OSHP (OWASP Secure Headers Project)

LSE toolsLSE toolsOSHP (214)OSHP (214)

Tool and Usage

The OSHP project collects data regarding HTTP headers and their usage. It tries to inform adoption rates and increase usage.


OSHP is short for OWASP SecureHeaders Project.

Why this tool?

The OSHP project publishes reports on HTTP header usage stats, developments, and changes. It provides awareness on these headers, to improve the adoption rate.

Usage and audience

OSHP is commonly used for data extraction, information gathering, information sharing, or security awareness. Target users for this tool are security professionals.

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

Author and Maintainers

OSHP is under development by Ricardo Iramar. This project is currently maintained by Alexandre Menezes, Jim Manico.


Supported operating systems

OSHP is known to work on Linux.


Several dependencies are required to use OSHP.

  • appdirs
  • blinker
  • click
  • contextlib2
  • Flask
  • Flask-Caching
  • Flask-Compress
  • gevent
  • greenlet
  • gunicorn
  • itsdangerous
  • jinja2
  • MarkupSafe
  • mysql-connector
  • newrelic
  • packaging
  • raven
  • Redis
  • six
  • Werkzeug

OSHP alternatives

Similar tools to OSHP:



Django-security is a toolkit for the Django framework with the focus on security. It provides models, views, and middleware to strengthen the defenses.



hsecscan performs a security scan of a website and analyses any discovered HTTP headers. For each header, it will provide details and recommendations.



Security header check (shcheck) is a security tool to scan web applications and their HTTP headers. It can help securing web applications or detect weaknesses.

See all alternatives tools for OSHP »

Found an improvement? Become an influencer and submit an update.
Project details
Latest releaseNo release found

Project health

This score is calculated by different factors, like project age, last release date, etc.


 Project page (OWASP)

Related terms