Click-Jacking Protection and Content/MIME Sniffing Protection | Umbraco | Page 1

#Click-Jacking Protection and Content/MIME Sniffing Protection

1 messages · Page 1 of 1 (latest)

onyx zinc Mar 11, 2024, 7:13 AM

I apply added the suggested codes below as Umbraco documentation to program.cs. But this does not help fixing security issues for Click-Jacking Protection & Content/MIME Sniffing Protection.
Do i miss something?

app.Use(async (context, next) =>
{
context.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
await next();
});
app.Use(async (context, next) =>
{
context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
await next();
});

next shell Mar 11, 2024, 8:42 AM

Think you should combine?

app.Use(async (context, next) =>
{
    context.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
  context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
    await next();
});

you might want a few others too..
https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options
and run the site through https://securityheaders.com/

Analyse your HTTP response headers

Quickly and easily assess the security of your HTTP response headers

Scott Helme

Hardening your HTTP response headers

Learn how to increase the security stance of your website by adding or removing some simple HTTP response headers.