Search

GlobalSCAPE Knowledge Base

Setting the max-age value for HSTS in seconds

Karla Marsh
EFT

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v7.4.11 and later

DISCUSSION

The HTTP Strict Transport Security header informs the browser that it should never load a site using HTTP and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead. When the Strict Transport Security header is delivered to the browser, it updates the expiration time for that site, so sites can refresh this information and prevent the timeout from expiring.

​In EFT v8.0, all registry settings were moved to AdvancedProperties.json. For information about Advanced Properties, refer to the online help for your version of EFT.

HSTS Requires HTTPS to be enabled. In EFT Express, HSTS requires HTTPS module.

In v7.4.11, HSTS requires the Advanced/Express Security Module.

 In v7.4.13, the security modules are not required.

Some clients would like to modify the Header String Transport Security (HSTS) value to conform to their security best-practices or recommendations. The registry setting below is used to set the max-age value for HSTS in seconds. When the Web Transfer Client sends the Strict Transport Security header, it should modify the max-age parameter to what is set in the registry entry.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalSCAPE Inc.\EFT Server 7.4\

Type: DWORD

Value name: HSTSMaxAge

Recommended Value: 31536000 (1 year)

Minimum Value: 1

Maximum Value: 63072000

Restart Required: yes

Backup/Restore: yes

Details
Last Modified: Last Year
Last Modified By: kmarsh
Type: HOTFIX
Rated 1 star based on 6 votes.
Article has been viewed 23K times.
Options
Also In This Category
Tags