Securing your IIS server
When ABBYY FlexiCapture 12 is deployed, the default IIS security configuration settings are used. You can also set up additional rules for specific requests to make your web server more secure.
Important! If you encounter the "Due to browser policy restrictions, this URL cannot be opened using the insecure HTTP protocol. Please use the secure HTTPS protocol or change your browser policy." error while working with a web station, it means that you are using the product in iFrame over the unsecured HTTP protocol. For more information about the causes of the error and possible workarounds, see iFrame restrictions.
The Content-Security-Policy Header
The HTTP Strict-Transport-Security Header
The X-Powered-By and X-AspNet-Version Headers
The X-XSS-Protection Header
The X-Content-Type-Options Header
The Server Header
The X-Frame-Options header
Slow HTTP POST vulnerability
Using HTTPS instead of HTTP
Using up-to-date TLS version and strong ciphers
Protection Against Distributed Denial-of-Service Attacks