Django Security Headers Hall of Fame

It’s been a year since I published How to Score A+ for Security Headers on Your Django Website, the blog post for my DjangoCon Europe 2019 talk. It’s seen some updates as both Django and web security have evolved, for example Feature-Policy is now required for an A+, and Django 3.0 includes built-in support for Referrer-Policy.

I’ve received a lot of nice feedback for the post and the talk. Here are some of the people who’ve used it to increase their sites’ security:

• Ahter Somnez and Çağıl Uluşahin took their site LindyPlus to a “B” (tweet).
• Aidas Bendoraitis took his site 1st things 1st to an “A”, including adding a strong CSP (tweet).
• Anthony Ricaud and his team took i-make.com to an “A”, and they’ve also started using more check constraints (tweet).
• Kristian Glass took app.emporium.cloud to an “A” score (tweet). This site is useful for exploring the dependency graph of all package on PyPI.
• Tobias Kunze took Pretalx to an “A” (tweet).
• Matthew Freire took JustDjango to an “A+” (tweet)
• Will Vincent took LearnDjango.com to an “A” (tweet)

Thanks to all for letting me know.

If you have used the guide to improve your site’s security, please email or tweet me, and I’ll add a link here! As you can see, you don’t need to get to A+, which is a lot of work. Any improvement is good for your site and users :)

—Adam

Make your development more pleasant with Boost Your Django DX.

One summary email a week, no spam, I pinky promise.

Related posts:

• How to Score A+ for Security Headers on Your Django Website
• Feature-Policy updates - now required for an A+ on SecurityHeaders.com

Tags: django