How to resolve Missing HTTP security headers for Classic ASP

Ros C 1 Reputation point
2022-04-22T06:43:50.147+00:00

Hi ,
How do I add the following
-Strict-Transport-Security: max-age=xxx
-X-Content-Type-Options
for Classic ASP? I know that I can easily add all these in the web.config for ASP.NET .

For advice. Thank you.

ASP.NET
ASP.NET
A set of technologies in the .NET Framework for building web applications and XML web services.
3,409 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Yijing Sun-MSFT 7,071 Reputation points
    2022-04-25T06:50:37.777+00:00

    Hi @Ros C ,
    I think you could set the header in the ASP page using:

    <%  
    Call Response.AddHeader("  ","  ")  
    %>  
    

    Or you could set it from inside IIS.

    Best regards,
    Yijing Sun


    If the answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our  documentation  to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments