Start the application named: IIS Manager.
On the IIS Manager application, select your website.
On the right part of the screen, access the option named: HTTP Response Headers.
On the top right part of the screen, click on the Add option.
To enable the HSTS feature, enter the following configuration:
• NAME: Strict-Transport-Security
• VALUE: max-age=31536000; includeSubDomains
Click on the OK button.
To test the installation, open the Chrome browser on a remote computer and enter the IP address of your web server using the HTTP protocol.
In our example, the following URL was entered in the Browser:
Use the page inspection feature of the google chrome browser to verify the Headers from your server.
Optionally, you may use the CURL command of a Linux computer to test the HSTS installation.
Here is the command output.
Congratulations! You successfully configured the HSTS feature on the IIS server.