Five New Optimizely Certifications are Here! Validate your expertise and advance your career with our latest certification exams. Click here to find out more
AI OnAI Off
Five New Optimizely Certifications are Here! Validate your expertise and advance your career with our latest certification exams. Click here to find out more
These are the settings we have applied in our projects too (the 6 first entries).
To remove the asp.net version header we've used the httpRuntime elements attribue: enableVersionHeader="false"
And to remove asp.net mvc version we've used the: MvcHandler.DisableMvcResponseHeader = true; (in global.asax.cs Application_Start)
Something to add to the Alloy MVC demo and the new Episerver project template.
I have found these to work with episerver, and will provide most of the recomended security headers. You can test them on observer.mozilla.org
It would also be nice if Episerver made a comment in webconfig on how to enable secure cookies. It would break episerver on localhost to have them on by default, but should encurage developers to remember to turn them on, or provide transforms that can be used