We should provide an option to do the following. This should be configurable as not all installations will require TLS.
The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP
Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and
the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the
site should only be accessed using HTTPS
We should provide an option to do the following. This should be configurable as not all installations will require TLS.
The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS