Enable HSTS

HTTP Strict Transport Security (HSTS) is web security policy to protect websites against protocol downgrade attacks and cookie highjacking.

HSTS can be enabled in the administration interface without "HTTP -> HTTPS redirect" enabled.
HSTS is available only when HTTPS is enabled.
EFT sends HSTS headers when the client connects (if HSTS is enabled).
HSTS is enabled by default on new installs when HTTPS is enabled.
HSTS is enabled by default on upgrades if HTTPS was enabled before the upgrade.
HSTS is part of the HTTP/S module.

To enable HSTS

In the administration interface, connect to EFT and click the Server tab.
On the Server tab, click the Site you want to configure.
In the right pane, click the Connections tab.
Select the Enable HSTS check box.
Click Apply to save the changes on EFT.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
v8.2.1 | 202409031132 | September 2024