Security Headers Middleware
Middlewares to set useful security-related HTTP headers in your OWIN application. (From OWASP list)
Already implemented
- Strict-Transport-Security incl. options
- X-Frame-Options incl. supporting multiple origins
- X-XSS-Protection incl. disabling (but I don't know why).
- X-Content-Type-Options
- Content-Security-Policy 2 (except Hash and Nonce)
- Content-Security-Policy-Report-Only
Workaround for using in .Net Core (Thanks to @imperugo)
https://github.com/aspnet-contrib/AspNet.Hosting.Extensions
Using
See the tests as examples of usage:
Developed with
MarkdownPad 2
JetBrains ReSharper