Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Microsoft IIS webserver.

  1. Audit application responses for Unix timestamps in JSON, HTML, or HTTP headers and ensure sensitive timestamps (file modification dates, user IDs encoded as timestamps) are not exposed.

  2. In web.config, suppress the Last-Modified and ETag response headers if not needed:

    <staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
Back to top