Walter.Web.FireWall
ISecurityHeadersBuilder Interface Members
Properties  Methods 

Walter.Web.FireWall Assembly > Walter.Web.FireWall.Headers Namespace : ISecurityHeadersBuilder Interface

The following tables list the members exposed by ISecurityHeadersBuilder.

Public Properties
 NameDescription
PropertyPolicies Access the policies that have been configured  
PropertySimulations Access the simulations that configured.  
Top
Public Methods
 NameDescription
MethodAddContentSecurityPolicy Adds the content security policy manually.  
MethodAddContentSecurityPolicyButTrustOverloaded.  Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected  
MethodAddContentSecurityPolicyTrustOnlySelf trust only own domain, no external images or scripts  
MethodAddContentTypeOptionsNoSniff Add X-Content-Type-Options no-sniff to all requests. Can be set to protect against MIME type confusion attacks.  
MethodAddDefaultSecurePolicyAdd default security headers configuration in each request of the firewall  
MethodAddDefaultSecurePolicyAndReportOverloaded. Add default security headers configuration in each request of the firewall and has the browser report any violations to the firewall  
MethodAddFrameOptionsDeny Add X-Frame-Options DENY to all requests. The page cannot be displayed in a frame, regardless of the site attempting to do so  
MethodAddFrameOptionsSameOriginOverloaded.  Add X-Frame-Options SAMEORIGIN to all requests. The page can only be displayed in a frame on the same origin as the page itself so only your own website.  
MethodAddStrictTransportSecurityMaxAge Add Strict-Transport-Security max-age to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided.  
MethodAddStrictTransportSecurityMaxAgeIncludeSubDomains Add Strict-Transport-Security max-age; includeSubDomains to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains.  
MethodAddStrictTransportSecurityNoCache Add Strict-Transport-Security max-age=0 to all requests. Tells the user-agent to remove, or not cache the host in the STS cache  
MethodAddXssProtectionBlock Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing.  
MethodAddXssProtectionBlockAndReport Add X-XSS-Protection 1;mode=block; report={url} to all requests and will tell the browser to block the request. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format.  
MethodAddXssProtectionDisabled Add X-XSS-Protection 0 to all requests. Disables the XSS Protections offered by the user-agent.  
MethodAddXssProtectionEnabled Add X-XSS-Protection 1 to all requests. Enables the XSS Protections  
MethodAddXssProtectionReport Add X-XSS-Protection 1; report={the url in settings.WebServices.CSPReportUrl} to all requests. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format.  
MethodDoNotTrack For 3rd party sites this will add a "do not track signal" that a web application should disable either its tracking or cross-site user tracking of an individual user.  
MethodRemoveServerHeader Removes the Server header from all responses  
MethodSimulateDifferentServer Add headers to simulate a different server so that attackers are using a different method of attack  
MethodSimulateDifferentTechnologyStack Add headers to simulates the different technology stack.  
Top
See Also

Reference

ISecurityHeadersBuilder Interface
Walter.Web.FireWall.Headers Namespace

Send Feedback