Follow the steps
Following step will help you in enabling HSTS policy in IIS on Windows Server
- Open IIS (Press Windows logo key + R, then enter "inetmgr" in box and press Enter Key")
- Select the website you want to enable HSTS
- In "Features View" pane, locate & double click "HTTP Response Headers".
- In "HTTP Response Headers", click on "Add" link in "Actions" pane.
- In Dialog box, enter
Name: Strict-Transport-Security
Value: max-age=31536000; includeSubDomains - Click on OK.
- Done.
Enable HSTS on for all websites on your server
- Visit each hosted site and check whether HSTS is enabled on any site
- If you find any site having "Strict-Transport-Security" under "HTTP Response Headers" then right click on it and remove
- Perform step 2 for all sites having "Strict-Transport-Security" enabled
- Now, locate root node in your IIS "Connections" pane (left hand side).
- Locate "HTTP Response Headers" and enable it as mentioned in steps above
Important Step 1, 2, 3 are must to perform. If you miss then site which have HSTS enabled already will show errors.
No comments:
Post a Comment