HTTP Strict Transport Security (HSTS) header

The webPDF server supports “HTTP Strict Transport Security (HSTS)” according to RFC6797.

HSTS can be activated (2) and configured via the Admin Portal and the Host dialog (1).

The following options are available under HSTS settings (3):

• Max age (4): The max-age header value that should be used in the HSTS header.
• Include subdomains (5): Should the includeSubDomains parameter be included in the HSTS header.
• Include preload parameter (6): Should the preload parameter be included in the HSTS header (see https://hstspreload.org/).

caution

HSTS can only be activated if at least one TLS connection is defined and activated.

The settings apply to all TLS connections of the server.