Walter.Web.FireWall
HeaderConfig Class Members
Properties  Methods 


Walter.Web.FireWall Assembly > Walter.Web.FireWall.Configurations Namespace : HeaderConfig Class

The following tables list the members exposed by HeaderConfig.

Public Properties
 NameDescription
Public PropertyExpires when a header value is no-longer valid  
Public PropertyPlatformPrivacySettings The P3P policies as applicable to cookies and state data stored by the application  
Public PropertyPolicies The header policies applied in the header protection rule engine  
Public PropertySecurityHeaderBuilder Access the security header builder to add advanced security policies and rules for the browser.  
Public PropertyShowGuardActionsInHeader If true (default is false) the violated rules of the guard action evaluation will be shown in response header named Guard-Action  
Public PropertySimulationsThe header simulations applied in the header protection rule engine.  
Public PropertyTrackUsers enable tracking users so you can avoid attack patterns  
Public PropertyUserTracker An arbitrary header key that will be used for tracking users in the web application. Change this value to not make it to easy for any attacker to try to bypass security  
Top
Public Methods
 NameDescription
Public MethodAddContentSecurityPolicy Adds raw content security policy to the firewall.  
Public MethodAddContentSecurityPolicyButTrustOverloaded.  Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected  
Public MethodAddContentSecurityPolicyTrustOnlySelf trust only own domain, no external images or scripts  
Public MethodAddContentTypeOptionsNoSniff Add X-Content-Type-Options nosniff to all requests. Can be set to protect against MIME type confusion attacks.  
Public MethodAddDefaultSecurePolicy Add default security headers configuration in each request of the firewall  
Public MethodAddDefaultSecurePolicyAndReportOverloaded.  Add default security headers configuration in each request of the firewall and reports violations to the firewall  
Public MethodAddFrameOptionsDeny Add X-Frame-Options DENY to all requests. The page cannot be displayed in a frame, regardless of the site attempting to do so  
Public MethodAddFrameOptionsSameOriginOverloaded.  Add X-Frame-Options SAMEORIGIN to all requests. The page can only be displayed in a frame on the same origin as the page itself so only your own website.  
Public MethodAddStrictTransportSecurityMaxAge Add Strict-Transport-Security max-age to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided.  
Public MethodAddStrictTransportSecurityMaxAgeIncludeSubDomains Add Strict-Transport-Security max-age; includeSubDomains to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains.  
Public MethodAddStrictTransportSecurityNoCache Add Strict-Transport-Security max-age=0 to all requests. Tells the user-agent to remove, or not cache the host in the STS cache  
Public MethodAddXssProtectionBlock Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing.  
Public MethodAddXssProtectionBlockAndReport Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing.  
Public MethodAddXssProtectionDisabled Add X-XSS-Protection 0 to all requests. Disables the XSS Protections offered by the user-agent.  
Public MethodAddXssProtectionEnabled Add X-XSS-Protection 1 to all requests. Enables the XSS Protections  
Public MethodAddXssProtectionReportOverloaded.  Add X-XSS-Protection 1; report={the url in settings.WebServices.CSPReportUrl} to all requests. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format.  
Public MethodDoNotTrack For 3rd party sites this will add a "do not track signal" that a web application should disable either its tracking or cross-site user tracking of an individual user.  
Public MethodRemoveServerHeader Removes the Server header from all responses  
Public MethodSimulateDifferentServer Add headers to simulate a different server so that attackers are using a different method of attack  
Public MethodSimulateDifferentTechnologyStack Add headers to simulates the different technology stack.  
Top
Extension Methods
 NameDescription
Public Extension MethodTryParse<T,TSender> implements parsing to cast a type from string to a type
Top
See Also

Reference

HeaderConfig Class
Walter.Web.FireWall.Configurations Namespace

Send Feedback