This was the config that got me 100s
```
<...
# socialc
CodeSharePaul
10/18/2021, 4:02 PMThis was the config that got me 100s
Copy code
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<remove name="X-Frame-Options" />
<add name="X-Frame-Options" value="SAMEORIGIN" />
<remove name="X-Xss-Protection" />
<add name="X-Xss-Protection" value="1; mode=block" />
<remove name="X-Content-Type-Options" />
<add name="X-Content-Type-Options" value="nosniff" />
<remove name="Referrer-Policy" />
<add name="Referrer-Policy" value="no-referrer" />
<remove name="X-Permitted-Cross-Domain-Policies" />
<add name="X-Permitted-Cross-Domain-Policies" value="none" />
<remove name="Strict-Transport-Security" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains" />
<remove name="Content-Security-Policy" />
<add name="Content-Security-Policy" value="default-src 'self'; img-src 'self' *.blob.core.windows.net *.placeholder.com data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" />
<remove name="Permissions-Policy" />
<add name="Permissions-Policy" value="accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()" />
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>