Run IIS and click on default website. On right hand site double click to http response header.
Click add to add a http header.
add the name in the name field and add value in the value filed.
<add name="X-Frame-Options" value="SAMEORIGIN" /> <add name="X-Content-Type-Options" value="nosniff" /> <add name="Referrer-Policy" value="no-referrer-when-downgrade" /> <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains; preload" /> <add name="Permissions-Policy" value="geolocation=(*)" />
Depending on version the same headers may exist in AssertWeb\web.config.
Settings must then be removed from this lower level web.config for system to start.
Example:
Save and restart IIS. Remember to comment out any header set in AssertWeb\web.config.