I still use it for secure headers, curious if there's any other tool that can do the trick. Answer from Own-Bus-6262 on reddit.com
🌐
PyPI
pypi.org › project › flask-talisman
flask-talisman · PyPI
HTTP security headers for Flask. ... Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
Help
The Python Package Index (PyPI) is a repository of software for the Python programming language.
Sponsors
The Python Package Index (PyPI) is a repository of software for the Python programming language.
Register
The Python Package Index (PyPI) is a repository of software for the Python programming language.
Log in
The Python Package Index (PyPI) is a repository of software for the Python programming language.
🌐
PyPI
pypi.org › project › talisman
talisman · PyPI
HTTP security headers for Flask. ... Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
      » pip install talisman
Published   Nov 13, 2015
Version   0.1.0
Homepage   https://github.com/GoogleCloudPlatform/flask-talisman
Discussions
Is flask-talisman still the way to go?
I still use it for secure headers, curious if there's any other tool that can do the trick. More on reddit.com
🌐 r/flask
6
11
January 21, 2023
How to configure flask-talisman for CDN scripts and cron jobs in python 3.11 standard google app engine - Stack Overflow
Following the suggestion in the docs, I added flask-talisman but have run into two problems. I'm using apexcharts from CDN and I don't know how to get the nonce right - otherwise I get an error on... More on stackoverflow.com
🌐 stackoverflow.com
python - Flask-Talisman breaks Flask-Bootstrap - Stack Overflow
I want my website to always redirect to the secure https version of the site, and I'm using flask-talisman to do this. However for some reason adding this seemingly-unrelated line of code is breaki... More on stackoverflow.com
🌐 stackoverflow.com
When to use flask-talisman?
You can see the list of things Talisman allows you to do on the website . CSP is the big win, but it also does things like forcing HTTPS connections. It’s probably a good idea to have it turned on, but be aware that CSPs have uneven support in various libraries. For example, Flask-admin doesn’t fully support them, nor does bootstrap. So you might have to tweak some code to silence warnings and/or get your site working. Even if you leave CSPs off, Talisman enables a host of security best practices which you should either be using by default, or fully understand the reason you aren’t using. More on reddit.com
🌐 r/flask
2
4
January 5, 2023
🌐
GitHub
github.com › GoogleCloudPlatform › flask-talisman › blob › master › flask_talisman › talisman.py
flask-talisman/flask_talisman/talisman.py at master · GoogleCloudPlatform/flask-talisman
HTTP security headers for Flask. Contribute to GoogleCloudPlatform/flask-talisman development by creating an account on GitHub.
Author   GoogleCloudPlatform
🌐
GitHub
github.com › GoogleCloudPlatform › flask-talisman
GitHub - GoogleCloudPlatform/flask-talisman: HTTP security headers for Flask · GitHub
Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
Starred by 936 users
Forked by 84 users
Languages   Python 94.7% | HTML 4.2% | Dockerfile 1.1%
🌐
Reddit
reddit.com › r/flask › is flask-talisman still the way to go?
r/flask on Reddit: Is flask-talisman still the way to go?
January 21, 2023 -

I'm getting close to publishing an app and am curious if people are still using flask-talisman or if there's something better I should be aware of?

It looks like it hasn't been updates since 2019 so maybe it's outdated?

Chime in if you've used it and or have other suggestions.

Thanks flask community!

Top answer
1 of 3
5
I still use it for secure headers, curious if there's any other tool that can do the trick.
2 of 3
3
It's a bunch of common-sense security settings for Flask. There are other ways to do it, but I don't see any problem in using it. If you start having problems with CORS and other stuff, don't forget to look here. You may need to change some of the settings.
🌐
GeeksforGeeks
geeksforgeeks.org › python › flask-security-with-talisman
Flask Security with Talisman - GeeksforGeeks
July 24, 2025 - Talisman is basically a Flask extension that is used to add HTTP security headers to our Flask application with easy implementation, which will help us to protect the app against common web attacks that lead to disturbances in our application ...
🌐
Stack Overflow
stackoverflow.com › questions › 76799686 › how-to-configure-flask-talisman-for-cdn-scripts-and-cron-jobs-in-python-3-11-sta
How to configure flask-talisman for CDN scripts and cron jobs in python 3.11 standard google app engine - Stack Overflow
'script-src': "'self' ajax.googleapis.com *.googleanalytics.com " '*.google-analytics.com ' '*.googletagmanager.com ' 'https://cdn.jsdelivr.net/npm/apexcharts', 'style-src': "'self' " 'https://cdn.jsdelivr.net/npm/apexcharts', 'object-src': "'none'", 'default-src': "'self' ", 'connect-src': "'self' *.google-analytics.com appengine.googleapis.com", } _talisman = Talisman(app, content_security_policy=csp, content_security_policy_nonce_in=['script-src', 'style-src]) . . . @app.get(r'/') def main(): ... context['nonce'] = _talisman._get_nonce() return render_template('list.html', context) ... <scr
🌐
Anaconda.org
anaconda.org › conda-forge › flask-talisman
flask-talisman - conda-forge | Anaconda.org
Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
Find elsewhere
🌐
GitHub
github.com › wntrblm › flask-talisman
GitHub - wntrblm/flask-talisman: HTTP security headers for Flask
Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
Starred by 84 users
Forked by 10 users
Languages   Python 95.6% | HTML 3.5% | Dockerfile 0.9% | Python 95.6% | HTML 3.5% | Dockerfile 0.9%
🌐
Medium
medium.com › @asoheili › flask-security-with-talisman-ef6990a4a24
Flask Security with Talisman. Building a secure web application is… | by Arash Soheili | Medium
January 13, 2020 - from flask import Flask from flask_talisman import Talisman app = Flask(__name__) Talisman(app)
🌐
Stack Overflow
stackoverflow.com › questions › 54730178 › flask-talisman-breaks-flask-bootstrap
python - Flask-Talisman breaks Flask-Bootstrap - Stack Overflow
Top answer
1 of 3
11

