OwaspHeaders.Core 9.8 Introduces Comprehensive Logging Support for Enhanced Security Visibility

The image displays a black and white line drawing featuring a stylized emblem. At the center of the emblem is a shield with a stylized wasp in profile, symbolizing protection. Above the wasp, there is a single horizontal black bar inside of which are five white circles. The style of the illustration is simple and flat, with no gradients or shading, giving it a modern, iconic appearance.

RJJ Software is pleased to announce the release of OwaspHeaders.Core version 9.8, introducing comprehensive logging functionality to our popular security middleware. This enhancement provides developers with unprecedented visibility into security header operations, making configuration troubleshooting and security monitoring more straightforward than ever.

What’s New in 9.8

The headline feature of this release is the addition of enterprise-grade logging capabilities, implemented following Andrew Lock’s logging best practices. This new functionality addresses a long-standing community request for better visibility into middleware operations.

Key Features

Comprehensive Event Logging

  • Security header application events with structured event IDs
  • Configuration validation logging
  • Detailed trace information for troubleshooting
  • Performance metrics for header processing

Developer-Friendly Implementation

  • Zero-configuration default behavior maintains backward compatibility
  • Simple opt-in logging through standard ASP.NET Core logging infrastructure
  • Structured logging support for modern observability platforms
  • Minimal performance impact with efficient logging patterns

Production-Ready Design

  • Event ID schema for easy filtering and monitoring
  • Appropriate log levels for different scenarios
  • No sensitive data exposure in log messages
  • Full integration with existing logging providers

Why Logging Matters for Security Headers

Security headers are a critical defence layer for web applications, but until now, developers had limited visibility into their application. Common challenges included:

  • Uncertainty about which headers were actually being applied
  • Difficulty troubleshooting configuration issues
  • No visibility into middleware performance
  • Limited ability to audit security header changes

The new logging functionality addresses all these concerns, providing clear, actionable information about every aspect of security header processing.

Getting Started with Logging

Enabling logging in OwaspHeaders.Core 9.8 is as simple as configuring your preferred logging provider. The middleware automatically integrates with ASP.NET Core’s built-in logging infrastructure:

var builder = WebApplication.CreateBuilder(args);

// Configure logging (example with console output)
builder.Logging.AddConsole();
builder.Logging.SetMinimumLevel(LogLevel.Debug);

var app = builder.Build();

// Use the middleware - logging is automatic
app.UseSecureHeadersMiddleware();

Real-World Benefits

  • Improved Security Auditing: Security teams can now verify header application through log analysis, ensuring compliance with security policies
  • Performance Monitoring: Operations teams can track middleware performance and identify any bottlenecks in header processing

Maintaining Our Commitment to Simplicity

While adding powerful new features, we’ve maintained the simplicity that has made OwaspHeaders.Core a favorite among developers. The middleware continues to work with a single line of code, and logging is completely optional. Applications upgrading from previous versions will continue to function exactly as before, with logging available when needed.

Looking Forward

This release represents our ongoing commitment to making web security accessible and manageable for all ASP.NET Core developers. As the project approaches 1.5 million downloads on NuGet, we continue to listen to community feedback and evolve the middleware to meet real-world needs.

ℹ️ Note

At the time of publishing, OwaspHeaders.Core has 1.3 million downloads on NuGet.org

The addition of comprehensive logging is just the beginning. Future releases will build on this foundation to provide even more insights into your application’s security posture.

Get the Update

OwaspHeaders.Core 9.8 is available now on NuGet. To add or upgrade the package in your project, simply run the following command:

dotnet add package OwaspHeaders.Core --version 9.8

For complete documentation on the new logging features, visit the official documentation.

About OwaspHeaders.Core

OwaspHeaders.Core is an open-source ASP.NET Core middleware that automatically adds OWASP-recommended security headers to HTTP responses. With over 1 million downloads, it has become an essential tool for developers building secure web applications. The project is maintained by Jamie Taylor, Microsoft MVP and Strategic Technology Consultant at RJJ Software.

For more information about OwaspHeaders.Core:


OwaspHeaders.Core is part of RJJ Software’s commitment to open-source security tools that make the web safer for everyone. For enterprise support or custom security solutions, contact our team.