#StackBounty: #security #response-headers #nwebsec .net core 3.1 api subdomain security response headers

Bounty: 50

I have an application stack that uses several subdomains of subdomains.. eg develop.api.module.mydomain.com

develop.api.module.mydomain.com is a .net core 3.1 API

I set the headers using nwebsec.aspnetcore.middleware eg

        app.UseXfo(xfo => xfo.Deny());
        app.UseXXssProtection(options => options.EnabledWithBlockMode());
        app.UseXContentTypeOptions();
        app.UseReferrerPolicy(opts => opts.NoReferrer());

When I make a request to the API at this URL I can see the response headers are set correctly as expected

enter image description here

BUT! securityheaders.io isn’t happy 🙂

enter image description here

Is that something I can fix in terms of getting securityheaders.io to recognise the response headers are indeed coming back?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.