One way to improve asp.net MVC website security is to add http custom headers on IIS. To do that you need to open IIS by typing inetmgr on Run, then open the particular website on the Connections pane on the left side and click on Http Response Headers inside the website’s Home pane. After that you can add the http headers accordingly as show in the picture below.
After changing IIS configurations above, you may consider to asses the current condition of your website http headers by scanning you web application on this app.
The securityheaders.io will score your website and show if there’s any missing http headers related to security such as:
This article only explains how to add custom header on asp.net mvc using IIS. You can checkout a blogpost by Damienbod which explains how to do it on asp.net core MVC aplication by configuring the Startup file.