Add more secure http headers when scaffolding new project





I have found these to work with episerver, and will provide most of the recomended security headers. You can test them on

It would also be nice if Episerver made a comment in webconfig on how to enable secure cookies. It would break episerver on localhost to have them on by default, but should encurage developers to remember to turn them on, or provide transforms that can be used

Aug 17, 2018 16:11

These are the settings we have applied in our projects too (the 6 first entries).

To remove the version header we've used the httpRuntime elements attribue: enableVersionHeader="false"

And to remove mvc version we've used the: MvcHandler.DisableMvcResponseHeader = true; (in global.asax.cs Application_Start)

Something to add to the Alloy MVC demo and the new Episerver project template.

Aug 17, 2018 21:01
This thread is locked and should be used for reference only.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.