With Windows Server 2019 (and Windows 10 1809), IIS 10 comes with a new capability called HTTP Strict Transport Security (HSTS).

This capability is simplifying the implementation of HTTP to HTTPS redirect.

With previous version of IIS, you had to implement either HTTP Redirect Module (with the down side of 2 separate IIS website) or using URL Rewrite Module to get any HTTP request being redirected to HTTPS.

Now, by enabling the HSTS capability at the website level, you can easily redirect HTTP to HTTPS – not to mention this is also going to improve the performance and security Smile

To enable HSTS:

Off course you need first to ensure you have set a binding to HTTPS with a proper certificate.

  • Open the IIS console and go the website you want to implement HTTP to HTTPS redirection
  • On the Actions pane, you will see HSTS option just below the Configure section

image

  • Then you enable the capability and enable Redirect Http to Https

image

 

Off course you can continue to use URL Rewrite rules and/or Redirect module for more complex scenario.

When enabling HTTP to HTTPS redirect, you also have the option to include all sub-domains (this implies you also have the proper certificate to support sub-domain)