Jamie Taylor
OwaspHeaders.Core Injected Headers


OwaspHeaders.Core is a collection of ASP.NET Core middleware classes designed to increase web application security by adopting the recommended OWASP settings.

OwaspHeaders.Core Injected Headers
Secure Headers

The SecureHeadersMiddleware is used to inject the HTTP headers recommended by the OWASP Secure Headers project into all responses generated by the ASP.NET Core pipeline.

It is a highly configurable .NET Core middleware class which applies the headers which the consuming application requests – via a configuration file.

Source Location

The complete source code for this project can be found in the following GitHub repository: https://github.com/GaProgMan/OwaspHeaders.Core


OwaspHeaders.Core has been released with an MIT licence. For a full description of the MIT licence, please click the following MIT image:

MIT License shield

However, the tl;dr (too long; didn’t read) summary of the licence is available at the following link: https://tldrlegal.com/license/mit-license

NuGet Package

The project utilises Continuous Integration and Continuous Delivery. Each time that a change is committed to the source code repository, it is packaged and sent to NuGet.

To obtain a packaged version of this project, please see the NuGet page for it: https://www.nuget.org/packages/OwaspHeaders.Core/

Development Logs

This project forms the basis for a series of blog posts that I have written on the topic of ASP.NET Core middleware.

If you would like to read about how I have developed the code in this repository, please see the first in the blog post series entitled: “.NET Core Middleware – OWASP Headers Part 1

If this post has helped you out, please consider   Buy me a coffeeBuying me a coffee
Jamie Taylor
A .NET developer specialising in ASP.NET MVC websites and services, with a background in WinForms and Games Development. When not programming using .NET, he is either learning about .NET Core (and usually building something cross platform with it), speaking Japanese to anyone who'll listen, learning about languages, writing for his non-dev blog, or writing for a blog about video games (which he runs with his brother)