NAME Mojolicious::Plugin::SecurityHeader - Mojolicious Plugin VERSION version 0.07 SYNOPSIS # Mojolicious $self->plugin('SecurityHeader'); # define which security headers should be used $self->plugin('SecurityHeader' => [ 'Strict-Transport-Security' => -1, 'X-Xss-Protection', 'X-Content-Type-Options' => 'nosniff', ]); # Mojolicious::Lite plugin 'SecurityHeader'; DESCRIPTION Mojolicious::Plugin::SecurityHeader is a Mojolicious plugin. SECURITY HEADER * Strict-Transport-Security * Public-Key-Pins * Referrer-Policy * X-Content-Type-Options * X-Frame-Options * X-Xss-Protection * Access-Control-Allow-Origin * Access-Control-Expose-Headers * Access-Control-Max-Age * Access-Control-Allow-Credentials * Access-Control-Allow-Methods * Access-Control-Allow-Headers METHODS Mojolicious::Plugin::SecurityHeader inherits all methods from Mojolicious::Plugin and implements the following new ones. register $plugin->register(Mojolicious->new); Register plugin in Mojolicious application. CORS SUPPORT Since version 0.06 this plugin also supports CORS <https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS>. There's already Mojolicious::Plugin::CORS, but unlike that module, with the SecurityHeader plugin all CORS related headers are configurable. SEE ALSO Mojolicious, Mojolicious::Guides, http://mojolicious.org. Mojolicious::Plugin::CORS AUTHOR Renee Baecker <reneeb@cpan.org> COPYRIGHT AND LICENSE This software is Copyright (c) 2018 by Renee Baecker. This is free software, licensed under: The Artistic License 2.0 (GPL Compatible)