Customers have questions about IIS compliance for strict IIS security.  The requirement reads something like this:

1. Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled.
   • • Open the IIS 10.0 Manager.
     • Click the IIS 10.0 server name.
     • Click the "Logging" icon.
     • Under Log Event Destination, verify the "Both log file and ETW event" radio button is selected.
     • If the "Both log file and ETW event" radio button is not selected, this is a finding.
       
       
2. The Request Smuggling filter must be enabled.
   1. • Click Start, click Run, type Regedit in the Open box, and then click OK.
      • Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\DisableRequestSmuggling
      • Set DWORD type value DisableRequestSmuggling to one of the following:
      • Set to 0 to disable the filter
      • Set to 1 to enable the filter
      • Exit Registry Editor.
      • Restart the PC or regedit prompt.

We do not have a lot of experience with these settings.  These settings may be fine, however the customer will want to test them in their environment before making the changes in production in case there are any performance impacts.  We would recommend running the questions by Microsoft for a clear impact on Performance.