+4
Pending Review

customHeaders extension

pcheung 5 years ago updated by Greg Moyses 3 years ago 1

We would like to have more function add to the extension "X-Frame-Options" or similar have another extension, or instruction how to add below to all web pages.

Currently the X-Frame-Options only adds one required option "SAMEORIGIN".

For 3rd party auditing scanner software, they actually required below extensions to be add to any web sites for a pass.


<httpProtocol>

<customHeaders>

<add name="X-Frame-Options" value="SAMEORIGIN" />

<add name="Content-Security-Policy" value="default-src 'self';" />

<add name="X-XSS-Protection" value="1;mode=block" />

<add name="X-Content-Type-Options" value="nosniff" />

</customHeaders>

</httpProtocol>

Please advise how to add above to any web pages, or help to improve the extension "X-Frame-Options".

We tried it, it works fine, only it can only add one of above.