Common attack vector defense for windows server web applications.
This can be done and implemented with NuGet for continuous integration.
Add the following to the httpRuntime tag in your config. If the following keys already exist, ignore those values:
httpRuntime targetFramework="4.5" encoderType="System.Web.Security.AntiXss.AntiXssEncoder,System.Web, Version=22.214.171.124, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"