StefanOssendorf / SecurityHeadersMiddleware

OWIN Middlewares to set useful security-related HTTP header (STS, Anti-Clickjacking, XSS, CSP).

MIT License

27 stars 9 forks source link

readme

Security Headers Middleware

Middlewares to set useful security-related HTTP headers in your OWIN application. (From OWASP list)

Already implemented

Strict-Transport-Security incl. options
X-Frame-Options incl. supporting multiple origins
X-XSS-Protection incl. disabling (but I don't know why).
X-Content-Type-Options
Content-Security-Policy 2 (except Hash and Nonce)
Content-Security-Policy-Report-Only

Workaround for using in .Net Core (Thanks to @imperugo)

https://github.com/aspnet-contrib/AspNet.Hosting.Extensions

Using

See the tests as examples of usage:

Strict-Transport-Security
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Content-Security-Policy
For Source-List usage see Content-Security-Policy source lists

Developed with

MarkdownPad 2 JetBrains ReSharper