Walter.Web.FireWall
HeaderConfig Class Methods


Walter.Web.FireWall Assembly > Walter.Web.FireWall.Configurations Namespace : HeaderConfig Class

For a list of all members of this type, see HeaderConfig members.

Public Methods
 NameDescription
Public Method Adds raw content security policy to the firewall.  
Public MethodOverloaded.  Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected  
Public Method trust only own domain, no external images or scripts  
Public Method Add X-Content-Type-Options nosniff to all requests. Can be set to protect against MIME type confusion attacks.  
Public Method Add default security headers configuration in each request of the firewall  
Public MethodOverloaded.  Add default security headers configuration in each request of the firewall and reports violations to the firewall  
Public Method Add X-Frame-Options DENY to all requests. The page cannot be displayed in a frame, regardless of the site attempting to do so  
Public MethodOverloaded.  Add X-Frame-Options SAMEORIGIN to all requests. The page can only be displayed in a frame on the same origin as the page itself so only your own website.  
Public Method Add Strict-Transport-Security max-age to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided.  
Public Method Add Strict-Transport-Security max-age; includeSubDomains to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains.  
Public Method Add Strict-Transport-Security max-age=0 to all requests. Tells the user-agent to remove, or not cache the host in the STS cache  
Public Method Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing.  
Public Method Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing.  
Public Method Add X-XSS-Protection 0 to all requests. Disables the XSS Protections offered by the user-agent.  
Public Method Add X-XSS-Protection 1 to all requests. Enables the XSS Protections  
Public MethodOverloaded.  Add X-XSS-Protection 1; report={the url in settings.WebServices.CSPReportUrl} to all requests. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format.  
Public Method For 3rd party sites this will add a "do not track signal" that a web application should disable either its tracking or cross-site user tracking of an individual user.  
Public Method Removes the Server header from all responses  
Public Method Add headers to simulate a different server so that attackers are using a different method of attack  
Public Method Add headers to simulates the different technology stack.  
Top
Extension Methods
 NameDescription
Public Extension Method implements parsing to cast a type from string to a type
Top
See Also

Reference

HeaderConfig Class
Walter.Web.FireWall.Configurations Namespace