Remediation Steps

Follow the steps below to remediate this finding on Microsoft IIS webserver.

1. Open IIS Manager.

2. Select your website.

3. Double-click HTTP Response Headers.

4. Click Add in the Actions pane and enter:

   • NAME: Strict-Transport-Security
   • VALUE: max-age=31536000; includeSubDomains; preload

5. Click OK.

6. Ensure the site is only accessible over HTTPS before enabling HSTS.