SecKit provides Drupal with various security-hardening options. This lets your mitigate the risks of exploitation of different web application vulnerabilities.

Cross-site Scripting
    Content Security Policy implementation via Сontent-Security-Policy (official name), X-Content-Security-Policy (Firefox and IE) and X-WebKit-CSP (Chrome and Safari) HTTP response headers (configuration page and reporting CSP violations to watchdog)
    Control over Internet Explorer / Apple Safari / Google Chrome internal XSS filter via X-XSS-Protection HTTP response header
    Fix of Drupal 6 core module Upload issue (Drupal 7 version lacks this option as long as Upload was replaced with FileField module)
    Prevent content upsniffing and serving files with incorrect MIME-type via X-Content-Type-Options: nosniff HTTP response header
Cross-site Request Forgery
    Handling of Origin HTTP request header
    Implementation of X-Frame-Options HTTP response header
    JavaScript + CSS + Noscript protection with customizable text for disabled JavaScript message
    Implementation of HTTP Strict Transport Security (HSTS) response header, preventing man-in-the-middle and eavesdropping attacks
    Implementation of From-Origin HTTP response header

All necessary documentation and examples of usage are on settings page of module. You may also take a look at to figure out current status of browsers support.

Upcoming releases

Preparations for the 7.x-1.10 release are under way. Please 'follow' this issue to track the release candidate(s) and testing.

Supporting organizations: 

Project Information