IIS - Configuring HTTP Strict Transport Security

Follow these steps to set-up the IIS Web server for HTTP Strict Transport Security (HSTS). 

Configure headers per website

Open the Internet Information Services (IIS) Manager via StartAdministrative ToolsIIS Manager

HSTS in IIS

  1. Click on HTTP Response Headers.
  2. Click on Add... in the Actions panel.

    HSTS in IIS

  3. Enter the following values in the Add Custom HTTP Response Headers dialog box:<
    Name: Strict-Transport-Security
    Value: max-age=31536000
    
  4. Close the IIS Manager after confirmation.

Redirecting visitors to the HTTPS URL

Open the Internet Information Services (IIS) Manager via StartAdministrative ToolsIIS Manager.

  1. Click on HTTP Redirect.
  2. Check the Redirect box and enter the target URL (HTTPS). Set the status to permanent redirect (301)

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues