If you want to use the URLScan utility from Microsoft to remove the Server HTTP Header from the responses your IIS Web server sends, you also need to set the following parameter for your IIS Web Agent:
Prevents an IIS Web Agent from returning the Server HTTP Header in its responses. When the value of this parameter is set to no, the Web Agent sends the Server header with its responses and the IIS Web server passes it along to the client. When the value of this parameter is set to yes, the web agent does not send the Server header in its responses.
Default: No
The URLScan utiltiy removes the header from the IIS server's responses, while hte SuppressServerHeader parameter removes the header from the Web Agent's responses. Both the utility and the parameter must be set to prevent the Server header from being sent to the client in all responses.
To keep the Web Agent from sending the Server header in responses, set the value of the SuppressServerHeader parameter to yes.
If you use the X-Frame-Options response header in your web applications, you can ensure that any customized responses from your agent return this header properly. The setting in the X-frame options header determines if the browser renders a page with content between a <frame> or an <iframe> tag.
You can determine whether the custom responses from your agent comply with X-frame-options with the following parameter:
Specifies whether custom responses comply with the x-frame-options response headers. Setting this parameter sets any custom responses with the correct x-frame-options header.
Default: None
Example: SAMEORIGIN
To ensure that your custom responses comply with x-frame options, set the value of the XFrameOptions parameter to yes.
|
Copyright © 2012 CA Technologies.
All rights reserved.
|
|