Status Services → Expedited WAF → Expedited SSL → IP Investigator → Real Email Resources → Knowledge Base → AWS In Plain English → Blog → Heroku Security Resources Use Cases → DDoS Protection → Bot & Malicious Traffic Blocking → Fraud Detection & Prevention → Credential Stuffing Protection → Compliance → OWASP Top 10 Compliance → AI Scraping Prevention → Geographic Request Blocking → Virtual Patching About Contact

Heroku Security Resources

Resources on how to secure, lockdown and speed up your Heroku Application.

Framework Security Checklists

Comprehensive security checklists for deploying popular web frameworks on Heroku.

API Security Checklist for Heroku

Security Checklist

Django Security Checklist for Heroku

Framework Security Checklist

Express.js Security Checklist for Heroku

Framework Security Checklist

FastAPI Security Checklist for Heroku

Framework Security Checklist

Flask Security Checklist for Heroku

Framework Security Checklist

Laravel Security Checklist for Heroku

Framework Security Checklist

Next.js Security Checklist for Heroku

Framework Security Checklist

Ruby on Rails Security Checklist for Heroku

Framework Security Checklist

Spring Boot Security Checklist for Heroku

Framework Security Checklist

Symfony Security Checklist for Heroku

Framework Security Checklist

Security Frameworks

Industry-standard security frameworks and compliance guidelines for Heroku applications.

How to Block the Latest OWASP Top 10 Vulnerabilities on Heroku

OWASP Protection

Compliance & Regulatory Frameworks

Meet compliance requirements for PCI DSS, HIPAA, SOC 2, GDPR, and more on Heroku.

FedRAMP Compliance for Heroku Applications

Compliance Guide

GDPR Compliance for Heroku Applications

Compliance Guide

HIPAA Compliance for Heroku Applications

Compliance Guide

ISO 27001 Compliance for Heroku Applications

Compliance Guide

PCI DSS Compliance for Heroku Applications

Compliance Guide

SOC 2 Compliance for Heroku Applications

Compliance Guide

Securing Your Application

Essential security configurations including HTTPS, security headers, and XSS protection.

CI/CD Security for Heroku Pipelines

Secure Deployments

How to Block HTML in forms (XSS) on Heroku

XSS Prevention

How to Choose What SSL/TLS/HTTPS option to use on Heroku

SSL/TLS Options

How to Enable Rate Limiting on Heroku

Traffic Control

How To Enable Security Headers on Heroku

Browser Security Controls

How To Force HTTPS (SSL/TLS) on Heroku

HTTPS Enforcement

Secrets Management on Heroku

Secure Credentials

Blocking Bots and Attackers

Stop malicious traffic by blocking IPs, user agents, proxies, and geographic regions.

How to Block Anonymous Proxies on Heroku

Proxy Detection

How to Block Clients by Country and Geolocation on Heroku

Geographic Blocking

How to Block Clients with Application Logic (Cookies) on Heroku

Cookie-Based Blocking

How to Block IP Addresses on Heroku

Stop Malicious Traffic

How to Block Log4j CVE-2021-44228 Exploits on Heroku

CVE Protection

How to Block User Agents on Heroku

Bot Detection

Stopping DDoS Attacks

Protect your application from distributed denial of service attacks with CAPTCHA, JavaScript verification, and referrer blocking.

How to Block Referring Sites on Heroku

Referrer Filtering

How To Stop DDoS Attacks On Heroku With a CAPTCHA challenge

CAPTCHA Protection

How To Stop DDoS Flood Attacks with Javascript Verification on Heroku

JavaScript Verification

Speed and Performance

Optimize your application's performance with HTTP/2, compression, and modern protocols.

How To Enable Brotli Compression on Heroku

Maximum Compression

How To Enable GZip Compression on Heroku

Faster Page Loads

How To Enable HTTP2 (SPDY) on Heroku

Protocol Upgrade

How To Enable IPv6 on Heroku

Modern Protocol Support

General Resources

Comprehensive guides and overviews for securing your Heroku applications.

Incident Response for Heroku Applications

Security Incidents

Web Security Guide for Heroku

Complete Security Guide