HTTP Strict Transport Security (HSTS) is a web security protocol promoted by the Institution of Electronics and Telecommunication Engineers (IETE). It forces the client (such as a browser) to use HTTPS to create a connection with the server so as to help encrypt the website globally.
Configuration Limitations
expireTime can range from 0 to 365 days and is configured in seconds.
Check includeSubDomain if you need to include sub-domain names.
To enable HSTS configuration, HTTPS acceleration configuration must be completed first.
After the HSTS configuration is enabled, we recommend enable Forced Redirection Configuration to redirect HTTP requests to HTTPS requests. Otherwise the browser will not create HSTS cache for HTTP requests.
Configuration Guide
Log in to the CDN console, select Domain Management on the left sidebar, and click Manage on the right of a domain name to enter its configuration page. Open the HTTPS Configuration tab to find the HSTS Configuration section. It is disabled by default.
Toggle it on and configure accordingly:
Click Confirm to apply the configuration to the response header. You can click Edit to modify it later.
Configuration Sample
If the HSTS configuration of the domain name cloud.tencent.com is as follows:
Yes
No
Was this page helpful?