How to disable HSTS header in Gateway
Trustbuilder.io version | Behavior |
---|---|
Before 2025.4.0 | The Gateway always adds an HSTS header by default.
|
From 2025.4.0 | The HSTS header is optional.
|
To disable the HSTS Header:
Go to Settings > Gateway.
In Gateway Configuration panel, click on Actions…
Click on Edit.
Click on + Add New VHosts or edit an existing one.
Fill in the required parameters.
Use the toggle to disable the HSTS header.
Click on Save and Close.
Go back to Gateway general configuration.
In Gateway Configuration panel, click on Actions…
Click on Package.
Sets package version number (e.g: 2.0.2).
Click on Create Package.
Double-click on the line.
Select the package you created.
In the Gateway Server panel, click on Status…
Wait few minutes, the status should change to Success.
The HSTS header value cannot yet be modified:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
max-age=63072000
: enforce HTTPS for 2 years (in seconds).includeSubDomains
: applies the HTTPS policy to all subdomains of the current domain.preload
: indicates the domain is eligible for the HSTS preload list used by browsers.