Default Identify security settings xml configuration

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <remove name="Server" />
      <remove name="X-Powered-By" />
      <remove name="Strict-Transport-Security" />
      <add name="Strict-Transport-Security" value="max-age=63072000; includeSubdomains" />
      <remove name="X-Permitted-Cross-Domain-Policies" />
      <add name="X-Permitted-Cross-Domain-Policies" value="none" />
      <remove name="Referrer-Policy" />
      <add name="Referrer-Policy" value="no-referrer" />
      <remove name="Cache-Control" />
      <add name="Cache-Control" value="private, no-cache, no-store, must-revalidate, no-transform, max-age:0" />
      <remove name="X-Frame-Options" />
      <add name="X-Frame-Options" value="SAMEORIGIN" />
      <remove name="Content-Security-Policy" />
      <add name="Content-Security-Policy" value="object-src 'self'; worker-src 'self'; frame-src 'self'; connect-src 'self'; img-src 'self' data:; media-src 'self'; frame-ancestors 'self';" />
      <remove name="X-XSS-Protection" />
      <add name="X-XSS-Protection" value="1; mode=block" />
      <remove name="X-Content-Type-Options" />
      <add name="X-Content-Type-Options" value="nosniff" />
      <remove name="Feature-Policy" />
      <add name="Feature-Policy" value="sync-xhr 'self'; geolocation 'self'" />
    </customHeaders>
  </httpProtocol>
  <security>
    <requestFiltering allowDoubleEscaping="false" allowHighBitCharacters="true">
      <requestLimits maxAllowedContentLength="2000000" />
    </requestFiltering>
  </security>
</system.webServer>