Forum Discussion
how to use Sec-Fetch-Site request header in a condition of IIS Rewrite rule
I want to restrict access to some resources hosted on my IIS 10 web site. More specifically, I want these resources, such as images or html files, be viewable only within or from a page hosted on...
I was not using the proper syntax in my rewrite rule.
The solution is to use a rewrite rule such as:
{HTTP_SEC_FETCH_SITE}
does not match
same-origin
It works fine on IIS 10 from Google Chrome and MS Edge.