SafeWebCore

Security headers middleware for ASP.NET Core with strict A+ baseline and nonce-driven CSP.

View on GitHub

Story behind the project

SafeWebCore started from real-world issues around inconsistent security configuration in web applications. The goal was a reusable strict foundation for secure defaults.

Problem this solves

Many applications have fragmented header configuration per project, leading to incomplete or incorrect CSP, HSTS, COOP/COEP, and permissions policy setups.

Architecture

Middleware plus options pattern with strict defaults, path-based policies, and nonce integration for scripts and styles in Razor pages.

Lessons learned

Security must be embedded in defaults, not optional setup. Developer experience and clear validation drive adoption.

Screenshots

SafeWebCore screenshot

Code snippets

SafeWebCore
builder.Services.AddNetSecureHeadersStrictAPlus();
app.UseNetSecureHeaders();