ComputerBas

Tips, tricks and manuals

Je bent niet ingelogd.

Pagina's: 1

#1 2019-11-10 23:48:12

Bas
Administrator
Geregistreerd: 2019-11-10
Posts: 91

Securityheaders in web.config

<configuration>
    <system.webServer>
        <staticContent>
	    <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
         </staticContent>
<rewrite>    
  <outboundRules rewriteBeforeCache="true">
    <rule name="Remove Server header">
      <match serverVariable="RESPONSE_Server" pattern=".+" />
      <action type="Rewrite" value="jouwwebsite.nl" />
    </rule>
  </outboundRules>
</rewrite>
        <httpProtocol allowKeepAlive="false">
            <customHeaders>
    		<remove name="X-Powered-By" />
                <add name="X-Content-Type-Options" value="nosniff" />
                <add name="X-Xss-Protection" value="1; mode=block" />
                <add name="Referrer-Policy" value="no-referrer" />
                <add name="X-Frame-Options" value="SAMEORIGIN" />
                <add name="Content-Security-Policy" value="default-src 'none'; require-sri-for script style; child-src https://gadgets.buienradar.nl; media-src 'none'; object-src 'none'; font-src 'none'; frame-ancestors 'none'; form-action 'none'; manifest-src 'self'; img-src data: https:; base-uri https://jouwwebsite.nl; style-src https://jouwwebsite.nl; frame-src https://gadgets.buienradar.nl; connect-src https://www.googletagmanager.com https://www.google-analytics.com; script-src https://jouwwebsite.nl https://www.google-analytics.com https://www.googletagmanager.com; block-all-mixed-content; upgrade-insecure-requests;" />
                <add name="Feature-Policy" value="accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'; midi 'none';fullscreen 'none';speaker 'none' " />
                <add name="X-Permitted-Cross-Domain-Policies" value="master-only" />
                <add name="X-Download-Options" value="noopen" />
                <add name="X-Powered-By" value="ComputerBas" />
                <add name="Expect-CT" value="max-age=0" />
                <add name="Expect-Staple" value="max-age=31536000; includeSubDomains; preload" />
                <add name="Access-Control-Allow-Origin" value="https://jouwwebsite.nl" />
                <add name="Access-Control-Allow-Credentials" value="true" />
                <add name="Access-Control-Allow-Methods" value="POST, GET" />
                <add name="Access-Control-Allow-Headers" value="origin" />
                <add name="Access-Control-Request-Method" value="POST, GET" />
                <add name="Access-Control-Request-Headers" value="X-PINGOTHER, Content-Type " />
                <add name="Access-Control-Max-Age" value="3600" />
                <add name="Access-Control-Expose-Headers" value="Content-Length" />
                <add name="Set-Cookie" value="__Secure-sessionid=9876543210;Path=/;Secure;HttpOnly;SameSite=Strict" />
                <add name="X-Robots-Tag" value="none" />
                <add name="X-DNS-Prefetch-Control" value="on" />
                <add name="Vary" value="Accept-Encoding" />
                <add name="X-AspNet-Version" value="ComputerBas" />
                <add name="X-UA-Compatible" value="IE=edge" />
                <add name="cache-control" value="max-age=604800" />
            </customHeaders>
        </httpProtocol>
    </system.webServer>
</configuration>

Laatst bewerkt door Bas (2020-01-14 00:01:23)

Offline

Pagina's: 1

Forum footer

Powered by FluxBB 1.5.11