I'm tightening up some security-related items on our websites; that includes our IIS Webmail site. Are there any special considerations for adding the following HTTP Response Headers to our ME 10.3x Webmail site running in IIS version 10.0.14393.0 on Windows 2016?
HTTP Response Header: Value:
Cache-Control: max-age=600, must-revalidate
Content-Security-Policy: upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Thanks!