How to Enable HTTP Strict Transport Security (HSTS) on NetScaler 12

This article describes how to enable HTTP Strict Transport Security (HSTS) on NetScaler 12.

If you would like to configure HSTS on NetScaler version older than 12 then refer to CTX205221 – How Do I Configure HTTP Strict Transport Security (HSTS) on NetScaler.

Background

NetScaler 12.0 appliances support HTTP strict transport security (HSTS) as an inbuilt option in SSL profiles and SSL virtual servers. Using HSTS, a server can enforce the use of an HTTPS connection for all communication with a client. That is, the site can be accessed only by using HTTPS. Support for HSTS is required for A+ certification from SSL Labs.

You can enable HSTS in an SSL front-end profile or on an SSL virtual server. If you enable SSL profiles, then you should enable HSTS on an SSL profile instead of enabling it on an SSL virtual server. By setting the maximum age header, you specify that HSTS is in force for that duration for that client. You can also specify whether subdomains should be included. For example, you can specify that subdomains for www.example.com, such as www.abc.example.com and www.xyx.example.com, can be accessed only by using HTTPS by setting the IncludeSubdomains parameter to YES.

Related:

Leave a Reply