Django and Web Security Headers

By Adam Johnson, at Djangocon Europe 2019, on Mi 10 April 2019
Sketchnote of Django and Web Security Headers

Web browsers support several HTTP headers to opt in to extra security features. I’ll explain then and show you how to get an A+ rating for these with the free checker SecurityHeaders.com, using built-in features and a few third-party packages.

The web browser is an evolving environment, but with massive backwards compatibility. Because of this, a lot of its security features are opt-in and incremental through headers such as Content-Security-Policy and Feature-Policy. I’ll walk through and explain the main headers recommended by Scott Helme’s SecurityHeaders.com , and how you can get your site to an A+ score, with a mix of built-in features and third party packages for the more cutting edge headers. Also I’ll briefly show some free and paid tools that can aid with deployment.