Skip to content

Instantly share code, notes, and snippets.

@deekayen
Created June 8, 2017 21:35
Show Gist options
  • Save deekayen/49092729c4f654ffadc72623e653747e to your computer and use it in GitHub Desktop.
Save deekayen/49092729c4f654ffadc72623e653747e to your computer and use it in GitHub Desktop.
Secure options for IIS web.config files to require SSL in cookies and enable strict transport security.
<?xml version="1.0"?>
<configuration>
<system.web>
<httpCookies requireSSL="true" />
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Strict-Transport-Security" value="max-age=31536000"/>
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment