

Functions

default	Apply a set of default protections.
dns_prefetch_control	Disable browsers’ DNS prefetching by setting the X-DNS-Prefetch-Control header.
frameguard	Mitigates clickjacking attacks by setting the X-Frame-Options header.
hsts	Sets the Strict-Transport-Security header to keep your users on HTTPS.
nosniff	Prevent browsers from trying to guess (“sniff”) the MIME type, which can have security implications.
powered_by	Removes the X-Powered-By header to make it slightly harder for attackers to see what potentially-vulnerable technology powers your site.
referrer_policy	Mitigates referrer leakage by controlling the referer[sic] header in links away from pages
xss_filter	Sets the X-XSS-Protection header to prevent reflected XSS attacks.