Disable CORS for IIS 10 website by allowing all origins in two simple steps.
If OPTIONS preflight request getting 404 and URLScan enabled on your hosting machine, check out this article.
Restrict access to your website using IIS IP security
Use the provided rewrite rule to redirect HTTPS requests to HTTP.
Use IIS Rewrite rule to redirect all HTTP request to HTTPS.
Use IIS rewrite rule to redirect (301) all www requests to non-www.