IT Nota

  • Home
  • How To
  • .NET
  • WordPress
  • Contact
You are here: Home / How To / How to Setup HTTP Strict Transport Security (HSTS) on IIS

How to Setup HTTP Strict Transport Security (HSTS) on IIS

HTTP Strict-Transport-Security (HSTS) response header is used to tell browsers that the particular website should only be accessed solely over HTTPS. This is a powerful feature that is easy to implement to mitigate the risks for the communication to be intercepted by hackers and keep your website visitors safe.

Enabling HTTP Strict Transport Security on IIS

See the steps below to enable HSTS on IIS:

  1. Launch IIS Manager.
  2. On the left pane of the window, click on the website you want to add the HTTP header and double-click on HTTP Response Headers.IIS HTTP Response Headers Setting
  3. In HTTP Response Headers window, click on Add… on the right pane and type in Strict-Transport-Security for Name and max-age=63072000; includeSubDomains; preload for Value and click OK.The max-age value 63072000 is the number of seconds for the duration of two years. You need to enter a value of at least one year.IIS HTTP Response Headers Strict Transport Security Setting

Now you can verify if the header is delivered correctly by running a curl command.

curl -I https://www.itnota.com

You should see that very header listed among other entries:

Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

That’s all there is to utilize HSTS on IIS.

Further Reading

Strict-Transport-Security
How to Use cURL HTTP/2 on macOS
How to Enable Secure HttpOnly Cookies in IIS

January 9, 2019 Filed Under: How To Tagged With: IIS, Information Security, Internet Information Services, Windows Server

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • .NET
  • Coding
  • Cybersecurity
  • Database
  • How To
  • Internet
  • Multimedia
  • Photography
  • Programming
  • Resources
  • Review
  • WordPress
  • Writing

Recent Posts

  • F#: Seq, List, Array, Map, Set. Which One to Use?
  • How to Get Table Definition in SQL Server
  • Why You Need to Use a VPN
  • How to Use Custom Color in SSMS Using Redgate SQL Prompt
  • How to Install Python on Windows Server
Genesis Framework for WordPress

Recent Posts

  • F#: Seq, List, Array, Map, Set. Which One to Use?
  • How to Get Table Definition in SQL Server
  • Why You Need to Use a VPN
  • How to Use Custom Color in SSMS Using Redgate SQL Prompt
  • How to Install Python on Windows Server
  • RSS

Tags

.NET Core Access Adobe AdSense Amazon ASP.NET Cdonts Dll Classic ASP Code Editor Connect-It Copywriting ETL FSharp Genesis Framework Git Google HP Asset Manager HTML HTML5 Hugo IIS Information Security Internet Internet Information Services iOS Linux macOS Microsoft Microsoft SQL Server MVC PHP Simple Mail Transfer Protocol Smtp Server Social Media SQL SQL Server SSIS SSMS SSRS VPN Windows Windows 8 Windows 10 Windows 2012 Windows Server

Copyright © 2011-2021 IT Nota. All rights reserved. Terms of Use | Privacy Policy | Disclosure