Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF Web application firewall for .Net 6, .Net 5, .Net Standard 2.1 and .Net Core 3.x

HeadersPolicies Enumeration

the header policies that are supported by the firewall

Namespace:  Walter.Web.FireWall.Headers
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax


public enum HeadersPolicies

Members


Member nameDescription
None No policy has been applied, headers are not protected by the browser or firewall
DoNotTrack Indicates that 3rd party "do not track signal" is configured.
FrameOptionsDeny Indicates that the pages cannot be displayed in a frame, regardless of the site attempting to do so
FrameOptionsSameOrigin indicates that only frames are allowed that are of this domain
XssProtectionEnabled Indicates that the pages have XSS protection
XssProtectionDisabled Indicates that the pages do not have XSS protection
XssProtectionWithBlockEnabled Indicates that the pages have XSS protection and tells the browser to block
XssProtectionWithReportEnabled Indicates that the pages have XSS protection and tells the browser to report
StrictTransportSecurityMaxAge Indicates that the browser is to honor Strict-Transport-Security max-age to all requests in this domain but not sub domains and tells the browser to cache the domain in the STS list for the number of seconds provided.
StrictTransportSecurityMaxAgeIncludeSubDomains Indicates that the browser is to honor Strict-Transport-Security max-age to all requests in the domain and sub domains and tells the browser to cache the domain in the STS list for the number of seconds provided.
StrictTransportSecurityNoCache Add Strict-Transport-Security max-age=0 to all requests and ells the browser to remove, or not cache the host in the STS cache
ContentTypeOptionsNoSniff indicates that the browser will have X-Content-Type-Options nosniff to all headers.
ContentSecurityPolicyTrustOnlySelf Indicates that the browser will have a CSP will only trust own domain
ContentSecurityPolicyTrustExternalSources Indicates that the browser will have a CSP will only trust own domain as well as specified external CDN's