Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
Security Kit
Open on Drupal.org →
Open on Drupal GitLab →
Created on 26 March 2011,
about 14 years ago
Maintained by
🇨🇦
Canada
badjava
🇳🇿
New Zealand
jweowu
🇬🇧
United Kingdom
mcdruid
p0deje
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇬🇧
United Kingdom
33%
🇺🇸
United States
16%
🇦🇺
Australia
14%
🇮🇳
India
8%
🇵🇪
Peru
5%
🇩🇪
Germany
4%
🇨🇦
Canada
4%
🏴☠️
4%
🇫🇮
Finland
3%
🇳🇿
New Zealand
3%
🇳🇱
Netherlands
3%
🇷🇺
Russia
2%
🏴☠️
🇪🇸 🇺🇦 🇧🇷
3%
Top 10 contributors
Acquia
18%
🇮🇳
@ankitv18
🇬🇧
@mcdruid
🇮🇳
@deepakkm
Affinity Digital Tech Ltd
5%
🇬🇧
@somersoft
Tomato Elephant Studio
5%
🇦🇺
@VladimirAus
SeeD EM
5%
🇵🇪
@alyaj2a
Third and Grove
4%
🇺🇸
@jds1
Catalyst IT
4%
🇳🇿
@jweowu
🇦🇺
@jnlar
Jarltech Europe GmbH
4%
🇩🇪
@mkalkbrenner
Fame Helsinki
3%
🇫🇮
@sokru
DICTU
3%
🇳🇱
@groendijk
Chromatic
2%
🇺🇸
@apotek
+13
and 13 other organisations
Oomph, Inc.
🇺🇸
@ben.hamelin
Share Good USA
🇺🇸
@BenStallings
Redfin Solutions, LLC
🇺🇸
@leslieg
Numiko
@joshhytr
United Nations
🇩🇪
@berliner
Drupal Ukraine Community
🇺🇦
@eugene.brit
State Library of New South Wales
🇦🇺
@geoffreyr
Cyber-Duck
🇬🇧
@Alina Basarabeanu
Attico International
@yauheni
Zoocha
🇧🇷
@PabloNicolas
Interdependent Web LLC
🇺🇸
@BenStallings
Investis Digital
🇺🇦
@eugene.brit
Somersoft
🇬🇧
@somersoft
and 13 individuals
( 34% )
🇪🇸
@bmunslow
🇬🇧
@dahousecat
🇺🇸
@DamienMcKenna
🇦🇺
@dpi
🇨🇦
@gapple
🇺🇸
@dabblela
🇷🇺
@shra
🇬🇧
@the_g_bomb
🇬🇧
@littlepixiez
🇷🇺
@a.kovrigin
🇮🇳
@hetalsagar
🇨🇦
@No Sssweat
@project update bot
Follow
Sign in to follow projects
Merge Requests
More
!16
default-src has wrong description
Open
Show issue
Unnamed author
updated
about 2 months ago
!46
Avoid using document.write('<!--');
Open
Show issue
🇬🇧
United Kingdom
the_g_bomb
updated
about 2 months ago
!30
Avoid using document.write('<!--');
Open
Show issue
🇪🇸
Spain
luismagr
updated
about 2 months ago
!45
Allow certain paths to be excluded from the Origin check (patch included)
Open
Show issue
joshhytr
updated
5 months ago
!44
"Directive style-src-elem violated."
Open
Show issue
🇺🇸
United States
DamienMcKenna
updated
5 months ago
!43
Dispatch an event when there is a CSP violation
Open
Show issue
🇺🇸
United States
dabblela
updated
5 months ago
More Merge Requests
Issues
✨
Support for configuring script-src-elem
Active
Code
Created
about 1 month ago
v2.0
🇺🇸
United States
apotek
about 1 month ago
🐛
default-src has wrong description
Needs work
Documentation
Created
over 4 years ago
v2.0
🇦🇺
Australia
marji
about 2 months ago
✨
Change Feature Policy to Permissions Policy (D8/D9)
Needs review
Code
Created
over 4 years ago
v2.0
🇵🇹
Portugal
rfmarcelino
about 2 months ago
📌
Avoid using document.write('<!--');
Needs work
Code
Created
over 4 years ago
v1.2
🇷🇺
Russia
kostyashupenko
about 2 months ago
💬
How to add all google tlds for CSP
Active
User interface
Created
almost 3 years ago
v2.0
🇺🇸
United States
justclint
about 2 months ago
💬
CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created
about 4 years ago
v2.0
🇮🇳
India
sivaprasadc
about 2 months ago
💬
Google URL's are blocked.
