Blog
FAQ
Discussions
Search
Projects, issues, users, and merge requests.
Project ID, name, and description.
User nickname, name, and org.
Issue ID, title, and summary.
Merge request titles.
Contrib
.social
Feed
Live feed
Builds
Live builds
Core
Tags
Tags and Initiatives
Security Kit
Open on Drupal.org →
Open on Drupal GitLab →
Created on 26 March 2011,
almost 14 years ago
Maintained by
🇨🇦
Canada
badjava
🇳🇿
New Zealand
jweowu
🇬🇧
United Kingdom
mcdruid
p0deje
Clone
Clone with SSH
Clone with HTTPS
Clone with
doGit
🇬🇧
United Kingdom
25%
🇦🇺
Australia
17%
🇺🇸
United States
15%
🇮🇳
India
9%
🇵🇪
Peru
6%
🇩🇪
Germany
5%
🏴☠️
5%
🇫🇮
Finland
3%
🇳🇱
Netherlands
3%
🇺🇦
Ukraine
2%
🇨🇦
Canada
2%
🇳🇿
New Zealand
2%
🇷🇺
Russia
2%
🇪🇸
Spain
1%
🇧🇷
Brazil
1%
Top 10 contributors
Acquia
20%
🇮🇳
@ankitv18
🇬🇧
@mcdruid
🇮🇳
@deepakkm
Tomato Elephant Studio
6%
🇦🇺
@VladimirAus
SeeD EM
6%
🇵🇪
@alyaj2a
Third and Grove
5%
🇺🇸
@jds1
Somersoft
5%
🇬🇧
@somersoft
Jarltech Europe GmbH
4%
🇩🇪
@mkalkbrenner
Catalyst IT
4%
🇳🇿
@jweowu
🇦🇺
@jnlar
Fame Helsinki
3%
🇫🇮
@sokru
DICTU
3%
🇳🇱
@groendijk
Share Good USA
2%
🇺🇸
@BenStallings
+11
and 11 other organisations
Redfin Solutions, LLC
🇺🇸
@leslieg
Numiko
@joshhytr
United Nations
🇩🇪
@berliner
Drupal Ukraine Community
🇺🇦
@eugene.brit
Propeople (now part of FFW)
🇺🇦
@bahbka
Cyber-Duck
🇬🇧
@Alina Basarabeanu
Attico International
@yauheni
Zoocha
🇧🇷
@PabloNicolas
Interdependent Web LLC
🇺🇸
@BenStallings
Investis Digital
🇺🇦
@eugene.brit
JAKALA (formerly FFW)
🇺🇦
@bahbka
and 13 individuals
( 29% )
🇪🇸
@bmunslow
🇬🇧
@dahousecat
🇺🇸
@DamienMcKenna
🇦🇺
@dpi
🇨🇦
@gapple
🇦🇺
@geoffreyr
🇺🇸
@dabblela
🇷🇺
@shra
🇬🇧
@the_g_bomb
🇬🇧
@littlepixiez
🇷🇺
@a.kovrigin
🇮🇳
@hetalsagar
@project update bot
Follow
Sign in to follow projects
Merge Requests
More
!45
Allow certain paths to be excluded from the Origin check (patch included)
Open
Show issue
joshhytr
updated
about 2 months ago
!44
"Directive style-src-elem violated."
Open
Show issue
🇺🇸
United States
DamienMcKenna
updated
about 2 months ago
!43
Dispatch an event when there is a CSP violation
Open
Show issue
🇺🇸
United States
dabblela
updated
2 months ago
!36
Provide hook_seckit_options_alter() D8
Open
Show issue
🇦🇺
Australia
geoffreyr
updated
2 months ago
!11
CSP: Directive script-src-elem violated with googletagmanager
Open
Show issue
🇮🇳
India
rajeshreeputra
updated
3 months ago
!20
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Open
Show issue
🇪🇸
Spain
jsbalsera
updated
4 months ago
More Merge Requests
Issues
🐛
Seckit seckitGetJsCssNoscriptCode hijacks js aggregation files.
