<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <!-- 增加为了安全的 HTTP 头信息 --> <httpProtocol> <customHeaders> <remove name="X-Powered-By" /> <add name="Content-Security-Policy" value="frame-ancestors 'self'; default……