Forum Discussion

ckajit's avatar
ckajit
Copper Contributor
May 03, 2022

Enable HSTS on Exchange 2016

Hello,

 

Current environment consists of exchange 2016 CU21 in hybrid setup. Operating system on server is windows 2012 r2

Is it recommended to enable HSTS on exchange 2016 servers 

 

Ref : https://docs.microsoft.com/en-us/answers/questions/334626/enable-http-strict-transport-security-hsts-on-serv.html

If you are running Windows Server 2016, open the Internet Information Services (IIS) Manager and click on the website. Double click HTTP Response Headers and add in a new header named "Strict-Transport-Security" The recommend value is "max-age=31536000; includeSubDomains

 

Thank you

 

Exchange 2016 HSTS

2 Replies

  • David_Richard's avatar
    David_Richard
    Brass Contributor
    Jul 04, 2023

    I followed this article and it works perfectly fine:

     

    https://www.alitajran.com/hsts-exchange-server/

  • Arian_van_der_Pijl's avatar
    Arian_van_der_Pijl
    Iron Contributor
    Jun 28, 2022

    Good question, in regards to multiple Exchange to Exchange server communications with self signed certificates. Would this still work? So with multiple Exchange Servers is HSTS supported (on the frontend client faced website?)

Resources