CreativeNotice/web.config IIS 7.5 CFML Rewrite

## web.config IIS 7.5 CFML Rewrite
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <handlers>
            ...
        </handlers>
        <staticContent>
            ...
        </staticContent>
        <defaultDocument>
            <files>
                <add value="index.cfm" />
            </files>
        </defaultDocument>
        <rewrite>
            <rules>
                <rule name="Redirect index.cfm" stopProcessing="true">
                    <match url="index\.cfm/(.*)" />
                    <action type="Redirect" url="{R:1}" appendQueryString="false" />
                </rule>
                <rule name="Rewrite index.cfm">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
                    </conditions>
                    <action type="Rewrite" url="index.cfm/{R:1}" />
                </rule>
            </rules>
        </rewrite>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By" />
                <add name="X-Frame-Options" value="SAMEORIGIN" />
                <add name="X-XSS-Protection" value="1; mode=block" />
                <add name="X-Content-Type-Options" value="nosniff" />
                <add name="X-Permitted-Cross-Domain-Policies" value="master-only" />
                <add name="Content-Security-Policy" value="default-src 'none'; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intercom.io https://*.intercomcdn.com https://www.google.com https://ajax.googleapis.com https://apis.google.com https://ssl.google-analytics.com https://www.google-analytics.com http://stats.g.doubleclick.net; img-src 'self' data: https://*.intercomcdn.com https://ssl.google-analytics.com https://www.google-analytics.com http://stats.g.doubleclick.net; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://s3.amazonaws.com/uploads.intercomcdn.com https://services.pjtrailers.com; media-src 'self' https://*.intercomcdn.com https://www.youtube-nocookie.com https://player.vimeo.com; font-src 'self'; frame-src 'self' data: https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'self';" />
            </customHeaders>
        </httpProtocol>
        <httpErrors errorMode="Detailed" />
    </system.webServer>
</configuration>
	<?xml version="1.0" encoding="UTF-8"?>
	<configuration>
	<system.webServer>
	<handlers>
	...
	</handlers>
	<staticContent>
	...
	</staticContent>
	<defaultDocument>
	<files>
	<add value="index.cfm" />
	</files>
	</defaultDocument>
	<rewrite>
	<rules>
	<rule name="Redirect index.cfm" stopProcessing="true">
	<match url="index\.cfm/(.*)" />
	<action type="Redirect" url="{R:1}" appendQueryString="false" />
	</rule>
	<rule name="Rewrite index.cfm">
	<match url="(.*)" />
	<conditions>
	<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
	<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
	</conditions>
	<action type="Rewrite" url="index.cfm/{R:1}" />
	</rule>
	</rules>
	</rewrite>
	<httpProtocol>
	<customHeaders>
	<remove name="X-Powered-By" />
	<add name="X-Frame-Options" value="SAMEORIGIN" />
	<add name="X-XSS-Protection" value="1; mode=block" />
	<add name="X-Content-Type-Options" value="nosniff" />
	<add name="X-Permitted-Cross-Domain-Policies" value="master-only" />
	<add name="Content-Security-Policy" value="default-src 'none'; style-src 'self' 'unsafe-inline' https://www.google.com https://ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.intercom.io https://.intercomcdn.com https://www.google.com https://ajax.googleapis.com https://apis.google.com https://ssl.google-analytics.com https://www.google-analytics.com http://stats.g.doubleclick.net; img-src 'self' data: https://.intercomcdn.com https://ssl.google-analytics.com https://www.google-analytics.com http://stats.g.doubleclick.net; connect-src 'self' wss://.intercom.io https://.intercom.io https://s3.amazonaws.com/uploads.intercomcdn.com https://services.pjtrailers.com; media-src 'self' https://.intercomcdn.com https://www.youtube-nocookie.com https://player.vimeo.com; font-src 'self'; frame-src 'self' data: https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'self';" />
	</customHeaders>
	</httpProtocol>
	<httpErrors errorMode="Detailed" />
	</system.webServer>
	</configuration>