Active
Miscellaneous
Created
about 1 year ago
v2.0
🇮🇳
India
suresh prabhu parkala
about 2 months ago
✨
Need to exclude admin path from applying the policies
Active
Code
Created
12 months ago
v2.0
🇻🇳
Vietnam
tm01xx
3 months ago
✨
Permissions Policy Support
RTBC
Miscellaneous
Created
about 4 years ago
v2.0
🇦🇹
Austria
gr4phic3r
3 months ago
✨
Change Feature Policy to Permissions Policy
Closed: won't fix
Code
Created
over 4 years ago
v1.11
🇮🇳
India
Souvik Pal
3 months ago
🐛
Seckit doesn´t work for Images, CSS, JS
Active
Code
Created
3 months ago
v2.0
🇦🇹
Austria
gr4phic3r
3 months ago
🐛
Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created
about 1 year ago
v2.0
🇺🇦
Ukraine
bahbka
4 months ago
💬
/report-csp-violation throwing an error
Active
Miscellaneous
Created
5 months ago
v2.0
🇺🇸
United States
duckydan
5 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created
over 3 years ago
v2.0
🇧🇷
Brazil
barone
5 months ago
✨
"Directive style-src-elem violated."
Active
Code
Created
over 4 years ago
v1.0
🇺🇸
United States
DamienMcKenna
5 months ago
✨
Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created
about 4 years ago
v2.0
🇬🇧
United Kingdom
andy tawse
5 months ago
✨
Add worker-src
Needs review
Code
Created
over 2 years ago
v1.0
🇬🇧
United Kingdom
dahousecat
5 months ago
✨
Dispatch an event when there is a CSP violation
Active
Code
Created
5 months ago
v2.0
🇺🇸
United States
dabblela
5 months ago
🐛
Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created
almost 4 years ago
v2.0
🇭🇺
Hungary
asrob
6 months ago
✨
Add worker-src
Active
Code
Created
about 1 year ago
v2.0
🇬🇧
United Kingdom
dahousecat
6 months ago
✨
Add form-action directive
Needs review
Code
Created
almost 4 years ago
v2.0
🇬🇧
United Kingdom
Dubs
6 months ago
📌
Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created
over 1 year ago
v2.0
🇧🇷
Brazil
PabloNicolas
6 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created
8 months ago
v2.0
🇮🇳
India
hetalsagar
6 months ago
🐛
Missing container invalidation update from issue modifying services
Active
Code
Created
8 months ago
v2.0
🇦🇺
Australia
prussobcm
7 months ago
🐛
The base-uri policy is missing
Needs review
Code
Created
over 5 years ago
v2.0
🇧🇪
Belgium
cubeinspire
7 months ago
🐛
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created
over 1 year ago
v2.0
🇪🇸
Spain
jsbalsera
7 months ago
💬
SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created
8 months ago
v2.0
🇺🇸
United States
kruser
7 months ago
✨
Provide hook_seckit_options_alter() D8
Needs review
Code
Created
over 8 years ago
v2.0
🇷🇺
Russia
ogggg
7 months ago
📌
Set 2.x as default branch
Fixed
Code
Created
8 months ago
v2.0
🇩🇪
Germany
mkalkbrenner
7 months ago
📌
Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created
7 months ago
v2.0
🇺🇸
United States
leslieg
7 months ago
📌
Update logo for compatibility with Project Browser
Active
Miscellaneous
Created
7 months ago
v2.0
🇺🇸
United States
leslieg
7 months ago
🐛
Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created
almost 6 years ago
v2.0
🇺🇸
United States
averagejoe3000
7 months ago
🐛
php error
Closed: duplicate
Code
Created
7 months ago
v2.0
🇩🇪
Germany
ngruendel
7 months ago
📌
Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created
7 months ago
v2.0
🇦🇺
Australia
dpi
7 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created
8 months ago
v2.0
🇮🇳
India
hetalsagar
8 months ago
📌
D11 release for seckit
Fixed
Code
Created
8 months ago
v2.0
🇬🇧
United Kingdom
mcdruid
8 months ago
✨
Extend length of src fields
Needs review
Code
Created
about 4 years ago
v2.0
🇷🇸
Serbia
milovan
8 months ago
📌
Coding Standard Issues
Fixed
Code
Created
8 months ago
v2.0
🇵🇪
Peru
alyaj2a
8 months ago
📌
Add testing of report-csp-violation
Fixed
Code
Created
8 months ago
v2.0
🇬🇧
United Kingdom
mcdruid
8 months ago
✨
Silent mode for CSP reporting
Active
Code
Created
almost 3 years ago
v2.0
🇺🇦
Ukraine
ksemihin
8 months ago
✨
Update CSP directives
Needs review
Code
Created
over 7 years ago
v2.0
🇺🇸
United States
Mojiferous
8 months ago
✨
Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created
over 1 year ago
v2.0
🇧🇪
Belgium
Dozz
