Configure HSTS for an application

The HTTP strict transport security (HSTS) web security policy mechanism helps to protect websites against attacks by forcing users to communicate with servers through HTTPS only. When users send HTTP requests to the server, it responds with a Strict-Transport-Security response header for a length of time specified in seconds. In the response header this length of time is depicted as the max-age attribute.

  1. Log in to the EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select Applications.

  3. On the application card, click Settings, and select ADVANCED SETTINGS.

  4. Select Show Additional Attributes.

  5. In HTTP Strict Transport Security (HSTS), enter a length of time in seconds.

  6. Click Save.

  7. Deploy the application.