Add HTTP Strict-Transport-Security (HSTS) headers

The HTTP Strict-Transport-Security response header (HSTS) is a security configuration that notifies web browsers that the site should only be accessed using HTTPS. Also, any future attempts to access said site using HTTP is automatically converted to HTTPS.

To add HTTP HSTS headers:

1. Open a command prompt.
2. Run the following command:

   appcmd.exe set config /section:httpProtocol /+customHeaders.["name='Strict-Transport-Security',value='max-age=2592000; includeSubDomains' "] /commit:apphost

3. Perform IIS reset.

• Access to Oracle Support
• Accessibility
• Legal Notices

Copyright © 2019, 2021 Oracle and/or its affiliates. All rights reserved.