Secure Foray ADAMS® Web Applications with HSTS

HTTP Strict-Transport-Security (aka HSTS) can be enabled for IIS web sites. This will causes the client’s browser, after an initial connection, to only use HTTPS.

  1. IIS Manager > <Server> > Sites > Default Web Site

  2. HSTS… (under Configure on the far right)

  3. Enable

  4. Max-Age - 63072000 (2 year)

  5. Redirect Http to Https

  6. OK

Preload is optional and requires that the site be external and must be submitted to Google for inclusion in the HSTS preload list.


© 2023 Foray, LLC - All Rights Reserved