IIS环境检测到网站存在响应头缺失漏洞解决办法:
1.webconfig中添加响应头
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<directoryBrowse enabled="false" />
<httpProtocol>
<customHeaders>
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-XSS-Protection" value="1" />
<add name="Content-Security-Policy" value="default-src 'self'" />
<add name="Strict-Transport-Security" value="max-age=31536000" />
<add name="Referrer-Policy" value="origin-when-cross-origin" />
<add name="X-Permitted-Cross-Domain-Policies" value="master-only" />
<add name="X-Download-Options" value="noopen" />
<add name="X-Frame-Options" value="deny" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
2.IIS中手动增加响应头:
设置完后IIS HTTP响应头设置界面显示如下:
