Configuring the HSTS header

The Strict-Transport-Security (HSTS) header can be enabled and configured using the following System Properties

KeyDefault valueDescription
gocd.enable.hsts.headerfalseA boolean value indicating whether the HSTS header should be enabled
gocd.hsts.header.max.age31536000The max-age value of the header. Defaults to one year
gocd.hsts.header.include.subdomainsfalseWhether the include-subdomains flag should be set on the header
gocd.hsts.header.preloadfalseWhether the preload flag should be set on the header