HTTP Strict Transport Security | Piotrowski Bartosz

The HTTP Strict Transport Security can be changed by modifying the coutboundRules section of the web.config as follows:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <outboundRules>
      <!-- here we change the 'HTTP Strict Transport Security' -->
        <rule name="Add Strict-Transport-Security only when using HTTPS" enabled="true">
          <match serverVariable="RESPONSE_Strict_Transport_Security" pattern=".*" />
          <conditions>
            <add input="{HTTPS}" pattern="on" ignoreCase="true" />
          </conditions>
          <action type="Rewrite" value="max-age=31536000; includeSubdomains; preload" />
        </rule>
      </outboundRules>
    </rewrite>
  </system.webServer>
</configuration>

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Piotrowski Bartosz

co wiem to piszem

Tag Archives: HTTP Strict Transport Security

Azure App Service how to change the ‘HTTP Strict Transport Security’ ?