NWebsec - Security libraries for ASP.NET Core

NWebsec consists of several security libraries for ASP.NET applications. These libraries work together to remove version headers, control cache headers, stop potentially dangerous redirects, and set important security headers. If you’re not sure what “security headers” are, check out this blog post: Security through HTTP response headers.

After the introduction of ASP.NET core, there are two sets of NWebsec packages. You’ve now found the documentation for the “new” packages built for ASP.NET Core:

NWebsec for ASP.NET 4

Historically, NWebsec has been targeting ASP.NET 4. The following packages target ASP.NET 4:

Documentation for these packages is maintained separately as the aspnet4 version of the docs.

There’s also a dedicated session security library documented as a separate project.


In addition to the ASP.NET libraries, there’s also a package that helps you harden the TLS configuration for Azure web role instances:

Learn why you need to harden the default TLS configuration in the blog post Hardening Windows Server 2008/2012 and Azure SSL/TLS configuration.

Check out the NWebsec demo site to see the headers and session security improvements in action.

To keep up with new releases or to give feedback, find @NWebsec on Twitter. You can also get in touch at nwebsec (at) nwebsec (dot) com.