search

Setting HTTP Strict Transport Security (HSTS)

Note: This is only supported as of IIS 10.0 version 1709 and later.

To enable HTTP Strict-Transport-Security (HSTS) on IIS (for details, see: https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/hstsarrow-up-right ):

<hsts enabled="true" max-age="31536000" includeSubDomains="true" redirectHttpToHttps="true" />

You can find the GUI elements in the Action pane, under Configure you have an option HSTS….

The Edit Website HSTS dialog allows you to set and configure settings like max-age, includeSubdomains, Preload and Redirect HTTP to HTTPS.

We recommend checking all options.

PreviousInstall the Aligned Elements Web Server PackageNextOptional: Open Ports in the Network on Azure hosted Virtual Machines

Last updated

Was this helpful?