|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
<system.webServer> <httpProtocol> <customHeaders> <remove name="Server" /> <remove name="X-Powered-By" /> <remove name="Strict-Transport-Security" /> <add name="Strict-Transport-Security" value="max-age=63072000; includeSubdomains" /> <remove name="X-Permitted-Cross-Domain-Policies" /> <add name="X-Permitted-Cross-Domain-Policies" value="none" /> <remove name="Referrer-Policy" /> <add name="Referrer-Policy" value="no-referrer" /> <remove name="Cache-Control" /> <add name="Cache-Control" value="private, no-cache, no-store, must-revalidate, no-transform, max-age:0" /> <remove name="X-Frame-Options" /> <add name="X-Frame-Options" value="SAMEORIGIN" /> <remove name="Content-Security-Policy" /> <add name="Content-Security-Policy" value="object-src 'self'; worker-src 'self'; frame-src 'self'; connect-src 'self'; img-src 'self' data:; media-src 'self'; frame-ancestors 'self';" /> <remove name="X-XSS-Protection" /> <add name="X-XSS-Protection" value="1; mode=block" /> <remove name="X-Content-Type-Options" /> <add name="X-Content-Type-Options" value="nosniff" /> <remove name="Feature-Policy" /> <add name="Feature-Policy" value="sync-xhr 'self'; geolocation 'self'" /> </customHeaders> </httpProtocol> <security> <requestFiltering allowDoubleEscaping="false" allowHighBitCharacters="true"> <requestLimits maxAllowedContentLength="2000000" /> </requestFiltering> </security> </system.webServer> |
Default identify security settings xml configuration