Skip to main content
Waters Employee Login
 
Waters

How to add the HTTP Strict Transport Security (HSTS) header to websites in Microsoft IIS - WKB202327

  1. Last updated
  2. Save as PDF
Article number: 202327

OBJECTIVE or GOAL

Add the "strict-transport-security" HTTP response header to the to websites/applications in Microsoft IIS.

ENVIRONMENT

  • Windows Server 2019/2016/2012
  • IIS has one or more websites with a valid binding for HTTPS
  • Applies to all Waters software products that use IIS for a web server component

PROCEDURE

  1. Open IIS Manager on the web server.
  2. Connect to the local server.
  3. Expand the Sites tree and select Default Web Site.
  4. Double-click HTTP Response Codes.
  5. Click Add.
  6. Specify the following for the header name:
    • strict-transport-security
  7. Specify the following for the header value:
    • max-age=300000000
  8. Click OK.
  9. For NuGenesis versions 9.1+: Repeat steps 4 through 8 for the two sites "AuditTrailClientApp" and "AuditTrailWebServer".
  10. Restart the web server.

ADDITIONAL INFORMATION

Can HTTP Strict Transport Security (HSTS) be used with NuGenesis Web servers?

See article 202467 for guidance on verifying whether the header is present in the HTTP replies from the server.

id202327, SUPNG

Not able to find a solution? Click here to request help.