Configure HSTS for an application

The HTTP strict transport security (HSTS) web security policy mechanism helps to protect websites against attacks by forcing users to communicate with servers through HTTPS only. When users send HTTP requests to the server, it responds with a Strict-Transport-Security response header for a length of time specified in seconds. In the response header this length of time is depicted as the max-age attribute.

How to

  1. Log in to the Enterprise Application Access (EAA) management portal
  2. From the top menu bar click Applications.
    The Application page appears.
  3. Locate the application card you wish to configure advanced settings for.
  4. Click Settings > Advanced Settings > Show Additional Attributes.
  5. In the HTTP Strict Transport Security (HSTS) field, enter a length of time in seconds.
  6. Click Save.

Next steps

Deploy the application