HTTP Strict Transport Security (HSTS) is an optional security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header, it prevents any communication to the specified domain from being sent over HTTP and instead, sends it over HTTPS. It also prevents HTTPS click-through prompts on browsers.
Open the web.config file and perform the following transformations:
web.config
NOTE: You are always sending the header - even when you are not under HTTPS.
The first rule is redirecting always from HTTP to HTTPS, while the second one is adding Strict-Transport-Security header.
NOTE: If you have a load-balanced environment, the HSTS header can be configured on the load balancer instead of the webserver.
Increase your Sitefinity skills by signing up for our free trainings. Get Sitefinity-certified at Progress Education Community to boost your credentials.
The free standalone Web Security lesson teaches administrators how to protect your websites and Sitefinity instance from external threats. Learn to configure HTTPS, SSL, allow lists for trusted sites, and cookie security, among others.
The free on-demand video course teaches developers how to use Sitefinity .NET Core and leverage its decoupled architecture and new way of coding against the platform.
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important