{"id":6838,"date":"2023-04-03T06:53:17","date_gmt":"2023-04-03T06:53:17","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=6838"},"modified":"2025-03-06T10:32:57","modified_gmt":"2025-03-06T10:32:57","slug":"internet-information-services-iis-securing-best-prac","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/internet-information-services-iis-securing-best-prac","title":{"rendered":"Internet Information Services\u00a0(IIS)\u00a0Securing Best Prac \\ Website Headers"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>ASPNET \\ Web Server \\ Misconfiguration: Missing Error Handling<\/td><td>Disable Detailed errors in IIS<\/td><td><\/td><\/tr><tr><td><strong>Permissions-Policy<\/strong><\/td><td>fullscreen=()<\/td><td><\/td><\/tr><tr><td><strong>&nbsp;Cache-Control<\/strong><\/td><td>private, no-store<\/td><td><\/td><\/tr><tr><td><strong>Referrer-Policy<\/strong><\/td><td>strict-origin-when-cross-origin<\/td><td>we can conclude that the default&nbsp;&nbsp;setting deals with most of the security<\/td><\/tr><tr><td> <strong>X-XSS-Protection<\/strong><\/td><td>1; mode=block<\/td><td><\/td><\/tr><tr><td>&nbsp;<strong>X-Content-Type-Options<\/strong><\/td><td>nosniff<\/td><td><\/td><\/tr><tr><td><strong>Strict-Transport-Security<\/strong><\/td><td>max-age=31536000; includeSubDomains; preload<\/td><td><a href=\"https:\/\/pariswells.com\/blog\/research\/hsts-enable\">HSTS Enable<\/a><\/td><\/tr><tr><td><strong> X-Frame-Options<\/strong> <\/td><td>SAMEORIGIN <\/td><td><\/td><\/tr><tr><td><strong>Content-Security-Policy<\/strong><\/td><td>default-src &#8216;self&#8217;; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; script-src * &#8216;unsafe-inline&#8217; &#8216;unsafe-eval&#8217;; style-src * &#8216;unsafe-inline&#8217;;<\/td><td>https:\/\/content-security-policy.com\/<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image.png\"><img loading=\"lazy\" decoding=\"async\" width=\"787\" height=\"560\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image.png\" alt=\"\" class=\"wp-image-6839 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image.png 787w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-300x213.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-768x546.png 768w\" sizes=\"auto, (max-width: 787px) 100vw, 787px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-1.png\"><img loading=\"lazy\" decoding=\"async\" width=\"775\" height=\"557\" src=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-1.png\" alt=\"\" class=\"wp-image-6840 img-responsive\" srcset=\"https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-1.png 775w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-1-300x216.png 300w, https:\/\/pariswells.com\/blog\/wp-content\/uploads\/2023\/04\/image-1-768x552.png 768w\" sizes=\"auto, (max-width: 775px) 100vw, 775px\" \/><\/a><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>ASPNET \\ Web Server \\ Misconfiguration: Missing Error HandlingDisable Detailed errors in IISPermissions-Policyfullscreen=()&nbsp;Cache-Controlprivate, no-storeReferrer-Policystrict-origin-when-cross-originwe can conclude that the default&nbsp;&nbsp;setting deals with most of the security X-XSS-Protection1; mode=block&nbsp;X-Content-Type-OptionsnosniffStrict-Transport-Securitymax-age=31536000; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6838","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=6838"}],"version-history":[{"count":13,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6838\/revisions"}],"predecessor-version":[{"id":8643,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/6838\/revisions\/8643"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=6838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=6838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=6838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}