Configuring HTTP Strict Transport Security HSTS in Cloudmersive Private Cloud |
7/1/2023 - Cloudmersive Support |
Cloudmersive Private Cloud supports configuring the HTTP Strict Transport Security (HSTS) header for all request responses. This can be done easily using graphical management tools using the following steps:
- Open Administrative Tools from the start menu and then open Internet Information Services Manager
- Click on Default Web Site
- In the Home pane, double-click HTTP Response Headers in the IIS section.
- In the HTTP Response Headers pane, click Add in the Actions pane.
- In the Add Custom HTTP Response Header dialog box, set Name to Strict-Transport-Security and Value to max-age=31536000. Optional: Replace the expiration time, in seconds, that the browser should remember that this site is only to be accessed using HTTPS. If you want to include all subdomains, you can add ; includeSubDomains at the end. For example: max-age=31536000; includeSubDomains.
- Click OK.
- Finally, you need to apply these changes: In the Actions pane, click Apply.
HSTS should now be enabled for your Cloudmersive Private Cloud server.
|