Secures .NET apps by setting HTTP response headers. Exactly like Helmet, but for C#.
Install it via the .NET SDK:
dotnet add package HelmetUse it in your project:
using Helmet;
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.UseHelmet();
app.MapGet("/", () => "Hello World!");
app.Run();By default, Helmet sets the following headers:
Content-Security-Policy: A powerful allow-list of what can happen on your page which mitigates many attacksCross-Origin-Opener-Policy: Helps process-isolate your pageCross-Origin-Resource-Policy: Blocks others from loading your resources cross-originOrigin-Agent-Cluster: Changes process isolation to be origin-basedReferrer-Policy: Controls theRefererheaderStrict-Transport-Security: Tells browsers to prefer HTTPSX-Content-Type-Options: Avoids MIME sniffingX-DNS-Prefetch-Control: Controls DNS prefetchingX-Download-Options: Forces downloads to be savedX-Frame-Options: Legacy header that mitigates clickjacking attacksX-Permitted-Cross-Domain-Policies: Controls cross-domain behavior for Adobe products, like AcrobatX-Powered-By: Info about the web server. Removed because it could be used in simple attacksX-XSS-Protection: Legacy header that tries to mitigate XSS attacks, but makes things worse, so Helmet disables it
Headers can also be disabled. For example, here's how you disable the Cross-Origin-Opener-Policy headers:
using Helmet;
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.UseHelmet(options =>
{
// This only disables Cross-Origin-Opener-Policy
options.UseCrossOriginOpenerPolicy = false;
});
app.MapGet("/", () => "Hello World!");
app.Run();
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent