| Name | Description | |
|---|---|---|
 | AddContentSecurityPolicy | Adds raw content security policy to the firewall. |
| AddContentSecurityPolicyButTrust | Overloaded. Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected |
| AddContentSecurityPolicyTrustOnlySelf | trust only own domain, no external images or scripts |
| AddContentTypeOptionsNoSniff | Add X-Content-Type-Options nosniff to all requests. Can be set to protect against MIME type confusion attacks. |
| AddDefaultSecurePolicy | Add default security headers configuration in each request of the firewall |
| AddDefaultSecurePolicyAndReport | Overloaded. Add default security headers configuration in each request of the firewall and reports violations to the firewall |
| AddFrameOptionsDeny | Add X-Frame-Options DENY to all requests. The page cannot be displayed in a frame, regardless of the site attempting to do so |
| AddFrameOptionsSameOrigin | Overloaded. Add X-Frame-Options SAMEORIGIN to all requests. The page can only be displayed in a frame on the same origin as the page itself so only your own website. |
| AddStrictTransportSecurityMaxAge | Add Strict-Transport-Security max-age to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided. |
| AddStrictTransportSecurityMaxAgeIncludeSubDomains | Add Strict-Transport-Security max-age; includeSubDomains to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains. |
| AddStrictTransportSecurityNoCache | Add Strict-Transport-Security max-age=0 to all requests. Tells the user-agent to remove, or not cache the host in the STS cache |
| AddXssProtectionBlock | Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing. |
| AddXssProtectionBlockAndReport | Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing. |
| AddXssProtectionDisabled | Add X-XSS-Protection 0 to all requests. Disables the XSS Protections offered by the user-agent. |
| AddXssProtectionEnabled | Add X-XSS-Protection 1 to all requests. Enables the XSS Protections |
| AddXssProtectionReport | Overloaded. Add X-XSS-Protection 1; report={the url in settings.WebServices.CSPReportUrl} to all requests. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format. |
| DoNotTrack | For 3rd party sites this will add a "do not track signal" that a web application should disable either its tracking or cross-site user tracking of an individual user. |
| RemoveServerHeader | Removes the Server header from all responses |
| SimulateDifferentServer | Add headers to simulate a different server so that attackers are using a different method of attack |
| SimulateDifferentTechnologyStack | Add headers to simulates the different technology stack. |
For a list of all members of this type, see HeaderConfig members.
Public Methods
Extension Methods
| Name | Description | |
|---|---|---|
 | TryParse<T,TSender> | implements parsing to cast a type from string to a type |
See Also