Question 1

How to add security headers in ASP.NET Core with NetEscapades?

Accepted Answer

Install the NuGet package and call app.UseSecurityHeaders() in Startup.Configure. Use AddDefaultSecurityHeaders() for quick setup or customize with a HeaderPolicyCollection via the fluent API as shown in the README examples.

Question 2

NetEscapades.SecurityHeaders vs custom middleware for headers?

Accepted Answer

NetEscapades provides pre-built, tested implementations with a fluent API, saving development time and reducing errors. Custom middleware might be better for extremely simple or unique requirements but requires more manual coding and testing.

Question 3

How to configure Content-Security-Policy with nonce in ASP.NET Core?

Accepted Answer

Use AddContentSecurityPolicy with WithNonce() in your policy, install the TagHelpers package, and add the asp-add-nonce attribute to script tags in Razor views. The README details this with examples for generating and using nonces per request.

Question 4

What security headers are best for ASP.NET Core APIs?

Accepted Answer

For JSON-only APIs, use AddDefaultApiSecurityHeaders() which applies a restrictive CSP and optimized headers like Permissions-Policy with secure directives, based on OWASP guidance referenced in the README.

Question 5

How to remove the Server header in ASP.NET Core effectively?

Accepted Answer

The package's RemoveServerHeader method is limited; you must also configure Kestrel options with AddServerHeader = false in your WebHostBuilder, as explained in the README's RemoveServerHeader section.

Question 6

Can I set different headers for API endpoints vs MVC pages?

Accepted Answer

Yes, configure named policies with AddSecurityHeaderPolicies() and apply them to endpoints using WithSecurityHeadersPolicy() or attributes, allowing separate policies for APIs and web pages as demonstrated in the endpoint-specific examples.

SecurityHeaders

What is SecurityHeaders?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions