App Control: Can "HTTP Strict Transport Security" (HSTS) Be Enabled On The App Control Server?
search cancel

App Control: Can "HTTP Strict Transport Security" (HSTS) Be Enabled On The App Control Server?

book

Article ID: 287168

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Can HTTP Strict Transport Security be enabled on the App Control server?

Environment

  • App Control Server: All Supported Versions

Resolution

HTTP Strict Transport Security can be configured on the App Control server, however is unnecessary, as there is no way to access the App Control application via HTTP.

Additional Information

  • HTTP Strict Transport Security is strictly a setting in IIS, and has nothing to do with App Control.
  • The following article can be used to configure HTTP Strict Transport Security on the App Control server:¬†https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/hsts