Wednesday, 19 October 2016

Web API: How do I clean up the data in my HttpResponse?

There are some very simple web.config settings that can be applied to reduce the amount on unnecessary data returned in an HttpReponse and to minimise ways that hackers can hijack system information.

Here is a quick snippet of web.config settings that may be useful.

<Config>
<system.web>
 <httpRuntime enableVersionHeader="false" />
</system.web>
<system.webServer>
<httpProtocol>
 <customHeaders>
<add name="Strict-Transport-Security" value="778000; includeSubdomains" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-Permitted-Cross-Domain-Policies" value="none" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="Cache-Control" value="no-store" />
<add name="Pragma" value="no-cache" />
<remove name="X-Powered-By" />
 </customHeaders>
</httpProtocol>
</system.webServer>
</Config>


No comments:

Post a comment