DEV Community


Discussion on: Who's looking for open source contributors? (April 30th edition)

dotnetcoreblog profile image

I'm still looking for help with figuring out how to implement a few features with my ASP.NET Core Middleware for adding suggested HTTP headers, OwaspHeaders.Core:

GaProgMan / OwaspHeaders.Core

A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security


A .NET Core middleware for injecting the Owasp recommended HTTP Headers for increased security.

Build status

Build status

Licence Used

License: MIT

See the contents of the LICENSE file for details

Code Triage Status

Code Triagers Badge

Code of Conduct

ClacksMiddleware has a Code of Conduct which all contributors, maintainers and forkers must adhere to. When contributing, maintaining, forking or in any other way changing the code presented in this repository, all users must agree to this Code of Conduct.

See Code of for details.

Pull Requests

PRs Welcome

Pull requests are welcome, but please take a moment to read the Code of Conduct before submitting them or commenting on any work in this repo.

NuGet package

OwaspHeaders.Core is now availble as a NuGet package. The NuGet package can be accessed here

Development Logs

This repository forms the basis for a series of blog posts that I have written on the topic of ASP.NET Core middleware.


You don't need to be a .NET developer in order to help out, because I'm looking for folks to help me out by discussing how to implement them in a framework agnostic way. Specifically this one:

Clear Site-Data is not implemented #32

GaProgMan avatar
GaProgMan commented on Dec 06, 2018


Clear Site-Data is a new header which can be used to tell the browser to wipe out cookies and tokens automatically when a user logs out. This can be useful in stopping Session Hijacking once a user has logged out.

Adding support for the Clear Site-Data header will require some form of controller attribute, perhaps. This is because we don't want Clear Site-Data to be included in every response from the server, only those responses which are generated by logging out.

This will require some thought and planning before implementation.

Links to Header Information

I'll happily talk anyone through how ASP.NET Core handles middleware and how I've designed the code, too.