I am using this server machine to publish my web site to the world wide web; Windows server 2012 R2 Standart, 64 bit operating system, Intel(R) Xeon(R) CPU E5-2650 v3 @ 2.30GHz 2.29 GHz (2 processors) I use credit card payment system module on my web site. (3D Secure Credit Card Payment with asp.net c#) So i should sign my web site as "passed" from PCI DSS (Payment Card Industry Data Security Standard) scan.
But i have got one inanition after PCI DSS scan. And i need to solve this inanition(problem). Here is the result of PCI DSS scan:
problem name :HTTP Security Header Not Detected
Port: 443
Type: 2
Category: CGI
PCI compatibility: FAIL
Fastening: X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 443. GET / HTTP/1.1 Host: xxx.abc.com Connection: Keep-Alive X-XSS-Protection HTTP Header missing on port 443. X-Content-Type-Options HTTP Header missing on port 443. Content-Security-Policy HTTP Header missing on port 443. Strict-Transport-Security HTTP Header missing on port 443.
Please take a look screnshots from inetmgr:
What should i do on my server to pass this problem? Thanks.
