NetEscapades.AspNetCore.SecurityHeaders.TagHelpers 0.9.0

Tag Helpers for the ASP.NET Core Security Headers middleware for adding Nonces for use with SecurityHeadersMiddleware

There is a newer version of this package available.
See the version list below for details.
Install-Package NetEscapades.AspNetCore.SecurityHeaders.TagHelpers -Version 0.9.0
dotnet add package NetEscapades.AspNetCore.SecurityHeaders.TagHelpers --version 0.9.0
<PackageReference Include="NetEscapades.AspNetCore.SecurityHeaders.TagHelpers" Version="0.9.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add NetEscapades.AspNetCore.SecurityHeaders.TagHelpers --version 0.9.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: NetEscapades.AspNetCore.SecurityHeaders.TagHelpers, 0.9.0"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install NetEscapades.AspNetCore.SecurityHeaders.TagHelpers as a Cake Addin
#addin nuget:?package=NetEscapades.AspNetCore.SecurityHeaders.TagHelpers&version=0.9.0

// Install NetEscapades.AspNetCore.SecurityHeaders.TagHelpers as a Cake Tool
#tool nuget:?package=NetEscapades.AspNetCore.SecurityHeaders.TagHelpers&version=0.9.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Release Notes


* Add support for Nonce generation for Content-Security-Policy headers. See for details
* Add TagHelpers library for adding nonces and generating hashes for Razor elements (NetEscapades.AspNetCore.SecurityHeaders.TagHelpers)
* Allow using HSTS preload with Strict-Transport-Security
* Allow excluding domains from Strict-Transport-Security. Similar to the Microsoft HstsMiddlewareyou can skip applying Strict-Transport-Security to specific hosts

Breaking Changes:

* All obsolete classes have been removed.
* Many classes have changed namespace to better reflect their location in the project, and also to aid discovery. If you're using the recommended builders and extension methods, you should not have any build-time breaking changes, but the package is not runtime-compatible with previous versions
* The Strict-Transport-Security header is no longer applied to localhost by default. Generally speaking, this isn't something you should do anyway.
* The CSP classes have undergone significant refactoring to allow dynamic values per-request (i.e. nonces). This doesn't affect the main public API, but will impact you if you're working with the low-level infrastructure classes.

See for more details.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
0.13.0 424 2/9/2021
0.12.1 3,558 10/2/2020
0.12.0 212 10/1/2020
0.11.2 1,023 7/27/2020
0.11.1 165 7/27/2020
0.11.0 12,250 10/31/2019
0.10.0 271 9/27/2019
0.9.0 13,558 10/28/2018
Show less