KB-1638 HSTS FAQ

Elly Meng — Wed, 13 Jul 2022 16:31:48 GMT

Current Revision posted to Appian Knowledge Base by Elly Meng on 7/13/2022 4:31:48 PM

Table of Contents:

Does Appian support HSTS (HTTP Strict Transport Security) headers?
How can I enable the HSTS header on Appian Cloud sites?
How can I enable HSTS on Appian self-managed environments?
How do I confirm if my Appian site is enabled with the HSTS header?
Does Appian support HSTS Preloading?
Is HSTS Preloading enabled on Appian Cloud instances configured with the default appiancloud.com domain?
Is HSTS Preloading enabled on Appian Cloud customer instances with custom domains?
Is HSTS Preloading enabled on Appian Community Edition instances?
How can I enable HSTS Preloading on self-managed environments?

Does Appian support HSTS (HTTP Strict Transport Security) headers?

Yes.

How can I enable the HSTS header on Appian Cloud sites?

This is enabled by default on Appian Cloud sites.

How can I enable HSTS on Appian self-managed environments?

This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

How do I confirm if my Appian site is enabled with the HSTS header?

Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Does Appian support HSTS Preloading?

Yes.

Is HSTS Preloading enabled on Appian Cloud instances configured with the default appiancloud.com domain?

Yes, HSTS Preloading is implemented for Appian Cloud sites configured with the default domain. The appiancloud.com domain is included in the preload list maintained by Google.

Is HSTS Preloading enabled on Appian Cloud customer instances with custom domains?

Appian Cloud sets the preload directive in the Strict-Transport-Security header for all customer instances including those configured with custom domains. Refer to the Mozilla Developer Network for more details around Preloading Strict Transport Security.

If customers need their domain preloaded in the list maintained by Google, customers can submit their own custom domain to the HSTS Preload list.

Is HSTS Preloading enabled on Appian Community Edition instances?

At this time, Appian Community Edition (ACE) sites do not have the HSTS preload directive enabled.

How can I enable HSTS Preloading on self-managed environments?

This needs to be enabled on the web server that is being used with Appian using the preload directive in the Strict-Transport-Security header. Refer to the documentation of the respective web server to find out more on how to implement this feature.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2022

Tags: web server, Security, infrastructure

KB-1638 HSTS FAQ

Jordan Horwat — Wed, 12 Dec 2018 15:09:08 GMT

Revision 14 posted to Appian Knowledge Base by Jordan Horwat on 12/12/2018 3:09:08 PM

Table of Contents:

Does Appian support HSTS (HTTP Strict Transport Security) headers?
How can I enable the HSTS header on Appian Cloud sites?
How can I enable HSTS on Appian self-managed environments?
How do I confirm if my Appian site is enabled with the HSTS header?

Does Appian support HSTS (HTTP Strict Transport Security) headers?

Yes.

How can I enable the HSTS header on Appian Cloud sites?

This is enabled by default on Appian Cloud sites.

How can I enable HSTS on Appian self-managed environments?

This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

How do I confirm if my Appian site is enabled with the HSTS header?

Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: August 2018

Tags: web server, Security, infrastructure

KB-1638 HSTS FAQ

Jordan Horwat — Wed, 12 Dec 2018 15:08:59 GMT

Revision 13 posted to Appian Knowledge Base by Jordan Horwat on 12/12/2018 3:08:59 PM

Table of Contents

Does Appian support HSTS (HTTP Strict Transport Security) headers?
How can I enable the HSTS header on Appian Cloud sites?
How can I enable HSTS on Appian on-premise environments?
How do I confirm if my Appian site is enabled with the HSTS header?

Does Appian support HSTS (HTTP Strict Transport Security) headers?

Yes.

How can I enable the HSTS header on Appian Cloud sites?

This is enabled by default on Appian Cloud sites.

How can I enable HSTS on Appian on-premise environments?

This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

How do I confirm if my Appian site is enabled with the HSTS header?

Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: August 2018

Tags: web server, Security, infrastructure

KB-1638 HSTS FAQ

Jordan Horwat — Fri, 07 Dec 2018 15:15:12 GMT

Revision 12 posted to Appian Knowledge Base by Jordan Horwat on 12/7/2018 3:15:12 PM

Does Appian support HSTS (HTTP Strict Transport Security) headers?

Yes.

How can I enable the HSTS header on Appian Cloud sites?

This is enabled by default on Appian Cloud sites.

How can I enable HSTS on Appian on-premise environments?

This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

How do I confirm if my Appian site is enabled with the HSTS header?

Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: August 2018

Tags: web server, Security, infrastructure

KB-1638 HSTS FAQ

Parmida Borhani — Wed, 08 Aug 2018 02:28:40 GMT

Revision 11 posted to Appian Knowledge Base by Parmida Borhani on 8/8/2018 2:28:40 AM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: August 2018

Tags: web server, Security, infrastructure

KB-1638 HSTS FAQ

Parmida Borhani — Tue, 07 Aug 2018 22:28:40 GMT

Revision 10 posted to Appian Knowledge Base by Parmida Borhani on 8/7/2018 10:28:40 PM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: August 2018

Tags: web server, Security, infrastructure

KB-1638 HSTS FAQ

Parmida Borhani — Tue, 07 Aug 2018 22:27:58 GMT

Revision 9 posted to Appian Knowledge Base by Parmida Borhani on 8/7/2018 10:27:58 PM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: web server, Security, infrastructure

DRAFT KB-XXXX HSTS FAQ

Parmida Borhani — Tue, 07 Aug 2018 22:26:36 GMT

Revision 8 posted to Appian Knowledge Base by Parmida Borhani on 8/7/2018 10:26:36 PM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: Use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, infrastructure

DRAFT KB-XXXX HSTS FAQ

Tejas Kargutkar — Tue, 07 Aug 2018 14:29:58 GMT

Revision 7 posted to Appian Knowledge Base by Tejas Kargutkar on 8/7/2018 2:29:58 PM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Please refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: You can use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure

DRAFT KB-XXXX HSTS FAQ

Tejas Kargutkar — Thu, 02 Aug 2018 11:41:58 GMT

Revision 6 posted to Appian Knowledge Base by Tejas Kargutkar on 8/2/2018 11:41:58 AM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Please refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: You can use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure

DRAFT KB-XXXX HSTS FAQ

Tejas Kargutkar — Wed, 01 Aug 2018 11:17:45 GMT

Revision 5 posted to Appian Knowledge Base by Tejas Kargutkar on 8/1/2018 11:17:45 AM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Please refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: You can use the browser network tool as seen in the following image to confirm whether HSTS is being used:

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure

DRAFT KB-XXXX HSTS FAQ

Parmida Borhani — Wed, 01 Aug 2018 01:01:05 GMT

Revision 4 posted to Appian Knowledge Base by Parmida Borhani on 8/1/2018 1:01:05 AM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes.

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Please refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: You can use the browser network tool as seen in the following image to confirm whether HSTS is being used.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure

DRAFT KB-XXXX HSTS FAQ

Parmida Borhani — Wed, 01 Aug 2018 00:58:01 GMT

Revision 3 posted to Appian Knowledge Base by Parmida Borhani on 8/1/2018 12:58:01 AM

Q: Does Appian support HSTS (HTTP Strict Transport Security) headers?

A: Yes

Q: How can I enable the HSTS header on Appian Cloud sites?

A: This is enabled by default on Appian Cloud sites.

Q: How can I enable HSTS on Appian on-premise environments?

A: This needs to be enabled on the web server that is being used with Appian. Please refer to the documentation of the respective web server to find out more on how to implement this feature.

Q: How do I confirm if my Appian site is enabled with the HSTS header?

A: You can use the browser network tool as seen in the following image to confirm whether HSTS is being used.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure

DRAFT KB-XXXX HSTS FAQ

Tejas Kargutkar — Tue, 31 Jul 2018 21:41:29 GMT

Revision 1 posted to Appian Knowledge Base by Tejas Kargutkar on 7/31/2018 9:41:29 PM

Q:Does Appian support HSTS(HTTP Strict Transport Security) header

A:Yes

Q:How to enable the HSTS header on Appian Cloud sites ?

A:This is enabled by default on Appian Cloud sites.

Q:How to enable HSTS on Appian on-premise environments:

A:This needs to be enabled on the Web Server being used with Appian. Please refer to the documentation of the respective web server being used to find out more on how to implement this feature.

Q:How do I confirm if my Appian site is enabled with the HSTS header ?

A:You can use the browser network tool as seen in the following image to confirm whether HSTS is being used.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure

DRAFT KB-XXXX HSTS FAQ

Tejas Kargutkar — Tue, 31 Jul 2018 17:46:52 GMT

Revision 2 posted to Appian Knowledge Base by Tejas Kargutkar on 7/31/2018 5:46:52 PM

Q:Does Appian support HSTS(HTTP Strict Transport Security) header ?

A:Yes

Q:How to enable the HSTS header on Appian Cloud sites ?

A:This is enabled by default on Appian Cloud sites.

Q:How to enable HSTS on Appian on-premise environments:

A:This needs to be enabled on the Web Server being used with Appian. Please refer to the documentation of the respective web server being used to find out more on how to implement this feature.

Q:How do I confirm if my Appian site is enabled with the HSTS header ?

A:You can use the browser network tool as seen in the following image to confirm whether HSTS is being used.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: July 2018

Tags: IIS, apache, web server, Security, hsts, infrastructure