msa msa - 1 year ago 127
ASP.NET (C#) Question

Enable HTTP Strict Transport Security (HSTS) in Azure WebRoles

How can I turn on HTTP Strict Transport Security (HSTS) for Azure WebRoles?

Answer Source

There is an IIS module which enables HSTS compliant with the HSTS Draft Specification (RFC 6797); you can found it here


            <add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains"/>

because this will include the STS header in HTTP responses over non-secure transport.