Web Config Security Analysis

On production level security of web.config should be very strong and properly handled shortly I am giving just these ideas

·         <customErrors mode="On"/>

·         <trace enabled="false" localOnly="false"/>

·         <trust level="Minimal"></trust>

·         <compilation debug="false">

·         <httpCookies httpOnlyCookies="true"  requireSSL="true"></httpCookies>

·         <sessionState cookieless="UseCookies"></sessionState>

·         <roleManager enabled="false" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" cookiePath="/"></roleManager>

·         <httpRuntime maxRequestLength="8000"/>

·         <pages enableViewState="true" enableViewStateMac="true" viewStateEncryptionMode="Always" validateRequest="true">

Give your comment to enhance more security.