NetEscapades.AspNetCore.SecurityHeaders
A small package to allow adding security headers to ASP.NET Core websites. example :
public void Configure(IApplicationBuilder app) { var policyCollection = new HeaderPolicyCollection() .AddFrameOptionsDeny() .AddXssProtectionBlock() .AddContentTypeOptionsNoSniff() .AddStrictTransportSecurityMaxAgeIncludeSubDomains(maxAgeInSeconds: 60 * 60 * 24 * 365) // maxage = one year in seconds .AddReferrerPolicyStrictOriginWhenCrossOrigin() .RemoveServerHeader() .AddContentSecurityPolicy(builder => { builder.AddObjectSrc().None(); builder.AddFormAction().Self(); builder.AddFrameAncestors().None(); }) .AddCustomHeader("X-My-Test-Header", "Header value"); app.UseSecurityHeaders(policyCollection); // other middleware e.g. static files, MVC etc }