cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enable HSTS on Exchange 2016

ckajit
Copper Contributor

‎May 03 2022 12:19 AM - edited ‎May 03 2022 03:23 AM

‎May 03 2022 12:19 AM - edited ‎May 03 2022 03:23 AM

Enable HSTS on Exchange 2016

Hello,

 

Current environment consists of exchange 2016 CU21 in hybrid setup. Operating system on server is windows 2012 r2

Is it recommended to enable HSTS on exchange 2016 servers 

 

Ref : https://docs.microsoft.com/en-us/answers/questions/334626/enable-http-strict-transport-security-hsts...

If you are running Windows Server 2016, open the Internet Information Services (IIS) Manager and click on the website. Double click HTTP Response Headers and add in a new header named "Strict-Transport-Security" The recommend value is "max-age=31536000; includeSubDomains

 

Thank you

 

Labels:
4,042 Views
0 Likes
2 Replies
Reply
2 Replies
Arian van der Pijl

‎Jun 28 2022 01:57 AM - edited ‎Jun 28 2022 02:59 AM

‎Jun 28 2022 01:57 AM - edited ‎Jun 28 2022 02:59 AM

Re: Enable HSTS on Exchange 2016

Good question, in regards to multiple Exchange to Exchange server communications with self signed certificates. Would this still work? So with multiple Exchange Servers is HSTS supported (on the frontend client faced website?)

0 Likes
Reply
David_Richard

‎Jul 03 2023 10:28 PM

‎Jul 03 2023 10:28 PM

Re: Enable HSTS on Exchange 2016

I followed this article and it works perfectly fine:

 

https://www.alitajran.com/hsts-exchange-server/

0 Likes
Reply