HTTP Security Headers for IIS 8 and up

Bored of those wannabe “Security Researchers” who respond to your Bug Bounty program because you don’t have a HSTS policy set or some ‘exploit’ that you can only do to yourself? Here I wrote down a few examples that you can copy/paste in your Powershell console to apply to your sites.

Of course, be careful and read up about the possible consequences of these settings! I will try to give a brief overview about the possibilities where it applies in a later stage.