IMPORTANT: This version of Sitefinity CMS is out of support and the respective product documentation is no longer maintained and can be outdated. Use the version selector to view a supported product version.
HTTP Strict Transport Security (HSTS) is an optional security enhancement that is specified by a web application through the use of a special response header. Once a supported browser receives this header, it prevents any communication to the specified domain from being sent over HTTP and instead, sends it over HTTPS. It also prevents HTTPS click-through prompts on browsers.
Open the web.config file and perform the following transformations:
web.config
NOTE: You are always sending the header - even when you are not under HTTPS.
The first rule is redirecting always from HTTP to HTTPS, while the second one is adding Strict-Transport-Security header.
NOTE: If you have a load-balanced environment, the HSTS header can be configured on the load balancer instead of the webserver.
Back To Top
To submit feedback, please update your cookie settings and allow the usage of Functional cookies.
Your feedback about this content is important