I copied some django security middleware (https://github.com/sdelements/django-security) for some personal use. The django security does some things I wanted and some other things I felt I didnt. So I only copied what I wanted and added some other things. Tonight I got bored and went through, https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers to see what else I wanted to add to my site. I found some things and they are at https://github.com/vaethis/algoa-middleware
I will keep adding to HTTP headers for responses and requests as I go, but I figured this is a good starting point. As I progress on my site, I definitely can improve upon what HTTP headers I can manipulate in an effort to make one of the most secure sites on the web.
I am going to keep updating this post as I add middleware to my site. I feel it is appropriate to do that.
Right now I have implemented:
- P3P Policy Protection
I would love comments about other things.