Menu

Search

GlobalSCAPE Knowledge Base


Setting the max-age value for HSTS in seconds


kmarsh
EFT Express (SMB) & Enterprise

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v7.4.10 and later

DISCUSSION

The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. When the Strict Transport Security header is delivered to the browser, it updates the expiration time for that site, so sites can refresh this information and prevent the timeout from expiring.

Some clients would like to modify the Header String Transport Security (HSTS) value to conform to their security best-practices or recommendations. The registry setting below is used to set the max-age value for HSTS in seconds. When the Web Transfer Client sends the Strict Transport Security header, it should modify the max-age parameter to what is set in the registry entry.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.4\

Type: DWORD

Value name: HSTSMaxAge

Recommended Value: 31536000 (1 year)

Minimum Value: 1

Maximum Value: 63072000

Restart Required: yes

Backup/Restore: yes


Also In This Category


On a scale of 1-5, please rate the helpfulness of this article


Not Helpful
Very Helpful
Optionally provide private feedback to help us improve this article...

Thank you for your feedback!


Comments require login or registration.

Details
Last Modified: 6 days ago @ 10:33 AM
Last Modified By: kmarsh
Type: HOTFIX
Article not rated yet.
Article has been viewed 468 times.
Options
Find Similar