Notes.ini Entry


Name:
    HTTP_HSTS_Max_Age

Syntax
    HTTP_HSTS_Max_Age=Seconds

Applies to:
    Servers

Add-on:

    First Release:
      9.0.1 FP3 IF2

    Obsolete since:

      Category:

        Default:
          None

        UI equivalent:
          None

        Description:
        HTTP_HSTS_MAX_AGE allows the max-age header parameter to be changed, the default setting is 604800 seconds, 1 Week

        (HSTS) HTTP response header can be used by web servers to indicate that web clients should only communicate with them over HTTPS and never over HTTP. This can be used to help prevent web browsers from being tricked into communicating over unencrypted HTTP by attackers, but it will also prevent common practices such as the use of "mixed content" pages where some resources are served over HTTPS and some over HTTP and performing authentication over HTTPS and then downgrading to HTTP.

        Starting in Domino 9.0.1 FP3 IF2, when a Domino server is configured for SSL/TLS and the http port is disabled or set to "redirect only" the HSTS header will be sent by with a one week default setting. If the Domino server is not configured for SSL/TLS or the http port is active, the HSTS header will be sent with the max-age parameter set to zero, which disables the HSTS functionality.