Author Topic: HSTS in CWP  (Read 7140 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
HSTS in CWP
« on: April 10, 2019, 03:21:43 PM »
Hi! Not sure this is the right forum. Could anybody point me to instructions on how to setup HSTS in CWP?

Any advice is welcome.

Rgs

IM

Offline
*
Re: HSTS in CWP
« Reply #1 on: April 13, 2019, 09:19:22 AM »
Hi, please, any advice is welcome. Looking forward to your replies.

Offline
***
Re: HSTS in CWP
« Reply #2 on: April 14, 2019, 04:09:57 AM »
In Apache, add the following parameter in the VHOST site:
Code: [Select]
Header add Strict-Transport-Security "max-age=15768000"

or

Code: [Select]
Strict-Transport-Security: max-age=15768000; includeSubDomains

The max-age parameter sets the browser the validity period in seconds that HTTPS will be forced, in which case it will be 6 months. The "includeSubDomains" parameter indicates that this rule will apply to subdomains.

Regards,
Netino

Offline
*
Re: HSTS in CWP
« Reply #3 on: April 14, 2019, 01:33:01 PM »
Hi, thank you.