customHeaders extension

Avatar
  • updated
  • Pending Review

We would like to have more function add to the extension "X-Frame-Options" or similar have another extension, or instruction how to add below to all web pages.

Currently the X-Frame-Options only adds one required option "SAMEORIGIN".

For 3rd party auditing scanner software, they actually required below extensions to be add to any web sites for a pass.


<httpProtocol>

<customHeaders>

<add name="X-Frame-Options" value="SAMEORIGIN" />

<add name="Content-Security-Policy" value="default-src 'self';" />

<add name="X-XSS-Protection" value="1;mode=block" />

<add name="X-Content-Type-Options" value="nosniff" />

</customHeaders>

</httpProtocol>

Please advise how to add above to any web pages, or help to improve the extension "X-Frame-Options".

We tried it, it works fine, only it can only add one of above.

Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar