Remediation Steps

Follow the steps below to remediate this finding on Microsoft IIS webserver.

1. Open IIS Manager.

2. Select your website.

3. Double-click HTTP Response Headers.

4. Click Add in the Actions pane and enter:

   • NAME: Content-Security-Policy
   • VALUE: default-src 'self'; script-src 'self'; object-src 'none';

5. Adjust the policy to match your site's actual resource origins before enforcing.

6. Click OK.