HSTS Configuration

Last updated: 2021-03-01 10:33:32

    Configuration Overview

    HTTP Strict Transport Security (HSTS) is a web security protocol promoted by the Institution of Electronics and Telecommunication Engineers (IETE). It forces the client (such as a browser) to use HTTPS to create a connection with the server so as to help encrypt the website globally.

    Configuration Limitations

    • expireTime can range from 0 to 365 days and is configured in seconds.
    • Check includeSubDomain if you need to include sub-domain names.
    • To enable HSTS configuration, HTTPS acceleration configuration must be completed first.
    • After the HSTS configuration is enabled, we recommend enable Forced Redirection Configuration to redirect HTTP requests to HTTPS requests. Otherwise the browser will not create HSTS cache for HTTP requests.

    Configuration Guide

    Log in to the CDN console, select Domain Management on the left sidebar, and click Manage on the right of a domain name to enter its configuration page. Open the HTTPS Configuration tab to find the HSTS Configuration section. It is disabled by default.

    Toggle it on and configure accordingly:

    Click Confirm to apply the configuration to the response header. You can click Edit to modify it later.

    Configuration Sample

    If the HSTS configuration of the domain name cloud.tencent.com is as follows:

    The response header is:

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback
    Help