Enable HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is an optional security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header, it prevents any communication to the specified domain from being sent over HTTP and instead, sends it over HTTPS. It also prevents HTTPS click-through prompts on browsers.

Open the web.config file and perform the following transformations:

NOTE: You are always sending the header - even when you are not under HTTPS.

The first rule is redirecting always from HTTP to HTTPS, while the second one is adding Strict-Transport-Security header.

NOTE: If you have a load-balanced environment, the HSTS header can be configured on the load balancer instead of the webserver.

Want to learn more?

Sign up for our free beginner training. Boost your credentials through advanced courses and certification.
Register for Sitefinity training and certification.

Was this article helpful?