Skip to main content

HTTP Strict Transport Security for a Pyramid application.

Project description

Enforce [HTTP Strict Transport Security][] for a [Pyramid][] web application.

### Features

  • adds a Strict-Transport-Security header to every response
  • redirects requests with an insecure protocol to the corresponding secure protocol, i.e.: from http://… to https://…
  • ensures urls generated by request.*_url methods (e.g.: request.route_url) use a secure protocol

### Usage

To use, pip install pyramid_hsts / add pyramid_hsts to your requirements.txt and then [include][] the package:


### Configuration

If you’re running behind a frontend that proxies secure requests to your app on an insecure protocol (e.g.: on Heroku or a common Nginx setup) then it is common practice for the frontend to set a header indicating the original prototcol. To read this, you need to [specify][] the name of the protocol_header:

# must be specified if behind proxy hsts.protocol_header=X-Forwarded-Proto

You can also specify the max_age of and whether to include_subdomains in your HSTS header, e.g.:

# defaults to 8640000 hsts.max_age=4320000

# defaults to true hsts.include_subdomains=false

[HTTP Strict Transport Security]: [Pyramid]: [include]: [specify]:

Project details

Release history Release notifications

History Node


History Node


History Node


History Node


History Node

This version
History Node


History Node


History Node


History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
pyramid_hsts-1.1.3.tar.gz (5.8 kB) Copy SHA256 hash SHA256 Source None Jan 30, 2014

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page