Knowit.SecurityHeaders.Optimizely 1.0.1

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Knowit.SecurityHeaders.Optimizely --version 1.0.1
                    


                    

                
NuGet\Install-Package Knowit.SecurityHeaders.Optimizely -Version 1.0.1
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Knowit.SecurityHeaders.Optimizely" Version="1.0.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Knowit.SecurityHeaders.Optimizely" Version="1.0.1" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Knowit.SecurityHeaders.Optimizely" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Knowit.SecurityHeaders.Optimizely --version 1.0.1
                    


                    

                
#r "nuget: Knowit.SecurityHeaders.Optimizely, 1.0.1"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Knowit.SecurityHeaders.Optimizely@1.0.1
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Knowit.SecurityHeaders.Optimizely&version=1.0.1
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Knowit.SecurityHeaders.Optimizely&version=1.0.1
                    


                            Install as a Cake Tool

Knowit.SecurityHeaders.Optimizely

Provides simple way to configure CSP, Permissions Policy and custom security HTTP response headers for Optimizely CMS based site.

Getting Started

Installation

In order to install it use following command:

> dotnet add package Knowit.SecurityHeaders.Optimizely --source https://www.myget.org/F/creuna-nuget/api/v3/index.json
After installation:
  • Open Startup.cs
  • Register SecurityHeaders services with extension method AddSecurityHeaders

example:

	public void ConfigureServices(IServiceCollection services)
	{
		if (webHostingEnvironment.IsDevelopment())
		{
			AppDomain.CurrentDomain.SetData("DataDirectory", Path.Combine(webHostingEnvironment.ContentRootPath, "App_Data"));

			services.Configure<SchedulerOptions>(options => options.Enabled = false);
		}

		services
			.AddCmsAspNetIdentity<ApplicationUser>()
			.AddCms()
			.AddAdminUserRegistration()
			.AddEmbeddedLocalization<Startup>();

		services.AddSecurityHeaders();
	}
  • Configure app with SecurityHeaders middlewares using extension method UseSecurityHeaders, consider to call UseSecurityHeaders after all other functionality which can impact response headers registration.

example:

	public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
	{
		if (env.IsDevelopment())
		{
			app.UseDeveloperExceptionPage();
		}

		app.UseStaticFiles();
		app.UseRouting();
		app.UseAuthentication();
		app.UseAuthorization();

		app.UseSecurityHeaders();

		app.UseEndpoints(endpoints =>
		{
			endpoints.MapContent();
		});
	}
  • Add CspSettings and/or PermissionsPolicySettings properties to the start page type of your website, like in following example:
	public class FrontPage : PageData
	{
		[Display(Order = 10, Name = "CSP Headers Settings", GroupName = SecurityHeadersContentGroups.SecurityHeaders)]
		public virtual CspSettingsBlock? CspSettings { get; set; }

		[Display(Order = 20, Name = "Permissions Policy Headers Settings", GroupName = SecurityHeadersContentGroups.SecurityHeaders)]
		public virtual PermissionsPolicySettingsBlock? PermissionsPolicySettings { get; set; }
	}

HINT: If you need to make some properties of blocks culture-specific you can define own blocks inherited from above blocks or implemented interfaces.

This settings will be used for headers rendering in scope of whole site, it also possible to add this properties to some specific page type to have them defined for particular page instance:

	public class InjectionPage : PageData
	{
		[Display(Order = 10, Name = "Heading")]
		public virtual string Heading { get; set; }

		[Display(Order = 10, Name = "CSP Headers Settings", GroupName = SecurityHeadersContentGroups.SecurityHeaders)]
		public virtual CspSettingsBlock? CspSettings { get; set; }
	}

In above examples prepared blocks are used for property types, to define custom logic, it is possible to use ICspSettings and IPermissionsPolicySettings interfaces instead:

	public class CustomSettingsPage : PageData
	{
		public virtual ICspSettings CspSettings => // custom logic goes here...
	}

For more deep customization consider to register you own implementation of ISecurityHeadersSettingsProvider

Custom Headers

It is possible to configure extra HTTP security headers for all sites via appsettins.json, to do it add "CustomHeaders" key/value collection under "SecurityHeaders" configuration section, it also possible to disable rendering custom headers with setting "EnableCustomHeaders" to false(true by default):

    "SecurityHeaders": {
        "EnableCustomHeaders": true,
        "CustomHeaders": {
            "referrer-policy": "strict-origin-when-cross-origin",
            "x-frame-options": "SAMEORIGIN",
            "x-content-type-options": "nosniff",
        }
    }

HINT: To remove some header from response specify it with null

Ignore Locations

I is add location paths to ignore extending "IgnorePaths" collection with custom paths array, all requests with path that star from any defined in the collection will be ignored from processing(/episerver, /modules, /util are ignored by default).

    "SecurityHeaders": {
        "IgnorePaths": [ "/admin-tools" ],
        ...
        }
    }
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.1 385 4/30/2026
1.0.0 92 5/4/2026

1.0.1
       EPiServer packages are updated

       1.0.0
       First release