How to add the HTTP Strict Transport Security (HSTS) header to websites in Microsoft IIS - WKB202327
Article number: 202327
OBJECTIVE or GOAL
Add the "strict-transport-security" HTTP response header to the to websites/applications in Microsoft IIS.
ENVIRONMENT
- Windows Server 2019/2016/2012
- IIS has one or more websites with a valid binding for HTTPS
- Applies to all Waters software products that use IIS for a web server component
PROCEDURE
- Open IIS Manager on the web server.
- Connect to the local server.
- Expand the Sites tree and select Default Web Site.
- Double-click HTTP Response Codes.
- Click Add.
- Specify the following for the header name:
- strict-transport-security
- Specify the following for the header value:
- max-age=300000000
- Click OK.
- For NuGenesis versions 9.1+: Repeat steps 4 through 8 for the two sites "AuditTrailClientApp" and "AuditTrailWebServer".
- Restart the web server.
ADDITIONAL INFORMATION
Can HTTP Strict Transport Security (HSTS) be used with NuGenesis Web servers?
See article 202467 for guidance on verifying whether the header is present in the HTTP replies from the server.
id202327, SUPNG