Within Security settings in the General Configuration, you can configure
strict-transport-security
response headers. This is an HTTP
response header that lets Gateway webpages tell browsers that it
should be accessed only with the HTTPS protocol, and not with HTTP.
For more information on Strict Transport Security response headers, see Strict-Transport-Security on the Mozilla website.
To configure Gateway security response headers:
-
Open the General configuration window, then expand the Security section. (Click the Navigator button if necessary, then click . Click Security at the bottom to expand the Security settings.)
Scroll down to the HTTP strict transport security section, then configure the following desired
content-security-policy
settings:-
To enable this feature and enforce the use of the HTTPS protocol instead of HTTP by browsers, select the Strict Transport Security checkbox.
Doing so enables use of the
strict-transport-security
response header. This header tells browsers that the page should only be accessed using HTTPS. -
In Max Age (seconds), set the number of seconds that the browser should remember that the site should be restricted to HTTPS.
The default value is 31556926 seconds (or 365 days).
-
To specify that the rule applies to all of the site's subdomains, select the Include Subdomains checkbox.
-
When you're done, click Save.
To cancel your changes, click Cancel.