I'm working on a .net core app and I'm implementing the security headers like HttpOnly, CSP and Referrer.
My question is, we are on GCP and have a lb.tf (Load Balancer terraform file) do I have to make any changes to this file or are security headers only implemented at the app level?
app.Use((context, next) =>
{
context.Response.Headers.Add("Referrer-Policy", "no-referrer");
context.Response.Headers.Add("Content-Security-Policy", "default-src 'self'");
return next();
});
app.UseCookiePolicy(new CookiePolicyOptions
{
Secure = Microsoft.AspNetCore.Http.CookieSecurePolicy.Always,
HttpOnly = Microsoft.AspNetCore.CookiePolicy.HttpOnlyPolicy.Always
});
I have the implementation working on the app level by adding the security headers to my startup.cs file but I've been reading about lb.tf and I can't find anything related to security headers implementation.
