Enable HSTS on Exchange 2016

Copper Contributor



Current environment consists of exchange 2016 CU21 in hybrid setup. Operating system on server is windows 2012 r2

Is it recommended to enable HSTS on exchange 2016 servers 


Ref : https://docs.microsoft.com/en-us/answers/questions/334626/enable-http-strict-transport-security-hsts...

If you are running Windows Server 2016, open the Internet Information Services (IIS) Manager and click on the website. Double click HTTP Response Headers and add in a new header named "Strict-Transport-Security" The recommend value is "max-age=31536000; includeSubDomains


Thank you


2 Replies

Good question, in regards to multiple Exchange to Exchange server communications with self signed certificates. Would this still work? So with multiple Exchange Servers is HSTS supported (on the frontend client faced website?)

I followed this article and it works perfectly fine: