Show / Hide Table of Contents

    Default Identify security settings xml configuration

    <system.webServer>
      <httpProtocol>
        <customHeaders>
          <remove name="Server" />
          <remove name="X-Powered-By" />
          <remove name="Strict-Transport-Security" />
          <add name="Strict-Transport-Security" value="max-age=63072000; includeSubdomains" />
          <remove name="X-Permitted-Cross-Domain-Policies" />
          <add name="X-Permitted-Cross-Domain-Policies" value="none" />
          <remove name="Referrer-Policy" />
          <add name="Referrer-Policy" value="no-referrer" />
          <remove name="Cache-Control" />
          <add name="Cache-Control" value="private, no-cache, no-store, must-revalidate, no-transform, max-age:0" />
          <remove name="X-Frame-Options" />
          <add name="X-Frame-Options" value="SAMEORIGIN" />
          <remove name="Content-Security-Policy" />
          <add name="Content-Security-Policy" value="object-src 'self'; worker-src 'self'; frame-src 'self'; connect-src 'self'; img-src 'self' data:; media-src 'self'; frame-ancestors 'self';" />
          <remove name="X-XSS-Protection" />
          <add name="X-XSS-Protection" value="1; mode=block" />
          <remove name="X-Content-Type-Options" />
          <add name="X-Content-Type-Options" value="nosniff" />
          <remove name="Feature-Policy" />
          <add name="Feature-Policy" value="sync-xhr 'self'; geolocation 'self'" />
        </customHeaders>
      </httpProtocol>
      <security>
        <requestFiltering allowDoubleEscaping="false" allowHighBitCharacters="true">
          <requestLimits maxAllowedContentLength="2000000" />
        </requestFiltering>
      </security>
    </system.webServer>
    
    Back to top Generated by DocFX