Show HN: Secure.py – Simplify HTTP Security Headers for Python Web Apps

I'm excited to share a major update to secure.py, a Python library designed to make adding essential HTTP security headers to web apps easier than ever. This release is a complete rewrite, leveraging modern Python 3.10+ features to enhance usability and performance.

Why secure.py?

Adding headers like Content Security Policy (CSP), HSTS, and X-Frame-Options is crucial for protecting web applications from attacks like XSS and clickjacking. However, managing these headers across different frameworks and ensuring adherence to best practices can be cumbersome. secure.py removes that friction by providing:

- Out-of-the-Box Security Presets: Apply BASIC or STRICT security configurations with a single line of code.

- Full Customization: Take control over headers like CSP, HSTS, X-Frame-Options, Referrer-Policy, and more to tailor security to your app's needs.

- Multi-Framework Support: Works with popular frameworks including Flask, Django, FastAPI, Starlette, and more—both synchronous and asynchronous.

- Modern Pythonic Design: Utilizes Python 3.10+ features like structural pattern matching and improved type hinting for cleaner and more efficient code.

- No External Dependencies: Lightweight and easy to include in any project.

- Best Practice Compliance: Follows recommendations from the OWASP Secure Headers Project and MDN Web Docs for robust security.

Requirements:

- Python 3.10 or higher

If you're tired of manually adding security headers and worrying about consistency, give secure.py a try. It's open source and designed to help developers add the kind of security that every app should have by default.

GitHub: https://github.com/TypeError/secure

I welcome any feedback, ideas for improvement, or contributions from the community!

Thanks for checking it out!