Version: v2023-05-30 | Includes use: No |
|---|
Behavior name: HTTP Strict Transport Security (HSTS)
Applies HTTP Strict Transport Security (HSTS), disallowing insecure HTTP traffic. Apply this to hostnames managed with Standard TLS or Enhanced TLS certificates.
Default behavior
These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.
data "akamai_property_rules_builder" "http_strict_transport_security" {
rules_v2025_02_18 {
name = "HTTP Strict Transport Security (HSTS)"
comments = "Applies HTTP Strict Transport Security (HSTS)."
behavior {
http_strict_transport_security {
enable = true
maxAge = "ONE_DAY"
includeSubDomains = false
preload = false
redirect = false
}
}
}
}
"behaviors": [
{
"name": "httpStrictTransportSecurity",
"options": {
"enable": true,
"maxAge": "ONE_DAY",
"includeSubDomains": false,
"preload": false,
"redirect": false
}
}
]
Options
| Option | Description |
|---|---|
enable |
Applies HSTS to this set of requests.
|
max_age |
Specifies the duration for which to apply HSTS for new browser connections. Value is one of:
|
include_sub_domains |
When enabled, applies HSTS to all subdomains.
|
preload |
When enabled, adds this domain to the browser's preload list. You still need to declare the domain at hstspreload.org.
|
redirect |
When enabled, redirects all HTTP requests to HTTPS.
|
redirect_status_code |
Specifies a response code. Value is one of:
|