Hrithik.Security.Headers 1.0.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Hrithik.Security.Headers --version 1.0.0
                    


                    

                
NuGet\Install-Package Hrithik.Security.Headers -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Hrithik.Security.Headers" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Hrithik.Security.Headers" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Hrithik.Security.Headers" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Hrithik.Security.Headers --version 1.0.0
                    


                    

                
#r "nuget: Hrithik.Security.Headers, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Hrithik.Security.Headers@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Hrithik.Security.Headers&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Hrithik.Security.Headers&version=1.0.0
                    


                            Install as a Cake Tool

πŸ” Hrithik.Security.Headers

Strongly-typed, validated, and standardized handling of security-relevant HTTP headers for .NET applications.

Designed for fintech, banking, microservices, and zero-trust architectures where consistency, traceability, and security are mandatory.

✨ Why this package?

In most ASP.NET Core applications:

HTTP headers are accessed using magic strings

Security-critical headers are not validated consistently

Correlation, idempotency, and tenant context are scattered across controllers

Downstream services receive incomplete or inconsistent metadata

Hrithik.Security.Headers solves this by providing a single, strongly-typed source of truth for all security-relevant headers.

πŸš€ Key Features

βœ… Strongly-typed security headers model

βœ… Centralized header extraction & validation

βœ… ASP.NET Core middleware integration

βœ… Options-driven enforcement (fail-fast)

βœ… Fintech & banking friendly

βœ… Clean foundation for audit logging, idempotency & signing

πŸ“¦ Installation dotnet add package Hrithik.Security.Headers

🧠 Supported Headers Header Purpose X-Correlation-Id Distributed request tracing X-Request-Id Unique request identification Idempotency-Key Prevent duplicate processing X-API-Key Client / service authentication X-Tenant-Id Multi-tenant isolation X-Actor-Id User or service identity X-Client-IP Original caller IP X-Signature Request signing / integrity 🧩 Core Concept

This package extracts all security-relevant headers once, validates them, and exposes them as a single immutable model for the entire request lifecycle.

If a request passes the middleware, downstream components can trust the headers.

βš™οΈ Configuration 1️⃣ Register services builder.Services.AddSecurityHeaders(options β‡’ { options.RequireCorrelationId = true; options.GenerateIfMissing = true; options.EnforceIdempotencyKey = false; options.EnforceTenant = false; options.EnforceSignature = false; });

2️⃣ Enable middleware app.UseSecurityHeaders();

Place this early in the pipeline, before authentication, authorization, and logging.

πŸ§ͺ Usage Example Access headers anywhere in the request var headers = HttpContext.Items["SecurityHeaders"] as SecurityHeaders;

_logger.LogInformation( "Request {RequestId} from actor {ActorId}", headers?.RequestId, headers?.ActorId );

πŸ›‘ Validation Behavior

Missing required headers β†’ request is rejected

Validation failures throw SecurityException

Designed for fail-fast security enforcement

Example failures:

Missing X-Correlation-Id

Missing X-Tenant-Id (when enforced)

Missing Idempotency-Key (when enforced)

πŸ— Architecture Incoming Request ↓ SecurityHeadersMiddleware ↓ ISecurityHeadersReader ↓ SecurityHeaders (strongly-typed) ↓ ISecurityHeadersValidator ↓ HttpContext.Items["SecurityHeaders"] ↓ Controllers / Services / Logging

πŸ”— Ecosystem Integration

This package is intentionally lightweight and acts as a foundation for:

Hrithik.Security.AuditLogging

Hrithik.Security.Idempotency

Hrithik.Security.RequestSigning

Hrithik.Security.Correlation

Hrithik.Security.TenantIsolation

πŸ”’ Security Philosophy

No silent defaults for security-critical headers

Explicit configuration over implicit behavior

Fail-fast on invalid or missing data

Separation of concerns (headers β‰  auth β‰  logging)

πŸ“œ License

MIT License

πŸ‘€ Author

Hrithik Kalra

.NET | API Security | Fintech Systems

πŸ“§ Email: hrithikkalra11@gmail.com

GitHub: https://github.com/hrithikalra

LinkedIn: https://www.linkedin.com/in/hrithik-kalra-b6836a246/

If you find this package useful, consider supporting its development:

Support is entirely optional and helps sustain ongoing development and maintenance.

πŸ”— Related Packages

This package is part of the Hrithik.Security ecosystem:

  • Hrithik.Security.ApiKeyManagement
    API key generation, storage, and scope-based authorization

  • Hrithik.Security.RequestSigning
    HMAC-based request signing for tamper-proof APIs

  • Hrithik.Security.ReplayProtection
    Short-window replay attack prevention

  • Hrithik.Security.RateLimiting
    Flexible, API-key–aware rate limiting for ASP.NET Core APIs

  • Hrithik.Security.Idempotency Idempotency-key–based protection for safe retries in financial APIs

  • Hrithik.Security.Jose JWT and JWS utilities for secure token handling and message signing

  • Hrithik.Security.AuditLogging Compliance-grade, tamper-evident audit logging for .NET APIs

    Together, they form a complete API security framework.

These packages are independent and can be used together or individually.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 125 2/5/2026