TECHNOLOGIES
FORUMS
JOBS
BOOKS
EVENTS
INTERVIEWS
Live
MORE
LEARN
Training
CAREER
MEMBERS
VIDEOS
NEWS
BLOGS
Sign Up
Login
No unread comment.
View All Comments
No unread message.
View All Messages
No unread notification.
View All Notifications
Answers
Post
An Article
A Blog
A News
A Video
An EBook
An Interview Question
Ask Question
Forums
Monthly Leaders
Forum guidelines
sfx wall
1.6k
108
7.8k
Content security policy header list using web config file
Jul 22 2019 7:07 AM
I am Facing following Content Security Policy issue in my existing mvc project.
We used https://sitecheck.sucuri.net/ to check security scan
Issue -
Security Headers
Missing security header for XSS Protection. Affected pages:
Missing security header to prevent Content Type sniffing. Affected pages:
Missing Strict-Transport-Security security header. Affected pages:
Default server banners displayed. Your site is displaying your web server default banners. Affected pages:
https://www.example.com/404javascript.js
https://www.example.com/404testpage4525d2fdc
We are trying to resolve that using web config file with following configuration:
`<customHeaders>
<remove name="X-Powered-By" />
<add name="X-Frame-Options" value="DENY" />
<add name="X-Xss-Protection" value="1; mode=block" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="no-referrer" />
<add name="X-Permitted-Cross-Domain-Policies" value="none" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<add name="Feature-Policy" value="accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'" />
</customHeaders>
<httpRuntime targetFramework="4.6.1" maxRequestLength="1048576" requestValidationMode="4.0" executionTimeout="110" enableVersionHeader="false" />`
But we are still facing same issue after changing configuration, please look at our process where we are wrong or any alternate solution.
Reply
Answers (
3
)
application state management object
How to validate text box value for security