You can inculde this on Global.ascx file at Application_BeginRequest function ib Vb.net and
Application_BeginRequest in c#
HttpContext.Current.Response.AddHeader("x-frame-options", "SAMEORIGIN") ' click-jacking attack's prevention
HttpContext.Current.Response.Headers.Add("X-XSS-Protection", "1; mode=block") 'Cross-site scripting attack prevention
HttpContext.Current.Response.Headers.Add("X-Content-Type-Options", "nosniff") ' MIME attack prevention
Reference Link:
https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
https://www.keycdn.com/blog/x-xss-protection
This gives you a grade based on all of your security headers and you can see what you might be missing.
https://securityheaders.com
Application_BeginRequest in c#
HttpContext.Current.Response.AddHeader("x-frame-options", "SAMEORIGIN") ' click-jacking attack's prevention
HttpContext.Current.Response.Headers.Add("X-XSS-Protection", "1; mode=block") 'Cross-site scripting attack prevention
HttpContext.Current.Response.Headers.Add("X-Content-Type-Options", "nosniff") ' MIME attack prevention
Reference Link:
https://stackoverflow.com/questions/18337630/what-is-x-content-type-options-nosniff
https://www.keycdn.com/blog/x-xss-protection
This gives you a grade based on all of your security headers and you can see what you might be missing.
https://securityheaders.com
No comments:
Post a Comment