OWIN Middlewares to set useful security-related HTTP header (STS, Anti-Clickjacking, XSS, CSP).
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src
.gitattributes
.gitignore
README.md
license.txt

README.md

Security Headers Middleware

Build Status NuGet Status NuGet Status

Middlewares to set useful security-related HTTP headers in your OWIN application. (From OWASP list)

Already implemented

  • Strict-Transport-Security incl. options
  • X-Frame-Options incl. supporting multiple origins
  • X-XSS-Protection incl. disabling (but I don't know why).
  • X-Content-Type-Options
  • Content-Security-Policy 2 (except Hash and Nonce)
  • Content-Security-Policy-Report-Only

Workaround for using in .Net Core (Thanks to @imperugo)

https://github.com/aspnet-contrib/AspNet.Hosting.Extensions

Using

See the tests as examples of usage:

Developed with

MarkdownPad 2 JetBrains ReSharper