Enable HSTS on Exchange 2016

%3CLINGO-SUB%20id%3D%22lingo-sub-3301114%22%20slang%3D%22en-US%22%3EEnable%20HSTS%20on%20Exchange%202016%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3301114%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECurrent%20environment%20consists%20of%20exchange%202016%20CU21%20in%20hybrid%20setup.%20Operating%20system%20on%20server%20is%20windows%202012%20r2%3C%2FP%3E%3CP%3EIs%20it%20recommended%20to%20enable%20HSTS%20on%20exchange%202016%20servers%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERef%20%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F334626%2Fenable-http-strict-transport-security-hsts-on-serv.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fanswers%2Fquestions%2F334626%2Fenable-http-strict-transport-security-hsts-on-serv.html%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20you%20are%20running%20Windows%20Server%202016%2C%20open%20the%20Internet%20Information%20Services%20(IIS)%20Manager%20and%20click%20on%20the%20website.%20Double%20click%20HTTP%20Response%20Headers%20and%20add%20in%20a%20new%20header%20named%20%22Strict-Transport-Security%22%20The%20recommend%20value%20is%20%22max-age%3D31536000%3B%20includeSubDomains%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThank%20you%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3301114%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%202016%20HSTS%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

Hello,

 

Current environment consists of exchange 2016 CU21 in hybrid setup. Operating system on server is windows 2012 r2

Is it recommended to enable HSTS on exchange 2016 servers 

 

Ref : https://docs.microsoft.com/en-us/answers/questions/334626/enable-http-strict-transport-security-hsts...

If you are running Windows Server 2016, open the Internet Information Services (IIS) Manager and click on the website. Double click HTTP Response Headers and add in a new header named "Strict-Transport-Security" The recommend value is "max-age=31536000; includeSubDomains

 

Thank you

 

0 Replies