Within Security settings in the General Configuration page, you can
configure strict transport security (strict-transport-security)
response headers. This is an HTTP response header that lets Gateway
webpages tell browsers that it should be accessed only with the HTTPS protocol, and not
with HTTP.
For more information on Strict Transport Security response headers, see Strict-Transport-Security on the Mozilla website.
To configure Gateway security response headers:
-
Open the General configuration window, then expand the Security section. (Click
Settings at the bottom of the navigator on the left,
expand Configurations, then click General
configuration. Click Security to
scroll to the Security section.) -
Scroll down to the HTTP strict transport security section, then configure the settings as desired.
For more details, see Cross-origin resource sharing (CORS) settings list below.
-
When you're done, click Save changes.
To cancel your changes, click Cancel.
Transport security response header settings list
The Transport security response header section has the following settings.
| Setting | Description |
|---|---|
| Strict Transport Security |
If ticked, the use of
|
| Max age |
The number of seconds that the browser should remember that the site should be restricted to HTTPS. The default value is 31556926 seconds (or 365 days). |
| Include subdomains |
If ticked, the rule will apply to all of the site's subdomains. |