Add HTTP Strict-Transport-Security (HSTS) headers
The HTTP Strict-Transport-Security response header (HSTS) is a security configuration that notifies web browsers that the site should only be accessed using HTTPS. Also, any future attempts to access said site using HTTP is automatically converted to HTTPS.
To add HTTP HSTS headers:
- Open a command prompt.
- Run the following command:
appcmd.exe set config /section:httpProtocol /+customHeaders.["name='Strict-Transport-Security',value='max-age=2592000; includeSubDomains' "] /commit:apphost
- Perform IIS reset.