Hello,
I would like to ask for your help. Recently, in our organization, our security team started scanning web servers for their best practice security settings. We received the following findings for PowerShell Universal endpoints in response headers:
Strict-Transport-Security
Content-Security-Policy
X-Content-Type-Options
X-XSS-Protection
Referrer-Policy
I know some of these are not particularly relevant for API endpoints. Nevertheless, I would still like to find a way to adapt endpoint response headers to be compliant, if not now, then definitely in the future.
So far, I have tried to search for a solution and have not found any for PowerShell Universal running on Kestrel. There are some solutions for PSU on IIS, but I would like to avoid using IIS.
So my question is: is there any way to modify endpoint response headers on PSU running on the Kestrel web server in ASP.NET Core?
Thanks a lot in advance for any help.
Product: PowerShell Universal
Version: 4.2.21+5.0.16