Secure πŸ”’ headers and cookies for Python web frameworks
Branch: master
Clone or download
cakinney Documentation Typos
- Fix HSTS year
- Fix aiohttp cookies
Latest commit 658da7e Jan 11, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs Documentation Typos Jan 12, 2019
secure Add first unit test Jan 6, 2019
.gitignore Add Sphinx documentation Dec 24, 2018
.travis.yml Remove 3.7 for now Jan 6, 2019
LICENSE v0.1.0 Nov 27, 2018 v0.1.0 Nov 27, 2018 Add ReadTheDocs Dec 24, 2018
dev-requirements.txt Specify packages for unit tets Jan 6, 2019 v0.2.1 Dec 24, 2018

image Python 3 image image πŸ”’ is a lightweight package that adds optional security headers and cookie attributes for Python web frameworks.

Supported Python web frameworks:

aiohttp, Bottle, CherryPy, Django, Falcon, Flask, hug, Masonite, Pyramid, Quart, Responder, Sanic, Starlette, Tornado



$ pip install secure


$ pipenv install secure

After installing secure:

from secure import SecureHeaders, SecureCookie

secure_headers = SecureHeaders()
secure_cookie = SecureCookie()

Secure Headers



Default HTTP response headers:

Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0

Secure Cookie


secure_cookie.framework(response, name="spam", value="eggs")

Default Set-Cookie HTTP response header:

Set-Cookie: spam=eggs; Path=/; secure; HttpOnly; SameSite=lax


Please see the full set of documentation at