Internet Information Services (IIS) Securing Best Prac \ Website Headers

• April 3, 2023
• Research
• 0 Comments
• paris

ASPNET \ Web Server \ Misconfiguration: Missing Error Handling	Disable Detailed errors in IIS
Permissions-Policy	fullscreen=()
Cache-Control	private, no-store
Referrer-Policy	strict-origin-when-cross-origin	we can conclude that the default  setting deals with most of the security
X-XSS-Protection	X-XSS-Protection : 1; mode=block
X-Content-Type-Options	nosniff
HSTS HTTP Strict Transport Security	max-age=31536000; includeSubDomains
X-Frame-Options	SAMEORIGIN
Content-Security-Policy	default-src ‘self’; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; script-src * ‘unsafe-inline’ ‘unsafe-eval’; style-src * ‘unsafe-inline’;	https://content-security-policy.com/

(No Ratings Yet)

Loading...