Active
Code
Created
9 months ago
v2.0
🇺🇦
Ukraine
bahbka
about 1 month ago
✨
Need to exclude admin path from applying the policies
Active
Code
Created
9 months ago
v2.0
🇻🇳
Vietnam
tm01xx
about 1 month ago
💬
/report-csp-violation throwing an error
Active
Miscellaneous
Created
about 2 months ago
v2.0
🇺🇸
United States
duckydan
about 2 months ago
✨
Implement a "semi automatic" Nonce settings
Needs review
Miscellaneous
Created
over 3 years ago
v2.0
🇧🇷
Brazil
barone
about 2 months ago
✨
"Directive style-src-elem violated."
Active
Code
Created
over 4 years ago
v1.0
🇺🇸
United States
DamienMcKenna
about 2 months ago
✨
Allow certain paths to be excluded from the Origin check (patch included)
Active
Code
Created
almost 4 years ago
v2.0
🇬🇧
United Kingdom
Andy Tawse
about 2 months ago
✨
Add worker-src
Needs review
Code
Created
over 2 years ago
v1.0
🇬🇧
United Kingdom
dahousecat
about 2 months ago
✨
Dispatch an event when there is a CSP violation
Active
Code
Created
2 months ago
v2.0
🇺🇸
United States
dabblela
2 months ago
🐛
Breaks sitemap.xml when JS +CSS + Noscript protection is enabled
Active
Code
Created
over 3 years ago
v2.0
🇭🇺
Hungary
asrob
2 months ago
💬
CSP: Directive script-src-elem violated with googletagmanager
Needs work
Code
Created
almost 4 years ago
v2.0
🇮🇳
India
sivaprasadc
3 months ago
✨
Add worker-src
Active
Code
Created
10 months ago
v2.0
🇬🇧
United Kingdom
dahousecat
3 months ago
✨
Add form-action directive
Needs review
Code
Created
over 3 years ago
v2.0
🇬🇧
United Kingdom
Dubs
3 months ago
📌
Drupal calls should be avoided in classes, use dependency injection instead
Active
Code
Created
about 1 year ago
v2.0
🇧🇷
Brazil
PabloNicolas
3 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created
4 months ago
v2.0
🇮🇳
India
hetalsagar
3 months ago
🐛
Missing container invalidation update from issue modifying services
Active
Code
Created
5 months ago
v2.0
🇦🇺
Australia
prussobcm
4 months ago
🐛
The base-uri policy is missing
Needs review
Code
Created
about 5 years ago
v2.0
🇧🇪
Belgium
cubeinspire
4 months ago
🐛
Clickjacking CSS protection hides content when site is embed inside an iframe, even if frame-ancestors is set
Active
Code
Created
about 1 year ago
v2.0
🇪🇸
Spain
jsbalsera
4 months ago
💬
SA-CONTRIB-2024-039 Clarification?
