Security Header Injection Module (SHIM)
Project DescriptionSHIM is a HTTP module that provides protection for many vulnerabilities by injecting security-specific HTTP headers into ASP.NET web applications.
Overview
The security header injection module (SHIM) was inspired by the OWASP Secure Headers Project. The goal of this project is to allow ASP.NET applications to improve the security of their web applications by using security-specific HTTP headers supported by modern browsers. Once SHIM is installed and configured, the headers instruct the browser to provide an extra layer of protection for preventing a number of web application vulnerabilities, including: cross-Site-Scripting (XSS), insecure data caching, man-in-the-middle attacks, content-type sniffing, and clickjacking.
More details on the OWASP project can be found here: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project
Supported Headers
SHIM currently supports the following HTTP Headers:
Cache-Control
Expires
Pragma
Content-Security-Policy
Strict-Transport-Security
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
Installation
Please see the documentation: https://shim.codeplex.com/documentation
To Contribute
Contact us at oss at cypressdefense.com