Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Securing your cookies and STS header in web.config transformation
<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns:xdt="">
<compilation xdt:Transform="RemoveAttributes(debug)" />
<httpCookies httpOnlyCookies="true" requireSSL="true" lockItem="true" xdt:Transform="Replace" />
<authentication mode="Forms">
<forms loginUrl="~/Logon/LogOn" timeout="2880" requireSSL="true" xdt:Transform="Replace"/>
<add name="Strict-Transport-Security" value="max-age=16070400; includeSubDomains" xdt:Transform="Insert" />
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment