The security headers components.
A type safe configuration object for setting security headers.
Provider for security headers configuration.
Provider for security headers configuration.
The case class that implements the filter.
The case class that implements the filter. This gives you the most control, but you may want to use the apply() method on the companion singleton for convenience.
The security headers module.
Parses out a SecurityHeadersConfig from play.api.Configuration (usually this means application.conf).
This class sets a number of common security headers on the HTTP request.
This class sets a number of common security headers on the HTTP request.
NOTE: Because these are security headers, they are "secure by default." If the filter is applied, but these fields are NOT defined in Configuration, the defaults on the filter are NOT omitted, but are instead set to the strictest possible value.
A type safe configuration object for setting security headers.
"X-Frame-Options":
"X-XSS-Protection":
"X-Content-Type-Options"
"X-Permitted-Cross-Domain-Policies"
"Content-Security-Policy" - this is deprecated in favor of the dedicated CSPFilter.
"Referrer-Policy"
Allows specific headers