RJJ Software is pleased to announce the release of OwaspHeaders.Core version 9.8, introducing comprehensive logging functionality to our popular security middleware. This enhancement provides developers with unprecedented visibility into security header operations, making configuration troubleshooting and security monitoring more straightforward than ever.
What’s New in 9.8
The headline feature of this release is the addition of enterprise-grade logging capabilities, implemented following Andrew Lock’s logging best practices. This new functionality addresses a long-standing community request for better visibility into middleware operations.
Key Features
Comprehensive Event Logging
- Security header application events with structured event IDs
- Configuration validation logging
- Detailed trace information for troubleshooting
- Performance metrics for header processing
Developer-Friendly Implementation
- Zero-configuration default behavior maintains backward compatibility
- Simple opt-in logging through standard ASP.NET Core logging infrastructure
- Structured logging support for modern observability platforms
- Minimal performance impact with efficient logging patterns
Production-Ready Design
- Event ID schema for easy filtering and monitoring
- Appropriate log levels for different scenarios
- No sensitive data exposure in log messages
- Full integration with existing logging providers
Why Logging Matters for Security Headers
Security headers are a critical defence layer for web applications, but until now, developers had limited visibility into their application. Common challenges included:
- Uncertainty about which headers were actually being applied
- Difficulty troubleshooting configuration issues
- No visibility into middleware performance
- Limited ability to audit security header changes
The new logging functionality addresses all these concerns, providing clear, actionable information about every aspect of security header processing.
Getting Started with Logging
Enabling logging in OwaspHeaders.Core 9.8 is as simple as configuring your preferred logging provider. The middleware automatically integrates with ASP.NET Core’s built-in logging infrastructure:
var builder = WebApplication.CreateBuilder(args);
// Configure logging (example with console output)
builder.Logging.AddConsole();
builder.Logging.SetMinimumLevel(LogLevel.Debug);
var app = builder.Build();
// Use the middleware - logging is automatic
app.UseSecureHeadersMiddleware();
Real-World Benefits
- Improved Security Auditing: Security teams can now verify header application through log analysis, ensuring compliance with security policies
- Performance Monitoring: Operations teams can track middleware performance and identify any bottlenecks in header processing
Maintaining Our Commitment to Simplicity
While adding powerful new features, we’ve maintained the simplicity that has made OwaspHeaders.Core a favorite among developers. The middleware continues to work with a single line of code, and logging is completely optional. Applications upgrading from previous versions will continue to function exactly as before, with logging available when needed.
Looking Forward
This release represents our ongoing commitment to making web security accessible and manageable for all ASP.NET Core developers. As the project approaches 1.5 million downloads on NuGet, we continue to listen to community feedback and evolve the middleware to meet real-world needs.
ℹ️ Note
At the time of publishing, OwaspHeaders.Core has 1.3 million downloads on NuGet.org
The addition of comprehensive logging is just the beginning. Future releases will build on this foundation to provide even more insights into your application’s security posture.
Get the Update
OwaspHeaders.Core 9.8 is available now on NuGet. To add or upgrade the package in your project, simply run the following command:
dotnet add package OwaspHeaders.Core --version 9.8
For complete documentation on the new logging features, visit the official documentation.
About OwaspHeaders.Core
OwaspHeaders.Core is an open-source ASP.NET Core middleware that automatically adds OWASP-recommended security headers to HTTP responses. With over 1 million downloads, it has become an essential tool for developers building secure web applications. The project is maintained by Jamie Taylor, Microsoft MVP and Strategic Technology Consultant at RJJ Software.
For more information about OwaspHeaders.Core:
OwaspHeaders.Core is part of RJJ Software’s commitment to open-source security tools that make the web safer for everyone. For enterprise support or custom security solutions, contact our team.