Fixed
Code
Created
4 months ago
v2.0
🇺🇸
United States
kruser
4 months ago
✨
Provide hook_seckit_options_alter() D8
Needs review
Code
Created
about 8 years ago
v2.0
🇷🇺
Russia
ogggg
4 months ago
📌
Set 2.x as default branch
Fixed
Code
Created
5 months ago
v2.0
🇩🇪
Germany
mkalkbrenner
4 months ago
📌
Update summary on project page for compatibility with Project Browser
Active
Miscellaneous
Created
4 months ago
v2.0
🇺🇸
United States
leslieg
4 months ago
📌
Update logo for compatibility with Project Browser
Active
Miscellaneous
Created
4 months ago
v2.0
🇺🇸
United States
leslieg
4 months ago
🐛
Enabling "Enable JavaScript + CSS + Noscript protection" causes invalid HTML
Needs work
Code
Created
over 5 years ago
v2.0
🇺🇸
United States
averagejoe3000
4 months ago
🐛
php error
Closed: duplicate
Code
Created
4 months ago
v2.0
🇩🇪
Germany
ngruendel
4 months ago
📌
Modernize services: Add autowiring aliases, use autoconfigure, etc
Needs review
Code
Created
4 months ago
v2.0
🇦🇺
Australia
dpi
4 months ago
🐛
Multiple html lines of seckitGetJsCssNoscriptCode function create issue when js aggregate and minify html is on
Active
Code
Created
4 months ago
v2.0
🇮🇳
India
hetalsagar
4 months ago
📌
D11 release for seckit
Fixed
Code
Created
5 months ago
v2.0
🇬🇧
United Kingdom
mcdruid
4 months ago
✨
Extend length of src fields
Needs review
Code
Created
almost 4 years ago
v2.0
🇷🇸
Serbia
milovan
5 months ago
📌
Coding Standard Issues
Fixed
Code
Created
5 months ago
v2.0
🇵🇪
Peru
alyaj2a
5 months ago
📌
Add testing of report-csp-violation
Fixed
Code
Created
5 months ago
v2.0
🇬🇧
United Kingdom
mcdruid
5 months ago
✨
Silent mode for CSP reporting
Active
Code
Created
over 2 years ago
v2.0
🇺🇦
Ukraine
ksemihin
5 months ago
✨
Update CSP directives
Needs review
Code
Created
over 7 years ago
v2.0
🇺🇸
United States
Mojiferous
5 months ago
✨
Store CSP sources as a list of values on multiple lines to increase manageability and prevent merge conflicts
Needs review
Code
Created
over 1 year ago
v2.0
🇧🇪
Belgium
Dozz
5 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Closed: duplicate
Code
Created
6 months ago
v2.0
project update bot
5 months ago
📌
Automated Drupal 11 compatibility fixes for seckit
Fixed
Code
Created
10 months ago
v2.0
project update bot
5 months ago
💬
Google URL's are blocked.
Active
Miscellaneous
Created
12 months ago
v2.0
🇮🇳
India
suresh prabhu parkala
6 months ago
📌
Fix validate pipeline
Fixed
Code
Created
6 months ago
v2.0
🇮🇳
India
ankitv18
6 months ago
📌
Add Gitlab CI
Fixed
Code
Created
12 months ago
v2.0
🇮🇳
India
deepakkm
6 months ago
✨
Change Feature Policy to Permissions Policy (D8/D9)
Needs work
Code
Created
about 4 years ago
v2.0
🇵🇹
Portugal
rfmarcelino
6 months ago
📌
Avoid using document.write('<!--');
Needs work
Code
Created
about 4 years ago
v2.0
🇷🇺
Russia
kostyashupenko
7 months ago
🐛
No values in X-XSS-Protection Header select box
Fixed
User interface
Created
over 6 years ago
v2.0
rajithkumark
7 months ago
📌
Drupal 9.1 Deprecated Code Report
RTBC
Code
Created
about 4 years ago
v2.0
🇬🇷
Greece
suzymasri
7 months ago
💬
Question about HSTS max-age
Active
Miscellaneous
Created
10 months ago
v2.0
🇳🇱
Netherlands
RobBNL
8 months ago
✨
Text fields not big enough
Fixed
Code
Created
almost 2 years ago
v2.0
🇪🇸
Spain
penyaskito
8 months ago
📌
Add phpcs and drupal-check fixes
Needs review
Code
Created
almost 3 years ago
v2.0
🇮🇳
India
bendale
9 months ago
✨
Store each CSP rule on a seperate line in config
Active
Code
Created
9 months ago
v2.0
🇬🇧
United Kingdom
dahousecat
9 months ago
📌
Support flood control for CSP violation reports
Needs work
Code
Created
almost 9 years ago
v1.0
🇳🇿
New Zealand
jweowu
10 months ago
✨
Permissions Policy Support
Needs work
Miscellaneous
Created
almost 4 years ago
v2.0
🇦🇹
Austria
gr4phic3r
10 months ago
📌
t() calls should be avoided in classes.
