re: Net Core security - NWebSec to the rescue! VIEW POST

FULL DISCUSSION
 

Interesting stuff.

I have some ASP NET Core middleware which does this, too (great minds and all that). The entire thing is open source and available at GitHub. It even has a default builder which will supply the recommended header values.

Interestingly, I would avoid HPKP as it has been deprecated

code of conduct - report abuse