8 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created
9 months ago
v2.0
project update bot
8 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created
about 1 year ago
v2.0
project update bot
9 months ago
📌
Fix validate pipeline
Fixed
Code
Created
9 months ago
v2.0
🇮🇳
India
ankitv18
9 months ago
📌
Add Gitlab CI
Fixed
Code
Created
about 1 year ago
v2.0
🇮🇳
India
deepakkm
9 months ago
🐛
No values in X-XSS-Protection Header select box
Fixed
User interface
Created
almost 7 years ago
v2.0
rajithkumark
10 months ago
📌
Drupal 9.1 Deprecated Code Report
RTBC
Code
Created
over 4 years ago
v2.0
🇬🇷
Greece
suzymasri
11 months ago
💬
Question about HSTS max-age
Active
Miscellaneous
Created
about 1 year ago
v2.0
🇳🇱
Netherlands
RobBNL
11 months ago
✨
Text fields not big enough
Fixed
Code
Created
about 2 years ago
v2.0
🇪🇸
Spain
penyaskito
12 months ago
📌
Add phpcs and drupal-check fixes
Needs review
Code
Created
about 3 years ago
v2.0
🇮🇳
India
bendale
12 months ago
✨
Store each CSP rule on a seperate line in config
Active
Code
Created
about 1 year ago
v2.0
🇬🇧
United Kingdom
dahousecat
about 1 year ago
📌
Support flood control for CSP violation reports
Needs work
Code
Created
about 9 years ago
v1.0
🇳🇿
New Zealand
jweowu
about 1 year ago
📌
t() calls should be avoided in classes.
Needs review
Code
Created
about 1 year ago
v2.0
🇮🇳
India
chaitanyadessai
about 1 year ago
📌
\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created
about 1 year ago
v2.0
🇮🇳
India
chaitanyadessai
about 1 year ago
📌
Add LICENSE.txt file
Closed: works as designed
Code
Created
about 1 year ago
v2.0
🇷🇴
Romania
ciprian.stavovei
about 1 year ago
💬
Backdrop CMS Port?
Fixed
Miscellaneous
Created
about 3 years ago
v1.0
rbargerhuff
about 1 year ago
📌
Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created
about 2 years ago
v1.0
🇨🇦
Canada
fengtan
about 1 year ago
🐛
Fix D7 Forms API syntax
RTBC
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
mvc
about 1 year ago
✨
Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created
over 3 years ago
v2.0
🇦🇺
Australia
gordon
over 1 year ago
💬
Lottie files / base64 encoding
Active
Miscellaneous
Created
about 2 years ago
v1.11
🇺🇸
United States
Mile3
over 1 year ago
💬
Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created
over 1 year ago
v2.0
🇪🇸
Spain
gpollner
over 1 year ago
📌
Add a reference to csp_log in documentation
Active
Documentation
Created
over 1 year ago
v2.0
🇧🇪
Belgium
daften
over 1 year ago
💬
How to set httpOnly flag on cookies?
Needs review
Documentation
Created
over 1 year ago
v2.0
🇪🇸
Spain
uridrupal
over 1 year ago
💬
Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created
over 1 year ago
v2.0
🇮🇳
India
ankitasharma13
over 1 year ago
📌
Replace README.txt with README.md
Fixed
Documentation
Created
over 2 years ago
v2.0
🇮🇳
India
Manoj Raj.R
over 1 year ago
📌
Fix the warnings/errors reported by PHP_CodeSniffer
Fixed
Code
Created
about 5 years ago
v2.0
🇳🇿
New Zealand
xurizaemon
over 1 year ago
📌
Update source url in composer.json
Fixed
Code
Created
over 4 years ago
v2.0
🇳🇴
Norway
neslee canil pinto
over 1 year ago
📌
License "GPL-2.0+" is a deprecated SPDX license identifier
Fixed
Code
Created
almost 5 years ago
v2.0
🇮🇳
India
harishh
over 1 year ago
🐛
JS/CSS/Noscript code gets added twice to head on 404/403 pages
Fixed
Code
Created
over 5 years ago
v2.0
🇺🇸
United States
averagejoe3000
over 1 year ago
🐛
Minor Typo in SecKitEventSubscriber.php File
Fixed
Code
Created
over 4 years ago
v2.0
🇮🇳
India
sivaprasadc
over 1 year ago
📌
Drupal CSS Standards
Fixed
Code
Created
about 2 years ago
v1.0
🇺🇸
United States
bygeoffthompson
over 1 year ago
🐛
seckit/listener library incorrectly defined
Fixed
Code
Created
over 1 year ago
v2.0
🇬🇧
United Kingdom
mcdruid
over 1 year ago
🐛
style-src key missing in seckit.settings.yml
Fixed
Code
Created
almost 2 years ago
v2.0
🇦🇺
Australia
jnlar
over 1 year ago
🐛
report-uri is deprecated
Active
Code
Created
about 2 years ago
v2.0
🇳🇱
Netherlands
LaurentD
over 1 year ago
✨
Remove Generator meta tag from output
Closed: works as designed
Code
Created
over 8 years ago
v2.0
🇦🇺
Australia
chOP
over 1 year ago
🐛
Illegal choice 0 in Configure element.
