Enable HTTP Strict Transport Security (HSTS) in IIS 7

Even though, Internet Explorer doesn’t support the protocol yet, here are directions to add it.

Add the following to the web.config file:

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <add name="Strict-Transport-Security" value="max-age=31536000"/>
        </customHeaders>
    </httpProtocol>
</system.webServer>

Install this IIS module

Source

Blog

by Alex Kuo

Enable HTTP Strict Transport Security (HSTS) in IIS 7