The HTTP Strict Transport Security
(HSTS) HTTP response header can be used by web servers to indicate that web clients should only communicate with them over HTTPS and never over HTTP. This can be used to help prevent web browsers from being tricked into communicating over unencrypted HTTP by attackers, but it will also prevent common practices such as the use of "mixed content" pages where some resources are served over HTTPS and some over HTTP and performing authentication over HTTPS and then downgrading to HTTP. Domino administrators can use Internet Site documents to configure the Domino http task to set this header and tell compliant web browsers to only
communicate with them over TLS/SSL.
Sample Web Site Rule adding the "Strict-Transport-Security" header with a maximum age of one year:
If you need to re-enable plaintext HTTP, replace this header's value with max-age=0 in order to tell compliant web browsers to communicate with your web site over HTTP.