HSTS Configuration

Last updated: 2020-10-26 10:46:52


    HTTP Strict Transport Security (HSTS) is a web security protocol promoted by the Institution of Electronics and Telecommunication Engineers (IETE). It forces the client (such as the browser) to use HTTPS to create a link with the server to help encrypt the website globally.

    Configuration Limitations

    • expireTime can range from 0 to 365 days and is configured in seconds.
    • The includeSubDomain parameter can be controlled by selecting whether or not to include sub-domain names.
    • To enable HSTS configuration, HTTPS acceleration configuration must be completed first.

    Configuration Guide

    Log in to the CDN Console, select Domain Management on the left sidebar, and click Manage to the right of the target domain name to access its configuration page. Then, click the Advanced Configuration tab. In the HTTPS Configuration section, you can see the HSTS configuration item, which is disabled by default:

    Toggle the switch to enable this feature and configure it accordingly:

    After you click OK, the response header value will be determined according to the configured content. You can click Edit to modify it:

    Configuration Sample

    Suppose the HSTS configuration of the domain name cloud.tencent.com is as follows:

    When accessed, its response header is:

    Was this page helpful?

    Was this page helpful?

    • Not at all
    • Not very helpful
    • Somewhat helpful
    • Very helpful
    • Extremely helpful
    Send Feedback