Knowledge Base

Support Policies

How To Setup HSTS Response Header Via Web.Config

Description:

This article is to inform how to set up HSTS response headers using the web.config files of the IIS directories.

Resolution:

  1. Open up IIS and right click on your Default Web Site. 


  2. From here, right click on web.config and open it up in your favorite administrative editing tool.  I will be using Notepad++.


  3. Paste the following command in as shown.

    <rule name="Add Strict-Transport-Security when HTTPS" enabled="true">
    <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
    <conditions>
    <add input="{HTTPS}" pattern="on" ignoreCase="true" />
    </conditions>
    <action type="Rewrite" value="max-age=31536000" />
    </rule>



    Once that is set, you're done!  You now have enabled HSTS!
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.