Wednesday, May 26, 2021

Enabling HSTS policy on IIS in Windows server

Follow the steps

Following step will help you in enabling HSTS policy in IIS on Windows Server

  1. Open IIS (Press Windows logo key + R, then enter "inetmgr" in box and press Enter Key")
  2. Select the website you want to enable HSTS
  3. In "Features View" pane, locate & double click "HTTP Response Headers".


  4. In "HTTP Response Headers", click on "Add" link in "Actions" pane.
  5. In Dialog box, enter
    Name: Strict-Transport-Security
    Value: max-age=31536000; includeSubDomains


  6. Click on OK.
  7. Done.

Enable HSTS on for all websites on your server

  1. Visit each hosted site and check whether HSTS is enabled on any site
  2. If you find any site having "Strict-Transport-Security" under "HTTP Response Headers" then right click on it and remove 


  3. Perform step 2 for all sites having "Strict-Transport-Security" enabled
  4. Now, locate root node in your IIS "Connections" pane (left hand side).
  5. Locate "HTTP Response Headers" and enable it as mentioned in steps above
Important Step 1, 2, 3 are must to perform. If you miss then site which have HSTS enabled already will show errors.





No comments:

Post a Comment