The HTTP Security Policy allows to set security-related HTTP headers such as HSTS, CSP and XSS protections.
Use the provided links underneath the fields to open further information on the subject in the Mozilla or Microsoft developer documentation.
Configuration Options
HTTP Strict Transport Security
Option
Type
Description
Possible Values
Default
Enable HTTP Strict Transport (HSTS)
Boolean
Set to true if you want to enable HTTP Strict Transport.
true / false
false
Include Subdomains
Boolean
Set to true if you want to include subdomains.
true / false
false
Maximum Age
Integer
Delta seconds user agents should cache HSTS status for.
-
0
Enable HSTS Preload Flag
Boolean
Flag to verify HSTS preload status. Popular browsers contain a hard-coded (pinned) list of domains and certificates, which they always connect securely with. Users must submit a request for their domain to be included in the scheme.