Knowledge Base

Support Policies

How To Setup HSTS Response Header Via Web.Config


This article is to inform how to set up HSTS response headers using the web.config files of the IIS directories.


  1. Open up IIS and right click on your Default Web Site. 

  2. From here, right click on web.config and open it up in your favorite administrative editing tool.  I will be using Notepad++.

  3. Paste the following command in as shown.

    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
    <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    <action type="Rewrite" value="max-age=31536000" />

    Once that is set, you're done!  You now have enabled HSTS!
Have more questions? Submit a request


Please sign in to leave a comment.