GaProgMan/OwaspHeaders.Core

Inject OWASP recommended HTTP Headers for increased security in a single line

C#MIT

Issues

Set-Cookie header is not supported
#45 opened 5 years ago by GaProgMan
1
Cross-Origin-Embedder-Policy not supported
#74 opened 13 days ago by jamie-taylor-rjj
0
Cross-Origin-Opener-Policy not supported
#75 opened 17 days ago by jamie-taylor-rjj
0
Bug report: editorconfig might be broken
#153 opened 17 days ago by GaProgMan
0
Feature Request: Allow specific pages to be ignored by Secure Headers middlware
#141 opened a month ago by GaProgMan
0
Docs update: Content-Security-Policy page
#140 opened a month ago by GaProgMan
0
Allow Certain Domains
#95 opened 6 months ago by bbqchickenrobot
1
Incorrect default values for Cache-Control header
#135 opened a month ago by jamie-taylor-rjj
0
Add Basic Documentation Site
#105 opened 2 months ago by GaProgMan
0
Drop Support For .NET 6, Add Support For .NET 9
#99 opened 2 months ago by jamie-taylor-rjj
0
Middleware should use OptionsBuilder
#59 opened 5 years ago by GaProgMan
0
[High Priority] Remove support for .NET Framework
#88 opened a year ago by jamie-taylor-rjj
0
Cross-Origin-Resource-Policy not supported
#76 opened 2 years ago by jamie-taylor-rjj
2
Expect-CT is deprecated, consider removing or disabling by default
#72 opened 2 years ago by jamie-taylor-rjj
1
Feature-Policy header is not supported
#31 opened 2 years ago by GaProgMan
2
X-XSS-Protection has been deprecated and can cause issues with modern browsers if present.
#73 opened 2 years ago by jamie-taylor-rjj
0
SetCspUris with each of one CspCommandType.Directive and CspCommandType.Uri results in duplicate values in header
#61 opened 2 years ago by spasecookee
2
Add Content-Security-Policy-Report-Only only header
#60 opened 5 years ago by spasecookee
0
RemovePoweredByHeader does not remove the server header
#57 opened 5 years ago by GaProgMan
0
"Feature" request: a changelog
#46 opened 5 years ago by dstj
2
Remove X-XSS-Protection header from defaults
#44 opened 5 years ago by GaProgMan
1
Custom Content Security Policies not being built correctly
#51 opened 5 years ago by spSlaine
2
Unit tests disabled if something is wrong in setup
#48 opened 5 years ago by Compufreak345
1
Allow configuration for X-Content-Security-Policy
#47 opened 5 years ago by Compufreak345
0
Azure Function support as a binding?
#40 opened 6 years ago by dalestone
1
ReportUri in ExpectCt not optional / hard-coded in default config
#37 opened 5 years ago by Compufreak345
0
blob:, *, data: are capsulated between quotes
#39 opened 5 years ago by eL-Prova
1
Not compatible with .Net Core 2.1
#34 opened 5 years ago by Compufreak345
0
Clear Site-Data is not implemented
#32 opened 6 years ago by GaProgMan
0
missing a public parameterless constructor
#30 opened 6 years ago by unosbaghaie
1
Remove dependency to Microsoft.AspNetCore.All
#28 opened 7 years ago by MartinJohns
1
Expect-CT is not implemented
#19 opened 7 years ago by GaProgMan
0
NuGet package doesn't have any meta data
#22 opened 7 years ago by GaProgMan
0
Typo
#21 opened 7 years ago by talismax
2
X-Powered-By header is included by default
#20 opened 7 years ago by GaProgMan
1
Content Security Policy is not used
#16 opened 7 years ago by GaProgMan
0
Domains are not used in CSP
#17 opened 7 years ago by GaProgMan
0
HPKP is being deprecated in Chrome and Firefox
#9 opened 7 years ago by GaProgMan
4
Re-write to use a Fluent Interface and Builder Pattern
#14 opened 7 years ago by GaProgMan
1
Support netstandard2.0
#11 opened 7 years ago by Compufreak345
5
Upgrade to .NET Core 2.0
#5 opened 7 years ago by GaProgMan
0
Does not implement Referrer-Policy header
#4 opened 8 years ago by GaProgMan
0
Does not implement X-Permitted-Cross-Domain-Policies header
#3 opened 8 years ago by GaProgMan
0
Does not implement Content-Security-Policy header
#2 opened 8 years ago by GaProgMan
0
Does not implement X-Content-Type-Options header
#1 opened 8 years ago by GaProgMan
0