Secure Foray ADAMSĀ® Web Applications with HSTS

HTTP Strict-Transport-Security (aka HSTS) can be enabled for IIS web sites. This will causes the clientā€™s browser, after an initial connection, to only use HTTPS.

  1. IIS Manager > <Server> > Sites > Default Web Site

  2. HSTSā€¦ (under Configure on the far right)

  3. Enable

  4. Max-Age - 63072000 (2 year)

  5. Redirect Http to Https

  6. OK

Preload is optional and requires that the site be external and must be submitted to Google for inclusion in the HSTS preload list.

Ā 

Ā© 2023 Foray, LLC - All Rights Reserved