A NuGet package that applies some security- and performance related optimizations to your Web.config file.
Everytime I start a new ASP.net or ASP.net MVC project I find myself applying the same settings to the Web.config over and over again. So, after doing that for the n-th time I spent a few moments creating this NuGet package to automate it.
install-package AtleX.Web.Config
The package is hosted on NuGet.org
The X-Powered-By
and X-AspNet-Version
are removed from all responses.
To prevent Clickjacking an
X-Frame-Options
header with the value DENY
is added to all responses.
An X-Xss-Protection
header is sent with the value 1; mode=block
to
forcibly enable the reflective XSS protection found in Internet Explorer,
Chrome and other Webkit browsers. Read more
By sending an X-Content-Type-Options
header Internet Explorer and Chrome
are honouring the MIME type sent by the server, instead of sniffing it from
the file. This reduces the risk of malicious drive-by downloads.
The value of the debug
attribute of the Compilation
element is set to
false
.
See License.txt