StefanOssendorf / SecurityHeadersMiddleware Public

Notifications You must be signed in to change notification settings
Fork 9
Star 27

OWIN Middlewares to set useful security-related HTTP header (STS, Anti-Clickjacking, XSS, CSP).

27 stars 9 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 70 Commits
src		src
.gitattributes		.gitattributes
.gitignore		.gitignore
README.md		README.md
license.txt		license.txt

Repository files navigation

Security Headers Middleware

Middlewares to set useful security-related HTTP headers in your OWIN application. (From OWASP list)

Already implemented

Strict-Transport-Security incl. options
X-Frame-Options incl. supporting multiple origins
X-XSS-Protection incl. disabling (but I don't know why).
X-Content-Type-Options
Content-Security-Policy 2 (except Hash and Nonce)
Content-Security-Policy-Report-Only

Workaround for using in .Net Core (Thanks to @imperugo)

https://github.com/aspnet-contrib/AspNet.Hosting.Extensions

Using

See the tests as examples of usage:

Strict-Transport-Security
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Content-Security-Policy
For Source-List usage see Content-Security-Policy source lists

Developed with

MarkdownPad 2 JetBrains ReSharper

About

OWIN Middlewares to set useful security-related HTTP header (STS, Anti-Clickjacking, XSS, CSP).

Report repository

Releases 1

Version 2 - CSP2 conformance Latest

Packages

No packages published

Languages

C# 100.0%