This is a pretty short question. I deployed a Django app to heroku and would like to have access to the contents of that app's security headers. The subject is not well documented on the Internet. I don't know the procedure to access it. Thanks!
CodePudding user response:
If you just want to see your apps security headers, you can do that in any browser in the browser dev tools (F12 or CTRL SHIFT I usually, or just hunt through menus for tools). Go to the network tab, reload and click on the row with the page title (eg '/' for the homepage of the URL you provide). The request headers for that page should appear in their own section of the tools.
If you want to edit your headers, have a look at the docs for security middleware for some elements you can include in your settings.py file.
For recommendations on what settings should be set to you can get an analysis at at securityheaders.com or observatory.mozilla.org
There are addtional django modules for helping with any additional headers like a Content Security Policy. I use Django-CSP for that one.