A hub and casual space for you to interact with fellow community members and learn more about Umbraco!

Umbraco

I apply added the suggested codes below as Umbraco documentation to  program.cs. But this does not help fixing security issues for Click-Jacking Protection & Content/MIME Sniffing Protection.
Do i miss something?

app.Use(async (context, next) =>
{
    context.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
    await next();
});
app.Use(async (context, next) =>
{
    context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
    await next();
});

Think you should combine?
```csharp
app.Use(async (context, next) =>
{
    context.Response.Headers.Append("X-Frame-Options", "SAMEORIGIN");
  context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
    await next();
});
```
you might want a few others too..
https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options
and run the site through https://securityheaders.com/

Hi Mike,
Combining didn't work on local. I'll try on IIS on staging site.
Thank you.

Update: Setting the headers on IIS worked. Thanks again.