Needs review
Code
Created
11 months ago
v2.0
🇮🇳
India
chaitanyadessai
11 months ago
📌
\Drupal calls should be avoided in classes, use dependency injection instead
Needs review
Code
Created
11 months ago
v2.0
🇮🇳
India
chaitanyadessai
11 months ago
📌
Add LICENSE.txt file
Closed: works as designed
Code
Created
11 months ago
v2.0
🇷🇴
Romania
ciprian.stavovei
11 months ago
💬
Backdrop CMS Port?
Fixed
Miscellaneous
Created
almost 3 years ago
v1.0
rbargerhuff
11 months ago
📌
Misleading recommendation for CSP directive "frame-src"
RTBC
Documentation
Created
almost 2 years ago
v1.0
🇨🇦
Canada
fengtan
12 months ago
🐛
Fix D7 Forms API syntax
RTBC
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
mvc
12 months ago
✨
Add support for setting referer policy from route in issue #3027122
Needs work
Code
Created
over 3 years ago
v2.0
🇦🇺
Australia
gordon
12 months ago
💬
Lottie files / base64 encoding
Active
Miscellaneous
Created
almost 2 years ago
v1.11
🇺🇸
United States
Mile3
about 1 year ago
💬
Uncaught DOMException: Permission denied to access property "hostname" on cross-origin object
Active
Code
Created
about 1 year ago
v2.0
🇪🇸
Spain
gpollner
about 1 year ago
📌
Add a reference to csp_log in documentation
Active
Documentation
Created
about 1 year ago
v2.0
🇧🇪
Belgium
daften
about 1 year ago
💬
How to set httpOnly flag on cookies?
Needs review
Documentation
Created
about 1 year ago
v2.0
🇪🇸
Spain
uridrupal
about 1 year ago
💬
Vulnerability Scan reported 150206 - Content-Security-Policy Not Implemented
Closed: won't fix
User interface
Created
over 1 year ago
v2.0
🇮🇳
India
ankitasharma13
over 1 year ago
📌
Replace README.txt with README.md
Fixed
Documentation
Created
over 2 years ago
v2.0
🇮🇳
India
Manoj Raj.R
over 1 year ago
📌
Fix the warnings/errors reported by PHP_CodeSniffer
Fixed
Code
Created
almost 5 years ago
v2.0
🇳🇿
New Zealand
xurizaemon
over 1 year ago
📌
Update source url in composer.json
Fixed
Code
Created
over 4 years ago
v2.0
🇳🇴
Norway
neslee canil pinto
over 1 year ago
📌
License "GPL-2.0+" is a deprecated SPDX license identifier
Fixed
Code
Created
over 4 years ago
v2.0
🇮🇳
India
harishh
over 1 year ago
🐛
JS/CSS/Noscript code gets added twice to head on 404/403 pages
Fixed
Code
Created
about 5 years ago
v2.0
🇺🇸
United States
averagejoe3000
over 1 year ago
🐛
Minor Typo in SecKitEventSubscriber.php File
Fixed
Code
Created
about 4 years ago
v2.0
🇮🇳
India
sivaprasadc
over 1 year ago
📌
Drupal CSS Standards
Fixed
Code
Created
almost 2 years ago
v1.0
🇺🇸
United States
bygeoffthompson
over 1 year ago
🐛
seckit/listener library incorrectly defined
Fixed
Code
Created
over 1 year ago
v2.0
🇬🇧
United Kingdom
mcdruid
over 1 year ago
🐛
style-src key missing in seckit.settings.yml
Fixed
Code
Created
over 1 year ago
v2.0
🇦🇺
Australia
jnlar
over 1 year ago
🐛
default-src has wrong description
Needs work
Documentation
Created
about 4 years ago
v2.0
🇦🇺
Australia
marji
over 1 year ago
🐛
report-uri is deprecated
Active
Code
Created
over 1 year ago
v2.0
🇳🇱
Netherlands
LaurentD
over 1 year ago
✨
Remove Generator meta tag from output
Closed: works as designed
Code
Created
over 8 years ago
v2.0
🇦🇺
Australia
chOP
over 1 year ago
🐛
Illegal choice 0 in Configure element.
