Secure

Configure and apply HTTP security headers for web applications.

Usage

Source

Secure()

A Secure instance is the library’s public facade. It encapsulates a set of typed header builders and applies them to response objects from common Python web frameworks (FastAPI, Starlette, Flask, Django, etc.).

Typical pipeline:

secure = ( … Secure.with_default_headers().allowlist_headers().deduplicate_headers().validate_and_normalize_headers() … )

Then, inside your framework integration:

secure.set_headers(response) # or in async contexts: await secure.set_headers_async(response)

Attributes

headers_list: list[BaseHeader]

Ordered list of header objects representing the configured headers. Methods like allowlist_headers() and deduplicate_headers() operate on this list in place and return self for chaining.