IIS - Configuring HTTP Strict Transport Security

Follow these steps to set-up the IIS Web server for HTTP Strict Transport Security (HSTS). 

Configure headers per website

Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager. 

1. Click on HTTP Response Headers.
2. Click on Add... in the Actions panel.

   

3. Enter the following values in the Add Custom HTTP Response Headers dialog box:<

   Name: Strict-Transport-Security
   Value: max-age=31536000
   

4. Close the IIS Manager after confirmation.

Redirecting visitors to the HTTPS URL

Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager.

1. Click on HTTP Redirect.
2. Check the Redirect box and enter the target URL (HTTPS). Set the status to permanent redirect (301)