I have a streamlit application and I would like to add the following HTTP security headers to it.

X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy
Strict-Transport-Security: max-age=31536000; includeSubDomains
Referrer-Policy: origin

These headers can provide effective security measures against various attacks and are recommended practices to implement multiple lines of defence. Is there any streamlit method for implementing those headers?

Hi there George,

Also interested in this topic. FYI, there are multiple forum posts asking about this and even a open GitHub issue, but the topic is ignored every single time .

Open GitHub issue:

Forum posts:

Hey @marduk and @George_Mathew,

Just wanted to share my update to the GitHub Issue:

Hi everyone, thank you for sharing your questions and interest in this request. I’ve touched base with our team internally, and while we are considering enhancements like this one, we are not expecting any major support to be implemented in the next six months. Given that meaningful improvements to the library in this area won’t be prioritized in the near term, we recommend seeking other solutions if this is an urgent need for your use case.

Our apologies for the delayed response on this topic – we appreciate your patience!

I set up NGINX as a reverse proxy and added all these headers.

Hi @George_Mathew. Can you share your solution?

+1 to this feature request