/// <summary>
/// Add default headers in accordance with the most secure approach
/// </summary>
public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies)
{
policies.AddFrameOptionsDeny();
policies.AddXssProtectionBlock();
policies.AddContentTypeOptionsNoSniff();
policies.AddStrictTransportSecurityMaxAge();
policies.RemoveServerHeader();
return(policies);
}
/// <summary>
/// Add default headers in accordance with the most secure approach
/// </summary>
public static HeaderPolicyCollection AddDefaultSecurityHeaders(this HeaderPolicyCollection policies)
{
policies.AddFrameOptionsDeny();
policies.AddXssProtectionBlock();
policies.AddContentTypeOptionsNoSniff();
policies.AddStrictTransportSecurityMaxAge();
policies.AddReferrerPolicyStrictOriginWhenCrossOrigin();
policies.RemoveServerHeader();
policies.AddContentSecurityPolicy(builder =>
{
builder.AddObjectSrc().None();
builder.AddFormAction().Self();
builder.AddFrameAncestors().None();
});
return(policies);
}