SecKit provides Drupal with various security-hardening options. This lets your mitigate the risks of exploitation of different web application vulnerabilities.
- Content Security Policy implementation via Сontent-Security-Policy (official name), X-Content-Security-Policy (Firefox and IE) and X-WebKit-CSP (Chrome and Safari) HTTP response headers (configuration page and reporting CSP violations to watchdog)
- Control over Internet Explorer / Apple Safari / Google Chrome internal XSS filter via X-XSS-Protection HTTP response header
- Fix of Drupal 6 core module Upload issue http://drupal.org/node/803430 (Drupal 7 version lacks this option as long as Upload was replaced with FileField module)
- Prevent content upsniffing and serving files with incorrect MIME-type via X-Content-Type-Options: nosniff HTTP response header
Cross-site Request Forgery
- Handling of Origin HTTP request header
- Implementation of X-Frame-Options HTTP response header
- Implementation of HTTP Strict Transport Security (HSTS) response header, preventing man-in-the-middle and eavesdropping attacks
- Implementation of From-Origin HTTP response header
All necessary documentation and examples of usage are on settings page of module. You may also take a look at http://www.browserscope.org/?category=security to figure out current status of browsers support.
Preparations for the 7.x-1.10 release are under way. Please 'follow' this issue to track the release candidate(s) and testing.
- Maintenance status: Actively maintained
- Development status: Maintenance fixes only
- Module categories: Security
- Reported installs: 20,349 sites currently report using this module. View usage statistics.
- Downloads: 189,419
- Automated tests: Enabled
- Last modified: September 19, 2016
- Stable releases are covered by the security advisory policy.
Look for the shield icon below.