Walter.Web.FireWall
ISecurityHeadersBuilder Interface Methods

Walter.Web.FireWall Assembly > Walter.Web.FireWall.Headers Namespace : ISecurityHeadersBuilder Interface

For a list of all members of this type, see ISecurityHeadersBuilder members.

Public Methods
 NameDescription
 Method Adds the content security policy manually.  
 MethodOverloaded.  Determine what to trust, if only your own domain or those you flag trustworthy, and if external images or scripts are allowed to be injected  
 Method trust only own domain, no external images or scripts  
 Method Add X-Content-Type-Options no-sniff to all requests. Can be set to protect against MIME type confusion attacks.  
 MethodAdd default security headers configuration in each request of the firewall  
 MethodOverloaded. Add default security headers configuration in each request of the firewall and has the browser report any violations to the firewall  
 Method Add X-Frame-Options DENY to all requests. The page cannot be displayed in a frame, regardless of the site attempting to do so  
 MethodOverloaded.  Add X-Frame-Options SAMEORIGIN to all requests. The page can only be displayed in a frame on the same origin as the page itself so only your own website.  
 Method Add Strict-Transport-Security max-age to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided.  
 Method Add Strict-Transport-Security max-age; includeSubDomains to all requests. Tells the user-agent to cache the domain in the STS list for the number of seconds provided and include any sub-domains.  
 Method Add Strict-Transport-Security max-age=0 to all requests. Tells the user-agent to remove, or not cache the host in the STS cache  
 Method Add X-XSS-Protection 1; mode=block to all requests. (limited browser support) Enables XSS protections and instructs the user-agent to block the response in the event that script has been inserted from user input, instead of sanitizing.  
 Method Add X-XSS-Protection 1;mode=block; report={url} to all requests and will tell the browser to block the request. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format.  
 Method Add X-XSS-Protection 0 to all requests. Disables the XSS Protections offered by the user-agent.  
 Method Add X-XSS-Protection 1 to all requests. Enables the XSS Protections  
 Method Add X-XSS-Protection 1; report={the url in settings.WebServices.CSPReportUrl} to all requests. A partially supported directive that tells the user-agent to report potential XSS attacks to a single URL. Data will be POST'd to the report URL in JSON format.  
 Method For 3rd party sites this will add a "do not track signal" that a web application should disable either its tracking or cross-site user tracking of an individual user.  
 Method Removes the Server header from all responses  
 Method Add headers to simulate a different server so that attackers are using a different method of attack  
 Method Add headers to simulates the different technology stack.  
Top
See Also

Reference

ISecurityHeadersBuilder Interface
Walter.Web.FireWall.Headers Namespace