DEV Community

Simon Foster
Simon Foster

Posted on • Updated on • Originally published at funkysi1701.com

Security Headers

#security #dotnet

Have you wondered what info you are leaking via your response headers?, do you want some kind of guide about what headers to set or remove altogether?

Head on over to https://securityheaders.com/ This is a site created by security expert Scott Helme that rates a URL based on what response headers it can see.

I am pleased to say www.funkysi1701.com is now getting an A.Alt Text

So how do you add/remove headers in dotnet core?

In my configure method in Startup.cs I have the following code block.

app.Use(
    next =>
    {
        return async context =>
        {
            context.Response.OnStarting(
                () =>
                {
                    context.Response.Headers.Add("Permissions-Policy", "microphone=()");     
                    context.Response.Headers.Remove("Server");
                    context.Response.Headers.Remove("X-Powered-By");
                    context.Response.Headers.Remove("X-AspNet-Version");
                    return Task.CompletedTask;
                });

             await next(context);
         };
     });
Enter fullscreen mode Exit fullscreen mode

I have only included a few of the headers I am adding as the excellent https://securityheaders.com/ can tell you which headers you should add and what options you might want.

Top comments (0)

Read next

iamabdul profile image

Re-learning security: detecting package vulnerabilities 🎁 NPM and Nuget.

Abdul -

tkuenneth profile image

Permission not granted - on failing to create cross-profile app pairs

Thomas Künneth -

rahulpnath profile image

How To Easily Make Your .NET AWS Lambda Function Idempotent

Rahul Nath -

esdanielgomez profile image

Using Azure OpenAI Service to generate images with DALL-E in .NET

Daniel Gomez -