Closed: duplicate
Code
Created
over 4 years ago
v2.0
🇮🇳
India
vijay.mayilsamy
over 1 year ago
📌
Add textarea type to script-src field
Closed: duplicate
Code
Created
over 2 years ago
v2.0
🇮🇳
India
ashetkar
over 1 year ago
✨
Allow entering more content in CSP fields
Closed: duplicate
Code
Created
over 2 years ago
v2.0
🇨🇦
Canada
dylan donkersgoed
over 1 year ago
✨
Extend length of feature policy field
Closed: duplicate
Code
Created
over 5 years ago
v2.0
🇳🇱
Netherlands
dennis_meuwissen
over 1 year ago
✨
Add support for form-action CSP directive
Active
Code
Created
about 7 years ago
v1.0
🇺🇸
United States
milodesc
over 1 year ago
✨
Longer fields to support Google TLD's
Closed: duplicate
Code
Created
over 1 year ago
v1.0
🇨🇦
Canada
djac
over 1 year ago
📌
Trailing slash on void elements has no effect and interacts badly with unquoted attribute values
Closed: duplicate
Code
Created
over 1 year ago
v2.0
fromme
over 1 year ago
📌
Remove type="text/javascript" from <script> tag
Needs review
Code
Created
over 1 year ago
v2.0
fromme
over 1 year ago
🐛
Deprecated Feature Used Expect-CT header
Needs review
Code
Created
about 2 years ago
v2.0
l_nava
over 1 year ago
🐛
Expect-CT is deprecated; provide a warning or remove
Closed: duplicate
Code
Created
almost 2 years ago
v2.0
🇯🇵
Japan
ptmkenny
over 1 year ago
✨
Text fields not big enough
Fixed
Code
Created
over 5 years ago
v1.0
🇬🇧
United Kingdom
dunx
almost 2 years ago
📌
Skip report-uri processing if value is empty
Fixed
Code
Created
about 5 years ago
v1.0
🇺🇸
United States
ron_s
almost 2 years ago
✨
Add support for feature-policy header
Fixed
Code
Created
over 6 years ago
v1.0
🇦🇺
Australia
adammalone
almost 2 years ago
💬
Offering to maintain Security Kit
Active
Miscellaneous
Created
about 2 years ago
v2.0
🇮🇳
India
rajeshreeputra
almost 2 years ago
🌱
Deprecate / Remove Content Security Policy configuration in favour of Content Security Policy module
Active
Code
Created
over 6 years ago
v1.0
🇨🇦
Canada
gapple
almost 2 years ago
🐛
Missing Strict-Transport-Security header
Closed: works as designed
Code
Created
over 5 years ago
v1.0
🇨🇭
Switzerland
handkerchief
almost 2 years ago
🐛
ALLOW-FROM directive in x-frame-options is obsolete
Active
Code
Created
about 2 years ago
v2.0
🇬🇧
United Kingdom
oldspot
about 2 years ago
🐛
Blocked URI missing/empty in log entries
Closed: works as designed
Code
Created
over 10 years ago
v1.9
🇺🇸
United States
bsnav
almost 2 years ago
✨
Add 'Disable Security Kit' option back
Active
User interface
Created
almost 2 years ago
v2.0
🇺🇸
United States
Jonathan_W
almost 2 years ago
✨
Add manifest-src
Active
Code
Created
almost 4 years ago
v2.0
🇸🇪
Sweden
acke
almost 2 years ago
contrib
.social
Blog
FAQ
Discussions
Production build 0.71.5
2024