THE INFORMATION IN THIS ARTICLE APPLIES TO:
The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. When the Strict Transport Security header is delivered to the browser, it updates the expiration time for that site, so sites can refresh this information and prevent the timeout from expiring.
In EFT v8.0, all registry settings were moved to AdvancedProperties.json. For information about Advanced Properties, refer to the online help for your version of EFT.
HSTS Requires HTTPS to be enabled. In EFT Express, HSTS requires HTTPS module.
In v7.4.11, HSTS requires the Advanced/Express Security Module.
In v7.4.13, the security modules are not required.
Some clients would like to modify the Header String Transport Security (HSTS) value to conform to their security best-practices or recommendations. The registry setting below is used to set the max-age value for HSTS in seconds. When the Web Transfer Client sends the Strict Transport Security header, it should modify the max-age parameter to what is set in the registry entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.4\
Value name: HSTSMaxAge
Recommended Value: 31536000 (1 year)
Minimum Value: 1
Maximum Value: 63072000
Restart Required: yes