after a pentest, they found that
The web server does not provide the Content-Security-Policy header onHTTP responses with status code belonging to the 4xx class and on HTTPresponses with status codes belonging to the 3xx class for subpaths of thefollowing URLs:
For the 4xx i had create a custom page and set IIS to use it in case, but for the 3xx i dont know how to use the url rewrite, i look on SO and on web but not found a working solution, someone can help me giving an example? Thanks in advance