Closed: duplicate
Code
Created
over 4 years ago
v2.0
🇮🇳
India
vijay.mayilsamy
over 1 year ago
📌
Add textarea type to script-src field
Closed: duplicate
Code
Created
over 2 years ago
v2.0
🇮🇳
India
ashetkar
over 1 year ago
✨
Allow entering more content in CSP fields
Closed: duplicate
Code
Created
over 2 years ago
v2.0
🇨🇦
Canada
dylan donkersgoed
over 1 year ago
✨
Extend length of feature policy field
Closed: duplicate
Code
Created
over 5 years ago
v2.0
🇳🇱
Netherlands
dennis_meuwissen
over 1 year ago
✨
Add support for form-action CSP directive
Active
Code
Created
over 7 years ago
v1.0
🇺🇸
United States
milodesc
over 1 year ago
✨
Longer fields to support Google TLD's
Closed: duplicate
Code
Created
almost 2 years ago
v1.0
🇨🇦
Canada
djac
almost 2 years ago
📌
Trailing slash on void elements has no effect and interacts badly with unquoted attribute values
Closed: duplicate
Code
Created
almost 2 years ago
v2.0
fromme
almost 2 years ago
📌
Remove type="text/javascript" from <script> tag
Needs review
Code
Created
almost 2 years ago
v2.0
fromme
almost 2 years ago
🐛
Deprecated Feature Used Expect-CT header
Needs review
Code
Created
over 2 years ago
v2.0
l_nava
almost 2 years ago
🐛
Expect-CT is deprecated; provide a warning or remove
Closed: duplicate
Code
Created
about 2 years ago
v2.0
🇯🇵
Japan
ptmkenny
almost 2 years ago
✨
Text fields not big enough
Fixed
Code
Created
almost 6 years ago
v1.0
🇬🇧
United Kingdom
dunx
about 2 years ago
📌
Skip report-uri processing if value is empty
Fixed
Code
Created
over 5 years ago
v1.0
🇺🇸
United States
ron_s
about 2 years ago
✨
Add support for feature-policy header
Fixed
Code
Created
over 6 years ago
v1.0
🇦🇺
Australia
adammalone
about 2 years ago
💬
Offering to maintain Security Kit
Active
Miscellaneous
Created
over 2 years ago
v2.0
🇮🇳
India
rajeshreeputra
about 2 years ago
🌱
Deprecate / Remove Content Security Policy configuration in favour of Content Security Policy module
Active
Code
Created
almost 7 years ago
v1.0
🇨🇦
Canada
gapple
about 2 years ago
🐛
Missing Strict-Transport-Security header
Closed: works as designed
Code
Created
almost 6 years ago
v1.0
🇨🇭
Switzerland
handkerchief
about 2 years ago
🐛
ALLOW-FROM directive in x-frame-options is obsolete
Active
Code
Created
over 2 years ago
v2.0
🇬🇧
United Kingdom
oldspot
over 2 years ago
🐛
Blocked URI missing/empty in log entries
Closed: works as designed
Code
Created
almost 11 years ago
v1.9
🇺🇸
United States
bsnav
about 2 years ago
✨
Add 'Disable Security Kit' option back
Active
User interface
Created
about 2 years ago
v2.0
🇺🇸
United States
Jonathan_W
about 2 years ago
✨
Add manifest-src
Active
Code
Created
about 4 years ago
v2.0
🇸🇪
Sweden
acke
about 2 years ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024