public ActionResult Index()
        {
            var model = new IndexModel
                        {
                            ContentSecurityPolicyAllowSelf = MvcApplication.SecurityManager.ContentSecurityPolicy.Default.Tags.HasFlag(DirectiveSources.Self),
                            ContentSecurityPolicyEnabled = MvcApplication.SecurityManager.ContentSecurityPolicy.Enabled,
                            ContentSecurityPolicyReportOnly = MvcApplication.SecurityManager.ContentSecurityPolicy.ReportOnly,
                            ContentSecurityPolicyReportUri = MvcApplication.SecurityManager.ContentSecurityPolicy.ReportUri,
                            StrictTransportSecurityEnabled = MvcApplication.SecurityManager.StrictTransportSecurity.Enabled,
                            StrictTransportSecurityRedirectEnabled = MvcApplication.SecurityManager.StrictTransportSecurity.RedirectHttpToHttps,
                            XssProtectionEnabled = MvcApplication.SecurityManager.XssProtection.Enabled,
                            XssProtectionOption = MvcApplication.SecurityManager.XssProtection.Options
                        };

            return View("Index", model);
        }
        public ActionResult Index(IndexModel model)
        {
            if (model.ContentSecurityPolicyAllowSelf)
            {
                MvcApplication.SecurityManager.ContentSecurityPolicy = Policies.SelfOnly;
            }
            else
            {
                MvcApplication.SecurityManager.ContentSecurityPolicy = Policies.NoResources;
            }

            MvcApplication.SecurityManager.ContentSecurityPolicy.Enabled = model.ContentSecurityPolicyEnabled;
            MvcApplication.SecurityManager.ContentSecurityPolicy.ReportOnly = model.ContentSecurityPolicyReportOnly;
            MvcApplication.SecurityManager.ContentSecurityPolicy.ReportUri = model.ContentSecurityPolicyReportUri;
            MvcApplication.SecurityManager.StrictTransportSecurity.Enabled = model.StrictTransportSecurityEnabled;
            MvcApplication.SecurityManager.StrictTransportSecurity.RedirectHttpToHttps = model.StrictTransportSecurityRedirectEnabled;
            MvcApplication.SecurityManager.XssProtection.Enabled = model.XssProtectionEnabled;
            MvcApplication.SecurityManager.XssProtection.Options = model.XssProtectionOption;

            return View("Index", model);
        }