GuideReference
TrainingSupportCommunity
Reference

http_​strict_​transport_​security

  • Property Manager name: HTTP Strict Transport Security (HSTS)
  • Behavior version: The v2023-01-05 rule format supports the http_​strict_​transport_​security behavior v1.0.
  • Rule format status: GA, stable
  • Access: Read/Write
  • Allowed in includes: No (temporarily)

Applies HTTP Strict Transport Security (HSTS), disallowing insecure HTTP traffic. Apply this to hostnames managed with Standard TLS or Enhanced TLS certificates.

OptionTypeDescriptionRequires
enableboolean

Applies HSTS to this set of requests.

{"displayType":"boolean","tag":"input","type":"checkbox"}
max_​ageenum

Specifies the duration for which to apply HSTS for new browser connections.

{"displayType":"enum","options":["ZERO_MINS","TEN_MINS","ONE_DAY","ONE_MONTH","THREE_MONTHS","SIX_MONTHS","ONE_YEAR"],"tag":"select"}
{"if":{"attribute":"enable","op":"eq","value":true}}
ZERO_​MINS

This effectively disables HSTS, without affecting any existing browser connections.

TEN_​MINS

10 minutes.

ONE_​DAY

1 day.

ONE_​MONTH

1 month.

THREE_​MONTHS

3 months.

SIX_​MONTHS

6 months.

ONE_​YEAR

1 year.

include_​sub_​domainsboolean

When enabled, applies HSTS to all subdomains.

max_​age is not ZERO_​MINS
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"}]}}
preloadboolean

When enabled, adds this domain to the browser's preload list. You still need to declare the domain at hstspreload.​org.

max_​age is not ZERO_​MINS
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"}]}}
redirectboolean

When enabled, redirects all HTTP requests to HTTPS.

max_​age is not ZERO_​MINS
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"}]}}
redirect_​status_​codeenum

Specifies a response code.

max_​age is not ZERO_​MINS
AND redirect is true
{"displayType":"enum","options":["301","302"],"tag":"select"}
{"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"},{"attribute":"redirect","op":"eq","value":true}]}}
Supported values:
301
302