Missing 'Strict-Transport-Security' header in an internet published web applicationRSS

1 reply

Last post Jan 21, 2019 02:34 AM by mahamr

  • Missing 'Strict-Transport-Security' header in an internet published web application

    Jan 20, 2019 07:14 AM|adilahmedmd@gmail.com|LINK

    Hi, how to add the HSTS header in IIS for a web application this is optional response header that can be
    configured on the server to instruct the browser to only communicate via HTTPS.

    adilahmed
  • Re: Missing 'Strict-Transport-Security' header in an internet published web application

    Jan 21, 2019 02:34 AM|mahamr|LINK

    Hello adilahmedmd,

    Here is the documentation that describes what you're looking for. It describes two scenarios:

    • If the web server is Server 2016 version 1709+, then there's native support for HSTS. 
    • If the web server is 2016 <1709, or 2012 R2 or older, then you have a couple different options to get it working.

    https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10-version-1709/iis-10-version-1709-hsts