It's an old thread, but the answer is that you need to whitelist your allowed sites, like in this example (directly from flask-talisman web site):

csp = {
 'default-src': [
        '\'self\'',
        'cdnjs.cloudflare.com'
    ]
}
talisman = Talisman(app, content_security_policy=csp)
2 of 3
4

Building on jrborba's answer above, this is what I have used to prevent Tailsman from breaking Bootstrap and jQuery, but you may not need to use the unsafe-inline line as I did.

csp = {
    'default-src': [
        '\'self\'',
        '\'unsafe-inline\'',
        'stackpath.bootstrapcdn.com',
        'code.jquery.com',
        'cdn.jsdelivr.net'
    ]
}
talisman = Talisman(app, content_security_policy=csp)
🌐
Debian
packages.debian.org › bookworm › python3-flask-talisman
Debian -- Details of package python3-flask-talisman in bookworm
Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few common web application security issues.
🌐
Arch Linux
archlinux.org › packages › extra › any › python-flask-talisman
Arch Linux - python-flask-talisman 1.1.0-7 (any)
View the file list for python-flask-talisman · View the soname list for python-flask-talisman · Copyright © 2002-2026 Judd Vinet, Aaron Griffin and Levente Polyák. The Arch Linux name and logo are recognized trademarks. Some rights reserved.
🌐
Qwiet AI
qwiet.ai › appsec-resources › securing-your-flask-applications-essential-extensions-and-best-practices
Securing Your Flask Applications: Essential Extensions and Best Practices - Preventing the Unpreventable | Qwietᴬᴵ
February 7, 2025 - Flask-Talisman enhances the security of your Flask application by adding HTTP security headers. These headers help protect against web vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, and other code injection attacks.
🌐
Reddit
reddit.com › r/flask › when to use flask-talisman?
r/flask on Reddit: When to use flask-talisman?
January 5, 2023 -

So I was getting an app ready for deployment, when I came across flask-talisman. I don't quite understand what its purpose is, but from the look of it, it is probably used to secure your website from accessing content from unwanted origins ( the `content_security_policy` option in Talisman )

If my assumptions are correct, would it make sense to use it, if I am serving my static assets using the same server as my website? I am confused as to the use case of this particular package

Top answer
1 of 2
2
You can see the list of things Talisman allows you to do on the website . CSP is the big win, but it also does things like forcing HTTPS connections. It’s probably a good idea to have it turned on, but be aware that CSPs have uneven support in various libraries. For example, Flask-admin doesn’t fully support them, nor does bootstrap. So you might have to tweak some code to silence warnings and/or get your site working. Even if you leave CSPs off, Talisman enables a host of security best practices which you should either be using by default, or fully understand the reason you aren’t using.
2 of 2
1
following ..
🌐
AskPython
askpython.com › home › set up content security policy using flask talisman
Set Up Content Security Policy using Flask Talisman - AskPython
April 10, 2025 - Talisman is an extension for Flask that simplifies the process of adding CSP to Flask applications.
🌐
GitHub
github.com › GoogleCloudPlatform › flask-talisman › blob › master › CONTRIBUTING.md
flask-talisman/CONTRIBUTING.md at master · GoogleCloudPlatform/flask-talisman
HTTP security headers for Flask. Contribute to GoogleCloudPlatform/flask-talisman development by creating an account on GitHub.
Author   GoogleCloudPlatform
🌐
OCINext
ocinext.com › post › flask-talisman-security-headers
Implementing Flask-Talisman for Enterprise Security Headers - OCINext
October 24, 2025 - Flask-Talisman is an essential tool for securing Flask applications in production.
🌐
Better Programming
betterprogramming.pub › from-http-to-https-easily-secure-flask-web-apps-with-talisman-3359692d3eac
From HTTP to HTTPS — Easily Secure Flask Web Apps With Talisman | by Kenneth Leung | Better Programming
November 25, 2021 - From HTTP to HTTPS — Easily Secure Flask Web Apps With Talisman Leveraging Python’s Talisman library to setup HTTPS protocol for enhanced web application security After deploying your Python …
🌐
GitHub
github.com › GoogleCloudPlatform › flask-talisman › blob › master › setup.py
flask-talisman/setup.py at master · GoogleCloudPlatform/flask-talisman
HTTP security headers for Flask. Contribute to GoogleCloudPlatform/flask-talisman development by creating an account on GitHub.
Author   GoogleCloudPlatform
Related queries
flask talisman elden ring
flask-talisman pypi
flask-seasurf
talisman flask tutorial
talisman flask python
flask talisman tutorial
flask talisman example
flask-talisman nonce