Enable HTTP Strict Transport Security (HSTS) by adding the following value to the response header: “Strict-Transport-Security” followed by “max-age=expireTime” where the expire time is the time in seconds that the browsers should remember that the site should only be accessed using HTTPS.
💡 Summary
Site should only be accessed by HTTPS.
Motivation and context
Enable HTTP Strict Transport Security (HSTS) by adding the following value to the response header: “Strict-Transport-Security” followed by “max-age=expireTime” where the expire time is the time in seconds that the browsers should remember that the site should only be accessed using HTTPS.
Implementation notes
Acceptance criteria