cuba-secure_headers

Security related headers for Cuba applications. It's heavily inspired by secureheaders.

Description

This gem applies the following headers:

• HTTP Strict Transport Security (HSTS) - Ensures the browser never visits the http version of a website. Protects from SSLStrip/Firesheep attacks. HSTS Specification
• X-Frame-Options (XFO) - Prevents your content from being framed and potentially clickjacked. X-Frame-Options draft
• X-XSS-Protection - Cross site scripting heuristic filter for IE/Chrome
• X-Content-Type-Options - Prevent content type sniffing
• X-Download-Options - Prevent file downloads opening
• X-Permitted-Cross-Domain-Policies - Restrict Adobe Flash Player's access to data

Usage

require "cuba"
require "cuba/secure_headers"

Cuba.plugin(Cuba::SecureHeaders)

Installation

$ gem install cuba-secure_headers