- Property Manager name: HTTP Strict Transport Security (HSTS)
- Behavior version: The
v2023-01-05
rule format supports thehttp_strict_transport_security
behavior v1.0. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: No (temporarily)
Applies HTTP Strict Transport Security (HSTS), disallowing insecure HTTP traffic. Apply this to hostnames managed with Standard TLS or Enhanced TLS certificates.
Option | Type | Description | Requires | |
---|---|---|---|---|
enable | boolean | Applies HSTS to this set of requests. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
max_age | enum | Specifies the duration for which to apply HSTS for new browser connections. | {"displayType":"enum","options":["ZERO_MINS","TEN_MINS","ONE_DAY","ONE_MONTH","THREE_MONTHS","SIX_MONTHS","ONE_YEAR"],"tag":"select"} {"if":{"attribute":"enable","op":"eq","value":true}} | |
ZERO_MINS | This effectively disables HSTS, without affecting any existing browser connections. | |||
TEN_MINS | 10 minutes. | |||
ONE_DAY | 1 day. | |||
ONE_MONTH | 1 month. | |||
THREE_MONTHS | 3 months. | |||
SIX_MONTHS | 6 months. | |||
ONE_YEAR | 1 year. | |||
include_sub_domains | boolean | When enabled, applies HSTS to all subdomains. | max_age is not ZERO_MINS | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"}]}} |
preload | boolean | When enabled, adds this domain to the browser's preload list. You still need to declare the domain at hstspreload.org. | max_age is not ZERO_MINS | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"}]}} |
redirect | boolean | When enabled, redirects all HTTP requests to HTTPS. | max_age is not ZERO_MINS | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"}]}} |
redirect_status_code | enum | Specifies a response code. | max_age is not ZERO_MINS AND redirect is true | {"displayType":"enum","options":["301","302"],"tag":"select"} {"if":{"op":"and","params":[{"attribute":"enable","op":"eq","value":true},{"attribute":"maxAge","op":"neq","value":"ZERO_MINS"},{"attribute":"redirect","op":"eq","value":true}]}} |
Supported values: 301 302 |